1. 安裝軟件
yum install krb5-workstation krb5-libs
2. 配置文件 krb5.conf, 啟動服務
復制KDC的配置即可
3. 驗證
kinit caya/caya@EXAMPLE.COM // 獲取密匙的指令
kadmin -p caya/caya -r EAMPLE.COM // 管理kdc的指令
klist // 列出本機認證用戶
4. 創建keytab(為了模擬教學環境, 提前在KDC中已創建好了復制便可)
4.1 KDC執行的 代碼如下, -k指定生成的位置, 任何台主機皆可生成:
kadmin //管理模式
ktadd -k /pub/server/server.keytab host/server.example.com@EXAMPLE.COM
ktadd -k /pub/server/server.keytab nfs/server.example.com@EXAMPLE.COM
ktadd -k /pub/client/client.keytab host/desktop.example.com@EXAMPLE.COM
ktadd -k /pub/client/client.keytab nfs/desktop.example.com@EXAMPLE.COM
4.2 把票證復制到本地
scp classroom:/etc/krb5.conf /etc
scp classroom:/pub/server/server.keytab /etc/krb5.keytab //服務端執行
scp classroom:/pub/client/client.keytab /etc/krb5.keytab //客戶端執行
kinit caya/caya@EXAMPLE.COM
klist -k
5. 免密登錄模式
kinit -kt /var/kerberos/krb5kdc/kadm5.keytab caya/admin@EXAMPLE.COM
kadmin -kt /var/kerberos/krb5kdc/kadm5.keytab -p caya/admin@EXAMPLE.COM
: exit
6. 刪除認證緩存
# kdestroy
7. 延長憑證有效期
kinit -kt /var/kerberos/krb5kdc/kadm5.keytab caya/admin@EXAMPLE.COM
kinit -R
8. 錯誤記錄:
kadmin -kt /var/kerberos/krb5kdc/kadm5.keytab -p caya/admin@EXAMPLE.COM
Authenticating as principal caya/admin@EXAMPLE.COM with keytab /var/kerberos/krb5kdc/kadm5.keytab.
kadmin: Keytab contains no suitable keys for caya/admin@EXAMPLE.COM while initializing kadmin interface