top of page

Kerberos Setup ( WIP  - maybe helpful, no complaints accepted)

 

Setup a KDC

 

http://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html

 

 

Client Setup

 

vi /etc/ssh/sshd_config

turn off authentications

Pam

RSA/DSA keys

Enable GSS 

 

yes & no must be in lowercase

service ssh restart

If no PID returned - then the config is bad. Fix it

 

Testing a SSH locally (only way to get gss error message I can find)

copy sshd_config to a backup then ...

sudo /usr/sbin/sshd -f /etc/ssh/sshd_config2 -D -d

 

ssh setup

create an admin

sudo kadmin.local

>>> addprinc myid/admin

 

on KDC - sudo vi /etc/krb5kdc/kadm5.acl

Make sure myid/admin has * access

 

on client

sudo kadmin -p myid/admin

ktadd host/myhost.mydomain@MY.REALM

 

Then restart sshd

On connecting client must issue kdestroy and reinit keys

@HenryOfBabylon

Henry (dot) Rawlinson at yandex & then dotcom

bottom of page