O'Reilly logo

Linux in a Windows World by Roderick W Smith

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kerberos Application Server Configuration

Setting up a master KDC is the most involved part of configuring a Kerberos realm; however, by itself, a KDC doesn’t do much good. The next step in this process is to configure one or more application servers. Each application server computer must have a basic Kerberos configuration, which is similar in some details to the KDC’s configuration. You must also create principals for each application server and set up appropriate keytabs. Once this is done, you can run the server programs to make them available.

Setting Up Kerberos

Any Linux system that runs a Kerberos application server requires certain basic preparation, some of which is the same as that for the KDC. In particular, you must set up the /etc/krb5.conf file in much the same way, as described in Section 9.2.1.1. You can, however, omit some sections from this file, namely the [logging] and [kdc] sections.

Preparing Application Server Principals

Before you can run an application server, you must prepare principals for the server (both the server computer and the individual server programs). Furthermore, you must install keytabs for these principals on the application server computer.

The first step in this process is to create the principals. You do this much as you do for ordinary users, with the help of the kadmin or kadmin.local command. To simplify the procedure, pass the -r (in Heimdal) or -randkey (in MIT Kerberos) option. This assigns a random password to the principal. Because ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required