464 lines
6.2 KiB
HTML
464 lines
6.2 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Kerberos Infrastructure HOWTO</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="NEXT"
|
|
TITLE="About this Document"
|
|
HREF="about.html"></HEAD
|
|
><BODY
|
|
CLASS="article"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="ARTICLE"
|
|
><DIV
|
|
CLASS="TITLEPAGE"
|
|
><H1
|
|
CLASS="title"
|
|
><A
|
|
NAME="AEN2"
|
|
></A
|
|
>Kerberos Infrastructure HOWTO</H1
|
|
><H3
|
|
CLASS="author"
|
|
><A
|
|
NAME="AEN4"
|
|
>V. Alex Brennen</A
|
|
></H3
|
|
><DIV
|
|
CLASS="affiliation"
|
|
><DIV
|
|
CLASS="address"
|
|
><P
|
|
CLASS="address"
|
|
><TT
|
|
CLASS="email"
|
|
><<A
|
|
HREF="mailto:vab@cryptnet.net"
|
|
>vab@cryptnet.net</A
|
|
>></TT
|
|
></P
|
|
></DIV
|
|
></DIV
|
|
><P
|
|
CLASS="pubdate"
|
|
>2004-05-29<BR></P
|
|
><DIV
|
|
CLASS="revhistory"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
COLSPAN="3"
|
|
><B
|
|
>Revision History</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 2.0.0</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2004-05-28</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: VAB</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Conversion to DocBook XML. General Content Updates,
|
|
including incorporation of Technical and Metadata/Markup Reviews.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 1.0.3</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2003-04-01</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: VAB</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Minor Updates, Minor Corrections, Additional links added.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 1.0.2</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2002-09-13</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: VAB</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Minor Updates, Minor Corrections, Added 8.6, Additional links added.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 1.0.1</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2002-07-15</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: VAB</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Minor Updates, Fixes.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 1.0.0</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2002-06-13</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: VAB</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Initial Release.</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
><DIV
|
|
CLASS="abstract"
|
|
><A
|
|
NAME="AEN45"
|
|
></A
|
|
><P
|
|
></P
|
|
><P
|
|
>This document describes the design and configuration of a Kerberos infrastructure for handling authentication with GNU/Linux. It details steps for a best practices method of setting up servers, Kerberos software, conversion of legacy systems, and answers frequently asked questions.</P
|
|
><P
|
|
></P
|
|
></DIV
|
|
></DIV
|
|
><HR></DIV
|
|
><DIV
|
|
CLASS="TOC"
|
|
><DL
|
|
><DT
|
|
><B
|
|
>Table of Contents</B
|
|
></DT
|
|
><DT
|
|
>1. <A
|
|
HREF="about.html"
|
|
>About this Document</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>1.1. <A
|
|
HREF="about.html#general"
|
|
>General Information</A
|
|
></DT
|
|
><DT
|
|
>1.2. <A
|
|
HREF="about.html#translations"
|
|
>Translations</A
|
|
></DT
|
|
><DT
|
|
>1.3. <A
|
|
HREF="about.html#credits"
|
|
>Credits and Contributors</A
|
|
></DT
|
|
><DT
|
|
>1.4. <A
|
|
HREF="about.html#feedback"
|
|
>Feedback</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>2. <A
|
|
HREF="overview.html"
|
|
>An Overview of a Kerberos Infrastructure</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>2.1. <A
|
|
HREF="overview.html#intro"
|
|
>An Introduction to Kerberos</A
|
|
></DT
|
|
><DT
|
|
>2.2. <A
|
