首页 > 代码库 > redhat6.4下面安装kerberos
redhat6.4下面安装kerberos
1、安装rpm包
rpm -ivh krb5-libs-1.10.3-10.el6.x86_64.rpm
rpm -ivh krb5-server-1.10.3-10.el6.x86_64.rpm
rpm -ivh krb5-workstation-1.10.3-10.el6.x86_64.rpm
2、配置文件
/var/kerberos/krb5kdc/kdc.conf
内容如下:
[kdcdefaults]
kdc_ports = 750,88
[realms]
psy.com = {
database_name=/var/kerberos/krb5kdc/principal
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
acl_file = /var/kerberos/krb5kdc/kadm5.acl
key_stash_file=/var/kerberos/krb5kdc/.k5.psy.com
kdc_ports=750,88
max_life=10h 0m 0s
max_renewable_life=7d 0h 0m 0s
}
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = psy.com
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
psy.com = {
kdc = worknode
admin_server = worknode
}
3、生成数据库
kdb5_util create -r psy.com -s
4、创建管理用户
运行kadmin.local
addprinc admin/admin@psy.com
ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
5、编辑/etc/services
# # Kerberos (Project Athena/MIT) services
#kerberos 88/udp kdc # Kerberos 5 kdc
#kerberos 88/tcp kdc # Kerberos 5 kdc
#klogin 543/tcp # Kerberos rlogin -kfall
#kshell 544/tcp krcmd # Kerberos remote shell -kfall
krb5_prop 754/tcp # Kerberos v5 slave propagation
kerberos-adm 749/tcp # Kerberos v5 admin/chpwd
kerberos-adm 749/udp # Kerberos v5 admin/chpwd
#eklogin 2105/tcp # Kerberos encrypted rlogin -kfall
kpasswd 761/tcp kpwd # Kerberos "passwd" -kfall
#ktelnet 545/tcp # Kerberized telnet v4/v5
#kftp-data 546/tcp # Kerberized ftp data V5
#kftp 547/tcp # Kerberized ftp v5
6、重启krb5kdc 和kadmin服务
/etc/init.d/krb5kdc restart
/etc/init.d/kadmin restart
7、本机测试客户端连接
kinit admin/admin
8、远程客户机测试连接
需要配置相同的kdc.conf和krb5.conf
然后测试kinit admin/admin
问题:
[root@hadoop Packages]# kdb5_util create -r psy.com -s
Loading random data
通常是配置有问题,不是所有的EXAMPE.COM 都被替换成psy.com了。也有可能是创建的时间长一点。
参考链接:
http://web.ornl.gov/~jar/HowToKerb.html#Kerbnetredhat6.4下面安装kerberos