Each host (a client computer) that need to be a part of kerberos realm must have principal and keytab. Let do that for host
deby01. The command must be invoked on Kerberos administrative server (kdc1):
kadmin.local -q "addprinc -randkey host/deby01.dev.local"
This is run on client (deby01):
kadmin -p admin -q "ktadd host/deby01.dev.local"
or consider using the following script (file
/usr/local/sbin/kdc-add):
#!/bin/sh
type=host
if [ ! -z $1 ]; then type=$1; fi
sh -c "`cat /etc/hostname | xargs -t -I {} echo \
"kadmin -p admin -q \\\"addprinc -randkey $type/{}\\\""`"
sh -c "`cat /etc/hostname | xargs -t -I {} echo \
"kadmin -p admin -q \\\"ktadd $type/{}\\\""`"
You can run it on a machine you wish to add (you will be prompted to enter password two times):
kdc-add
Please note that each host added to kerberos must have fully qualified hostname. Both forward and reverse mapping must work properly. Here are few simple tests:
deby01:~# hostname
deby01.dev.local
deby01:~# dig deby01.dev.local +short
192.168.2.41
deby01:~# dig -x 192.168.2.41 +short
deby01.dev.local.
Read more
here.
Posts
No comments :
Post a Comment