Lade...
 

Start the kerberos servers

Start the kerberos servers

Just type
/etc/init.d/krb5kdc start
/etc/init.d/kdamind start
Some distributions use other init.d scripts (kadmin instead of kadmind) and some start all kerberos servers with one startscript. As usual, you can find out with rpm:
rpm -ql krb5-server |grep init.d
kpropd and krb524d are not used at the moment. Enable startup at boot:
insserv krb5kdc
insserv kadmind
on suse or
chkconfig --add krb5server
on mandrake or just make symlinks. On the first start of the kerberos admin server we see:
Extracting kadm5 Service Keys: 
Authenticating as principal root/admin@REDFLO.DE with password.
Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab 
WRFILE:/var/lib/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab 
WRFILE:/var/lib/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab 
WRFILE:/var/lib/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab 
WRFILE:/var/lib/kerberos/krb5kdc/kadm5.keytab.
Starting Kerberos 5 Admin Server 


If this does not happen, then you have to create the keytab file yourself! Huh wat's that? A keytab file is a file where a application stores the keys to authenticete to a kerberos server. This is like storing a password in a file! So be careful that noone else can read these files. So. In case the startscript did not do that for you, just execute:
kadmin.local -q "ktadd -k /var/lib/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw"
The location of the file kadm5.keytab may vary. Check the value of "admin_keytab" in your kdc.conf file.


Erstellt von system. Letzte Änderung: Samstag Juli 23, 2005 12:40:16 GMT-0000 by admin.