Linux Kerberos Server Configuration
The single most complex task when you implement Kerberos on your network is to set up the Kerberos server—the KDC. To do this, you start by editing a server configuration file. This isn’t the end of the job, though. You must also create a master key, which is used to encrypt the KDC’s communications. Practical use of a Kerberos realm also requires such administrative tasks as creating principals and configuring access control rules. Finally, you must run the Kerberos servers (the main server and, typically, a separate administrative server).
Kerberos Realm Configuration
MIT
Kerberos uses two configuration files:
krb5.conf
and
kdc.conf. Heimdal, though, dispenses with the
latter file, so you needn’t be concerned with
kdc.conf if you’re configuring
Heimdal. The krb5.conf file contains assorted
information about your realm and the server’s
operation, while the kdc.conf file contains
KDC-specific information.
Tip
Application servers and clients need to know much of the realm
information in krb5.conf, and so these systems
use this file, as well, although some sections are missing or ignored
on these systems.
Editing krb5.conf
The KDC’s main configuration file is called
krb5.conf. If you install Kerberos from a
package, chances are this file will reside in
/etc. A sample krb5.conf
file appears in Example 9-1.
Example 9-1. Sample krb5.conf listing
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log ...
Get Linux in a Windows World now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