|
HREF="overview.html#benefits"
|
|
>The Benefits of Kerberos</A
|
|
></DT
|
|
><DT
|
|
>2.3. <A
|
|
HREF="overview.html#howitworks"
|
|
>How Kerberos Works</A
|
|
></DT
|
|
><DT
|
|
>2.4. <A
|
|
HREF="overview.html#compromise"
|
|
>Compromise of Kerberos Infrastructure</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>3. <A
|
|
HREF="install.html"
|
|
>Installing and Configuration</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>3.1. <A
|
|
HREF="install.html#machine-configure"
|
|
>General Machine Configuration Overview</A
|
|
></DT
|
|
><DT
|
|
>3.2. <A
|
|
HREF="install.html#hardware"
|
|
>Hardware</A
|
|
></DT
|
|
><DT
|
|
>3.3. <A
|
|
HREF="install.html#gnulinux-install"
|
|
>GNU/Linux Installation</A
|
|
></DT
|
|
><DT
|
|
>3.4. <A
|
|
HREF="install.html#realm"
|
|
>Choosing A Realm</A
|
|
></DT
|
|
><DT
|
|
>3.5. <A
|
|
HREF="install.html#configure"
|
|
>Kerberos Software Configuration</A
|
|
></DT
|
|
><DT
|
|
>3.6. <A
|
|
HREF="install.html#principal-creation"
|
|
>Principal Creation</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>4. <A
|
|
HREF="time-sync.html"
|
|
>Time Synchronization</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>4.1. <A
|
|
HREF="time-sync.html#time-sync-importance"
|
|
>The Importance of Time Synchronization</A
|
|
></DT
|
|
><DT
|
|
>4.2. <A
|
|
HREF="time-sync.html#intro-ntp"
|
|
>Introduction to NTP</A
|
|
></DT
|
|
><DT
|
|
>4.3. <A
|
|
HREF="time-sync.html#ntp-install"
|
|
>NTP Installation and Configuration</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>5. <A
|
|
HREF="server-replication.html"
|
|
>Kerberos Server Replication</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>5.1. <A
|
|
HREF="server-replication.html#replication"
|
|
>Description of Replication</A
|
|
></DT
|
|
><DT
|
|
>5.2. <A
|
|
HREF="server-replication.html#implementation"
|
|
>Implementation</A
|
|
></DT
|
|
><DT
|
|
>5.3. <A
|
|
HREF="server-replication.html#maintain"
|
|
>Maintenance</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>6. <A
|
|
HREF="client-configure.html"
|
|
>Client Configuration</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>6.1. <A
|
|
HREF="client-configure.html#client"
|
|
>General GNU/Linux Client Configuration</A
|
|
></DT
|
|
><DT
|
|
>6.2. <A
|
|
HREF="client-configure.html#pam"
|
|
>PAM</A
|
|
></DT
|
|
><DT
|
|
>6.3. <A
|
|
HREF="client-configure.html#apache"
|
|
>Apache Web Server</A
|
|
></DT
|
|
><DT
|
|
>6.4. <A
|
|
HREF="client-configure.html#microsoft"
|
|
>Microsoft Windows</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>7. <A
|
|
HREF="programming.html"
|
|
>Programming With Kerberos</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>7.1. <A
|
|
HREF="programming.html#api"
|
|
>The Kerberos API</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>A. <A
|
|
HREF="sources.html"
|
|
>Relevant Sources for More Information</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>A.1. <A
|
|
HREF="links.html"
|
|
>Links to related documents</A
|
|
></DT
|
|
><DT
|
|
>A.2. <A
|
|
HREF="websites.html"
|
|
>Related web sites</A
|
|
></DT
|
|
><DT
|
|
>A.3. <A
|
|
HREF="rfc.html"
|
|
>Related RFCs</A
|
|
></DT
|
|
><DT
|
|
>A.4. <A
|
|
HREF="other-ref.html"
|
|
>Other references</A
|
|
></DT
|
|
><DT
|
|
>A.5. <A
|
|
HREF="resources.html"
|
|
>Additional resources</A
|
|
></DT
|
|
><DT
|
|
>A.6. <A
|
|
HREF="companies.html"
|
|
>Companies which provide specialist Kerberos consulting</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
><A
|
|
HREF="g477.html"
|
|
>Glossary of Terms</A
|
|
></DT
|
|
></DL
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="about.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>About this Document</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |