Site Tools


Sidebar

snippets:linux_quickshotsetups:kerberos_client6

rhel6 kerberos authentication client, sssd

# ensure dns is clean, or atleast /etc/hosts

yum -y install krb5-workstation sssd

vi /etc/krb5.conf
# or transfer from completed box like the KDC

vi /etc/sssd/sssd.conf
cat >/etc/sssd/sssd.conf.example<<EOT
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
# domains = LOCAL,PURELDAP
domains = LOCAL,KRBLDAP

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
[domain/LOCAL]
description = LOCAL Users domain
id_provider = local
enumerate = true
min_id = 500
max_id = 999

[domain/PURELDAP]
auth_provider = ldap
cache_credentials = True
ldap_id_use_start_tls = False
debug_level = 5
ldap_schema = rfc2307
ldap_search_base = dc=fluxcoil,dc=net
chpass_provider = ldap
id_provider = ldap
ldap_uri = ldap://rhel6b.site/
ldap_tls_cacertdir = /etc/openldap/cacerts
enumerate = True

[domain/KRBLDAP]
enumerate = True
id_provider = ldap
chpass_provider = krb5
ldap_uri = ldap://rhel6b.site/
ldap_search_base = dc=fluxcoil,dc=net
# tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
# ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
cache_credentials = True
# debug_level = 5
ldap_schema = rfc2307

auth_provider = krb5
krb5_kdcip = 192.168.4.12
krb5_realm = FLUXCOIL.NET
krb5_changepw_principal = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
EOT

service sssd restart
service sshd restart

client for kerberized apache

yum install -y $(yum search xorg-x11-font|grep ^xorg-x11-font|sed -e 's,:.*,,') firefox
kinit
firefox
> in URL-line type 'about:config'
> in filter-line type 'network.nego'
> 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty
> 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for

access http://rhel6u2b.fluxcoil.net
access http://rhel6u2b.fluxcoil.net/private
snippets/linux_quickshotsetups/kerberos_client6.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1