Hallo Kollegen, jetzt, weil mein Latein am ende, bin ich auf Eure hilfe angewiesen. :???:
Ich will ein Kerberos Server einzurichten für SingleLogOn erst mal.
Folgende Anleitung habe ich genommen: http://www.mpipks-dresden.mpg.de/~m...e-manual_de/manual/sec.kerbadmin.instkdc.html
Aber leider habe ich nicht sehr weit gekommen. Vielleicht hier ist jemand wer mich helfen kann.
Hier sind meine Konfigs:
cat /etc/krb5.conf
cat /var/lib/kerberos/krb5kdc/kdc.conf
cat /var/lib/kerberos/krb5kdc/kadm5.acl
kdb5_util create -r SERVER.LOCAL -s
--> kdb5_util: File exists while creating database '/var/lib/kerberos/krb5kdc/principal
ls -la /var/lib/kerberos/krb5kdc/principal
kadmin.local -q listprincs
klist
/etc/init.d/krb5kdc start
tail /var/log/krb5/krb5kdc.log
/etc/init.d/kadmind start
Vielen Dank im Voraus! ps:
Ich will ein Kerberos Server einzurichten für SingleLogOn erst mal.
Folgende Anleitung habe ich genommen: http://www.mpipks-dresden.mpg.de/~m...e-manual_de/manual/sec.kerbadmin.instkdc.html
Aber leider habe ich nicht sehr weit gekommen. Vielleicht hier ist jemand wer mich helfen kann.
Hier sind meine Konfigs:
cat /etc/krb5.conf
Code:
[libdefaults]
default_realm = SERVER.LOCAL
krb4_config = /etc/krb.conf
#krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
allow_weak_crypto = true
v4_instance_resolve = false
clockskew = 300
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
SERVER.LOCAL = {
kdc = xxx:88
admin_server = xxx:749
default_domain = SERVER.LOCAL
}
[domain_realm]
.server.local = SERVER.LOCAL
server.local = SERVER.LOCAL
.SERVER.LOCAL = SERVER.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = false
[logging]
# default = FILE:/var/log/kerberos/krb5.log
# kdc = FILE:/var/log/kerberos/krb5kdc.log
# admin_server = FILE:/var/log/kerberos/kadmind.log
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = FILE:/var/log/krb5/krb5libs.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
external = sshd
use_shmem = sshd
}
cat /var/lib/kerberos/krb5kdc/kdc.conf
Code:
[kdcdefaults]
kdc_ports = 750,88
[realms]
SERVER.LOCAL = {
database_name = /var/lib/kerberos/krb5kdc/principal
acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
admin_keytab = FILE:/var/lib/kerberos/krb5kdc/kadm5.keytab
default_principal_flags = +postdateable +forwardable +renewable +proxiable +dup-skey -preauth -hwauth +service +tgt-based +allow-tickets -pwchange -pwservice
dict_file = /var/lib/kerberos/krb5kdc/kadm5.dict
key_stash_file = /var/lib/kerberos/krb5kdc/.k5.SERVER.LOCAL
kdc_ports = 750,88
max_life = 0d 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
Code:
###############################################################################
#Kerberos_principal permissions [target_principal] [restrictions]
###############################################################################
#
*/admin@SERVER.LOCAL *
kdb5_util create -r SERVER.LOCAL -s
Code:
Loading random data
Initializing database '/var/lib/kerberos/krb5kdc/principal' for realm 'SERVER.LOCAL',
master key name 'K/M@SERVER.LOCAL'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: File exists while creating database '/var/lib/kerberos/krb5kdc/principal
ls -la /var/lib/kerberos/krb5kdc/principal
Code:
-rw------- 1 root root 8192 22. Jan 11:53 /var/lib/kerberos/krb5kdc/principal
kadmin.local -q listprincs
Code:
Authenticating as principal root/admin@SERVER.LOCAL with password.
kadmin.local: Stored master key is corrupted while initializing kadmin.local interface
klist
Code:
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
/etc/init.d/krb5kdc start
Code:
Starting Kerberos 5 KDC done
krb5kdc: cannot initialize realm SERVER.LOCAL - see log file for details
tail /var/log/krb5/krb5kdc.log
Code:
krb5kdc: Cannot find/read stored master key - while fetching master key K/M for realm SERVER.LOCAL
krb5kdc: Cannot find/read stored master key - while fetching master key K/M for realm SERVER.LOCAL
krb5kdc: Cannot find/read stored master key - while fetching master key K/M for realm SERVER.LOCAL
/etc/init.d/kadmind start
Code:
Starting Kerberos 5 Admin Serverkadmind: Stored master key is corrupted while initializing, aborting
startproc: exit status of parent of /usr/lib/mit/sbin/kadmind: 1
failed
Vielen Dank im Voraus! ps: