1、安裝Kerberos(10.10.10.168)
yum install krb5-server krb5-workstation krb5-libs -y ? 查看版本 klist -V ? Kerberos 5 version 1.20.1 ?
編輯/etc/hosts
10.10.10.168 ms1 10.10.10.150 ms2 10.10.10.110 ms3
vim /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
?
[logging]default = FILE:/var/log/krb5libs.logkdc = FILE:/var/log/krb5kdc.logadmin_server = FILE:/var/log/kadmind.log
?
[libdefaults]dns_lookup_realm = falseticket_lifetime = 24hrenew_lifetime = 7dforwardable = truerdns = falsepkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crtdefault_realm = LIEBE.COMdefault_ccache_name = KEYRING:persistent:%{uid}
?
[realms]LIEBE.COM = {kdc = 10.10.10.150admin_server = 10.10.10.150}
?
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
vim /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]kdc_ports = 88kdc_tcp_ports = 88
?
[realms]EXAMPLE.COM = {#master_key_type = aes256-ctsacl_file = /var/kerberos/krb5kdc/kadm5.acldict_file = /usr/share/dict/wordsadmin_keytab = /var/kerberos/krb5kdc/kadm5.keytabsupported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal}
-
配置 kadm5.acl
-
修改權限相關配置文件
vim /var/kerberos/krb5kdc/kadm5.acl 其中前一個號是通配符,表示像名為“abc/admin”或“xxx/admin”的人都可以使用此工具(遠程或本地)管理kerberos數據庫,后一個跟權限有關,表示所有權限。EXAMPLE.C
 和 TIM_Cmd())
 的完整說明)
)
)
