- vi /etc/resolv.conf
- vi /etc/hosts /etc/hostname.* /etc/inet/netmasks /etc/defaultrouter
- vi /etc/nsswitch.conf (hosts: files dns)
- vi /etc/ssh/sshd_config (PermitRootLogin yes)
-----------------
# cat >>/etc/ssh/ssh_config<<EOT
Host *
GSSAPIAuthentication yes
GssapiDelegateCredentials yes
EOT
-----------------
-----------------
# cat /etc/krb5/krb5.conf
[libdefaults]
default_realm = FLUXCOIL.NET
default_keytab_name = FILE:/etc/krb5/krb5.keytab
default_tkt_enctypes = des3-hmac-sha1
default_tgs_enctypes = des3-hmac-sha1
[realms]
FLUXCOIL.NET = {
kdc = sid64.fluxcoil.net
admin_server = sid64.fluxcoil.net
default_domain = fluxcoil.net
}
[domain_realm]
fluxcoil.net = FLUXCOIL.NET
.fluxcoil.net = FLUXCOIL.NET
[logging]
kdc = FILE:/var/krb5/kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/kdc.log
-----------------
kadmin
> addprinc -randkey host/sol10.fluxcoil.net
> ktadd -k /etc/krb5/krb5.keytab host/sol10.fluxcoil.net
cat >>/etc/pam.conf<<EOT
sshd-kbdint auth sufficient pam_krb5.so.1
telnet auth sufficient pam_krb5.so.1
rlogin auth sufficient pam_krb5.so.1
EOT
svcadm enable ssh
svcadm enable eklogin # enable encrypted kerberized login
svcadm disable autofs # make creation of userhomes under /home easier
# make sure account-infos for users are there, account not locked! ldap or use useradd -m, passwd.
# ldapclient manual -a authenticationMethod=none -a defaultSearchBase=dc=fluxcoil,dc=net -a defaultServerList=10.0.0.23
# Solaris 10 systems can be issued AES keys (AES-128 if the encryption package is not installed,
# AES-256 otherwise) or RC4, 3DES, or DES.
