wget http://downloads.sourceforge.net/project/tcl/Tcl/8.5.12/tcl8.5.12-src.tar.gz tar zvxf tcl8.5.12-src.tar.gz cd tcl8.5.12 cd unix ./configure make make install
2, 下载
http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.3-signed.tar
3.解压
tar xvf krb5-1.10.3-signed.tar tar zvxf krb5-1.10.3.tar.gz cd krb5-1.10.3
3.编译
./configure --enable-dns-for-realm --with-tcl=/usr/local/lib/tcl8.5
增加对dns 和tcl支持。
make
make check
make install
4.时间校对
crontab中配置时间校对(服务端、客户端时间不一致无法连接)
0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org
5,配置/etc/krb5.conf文件
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DEVAPP.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
DEVAPP.COM = {
kdc = kerberos.devapp.com:88
admin_server = kerberos.devapp.com:749
default_domain = devapp.com
}
[domain_realm]
.devapp.com = DEVAPP.COM
devapp.com = DEVAPP.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[kdc]
profile=/usr/local/var/krb5kdc/kdc.conf
6.配置/usr/local/var/krb5kdc/kdc.conf
可以从/usr/local/share/examples/krb5/kdc.conf 复制一份。
[kdcdefaults]
kdc_ports = 750,88
[realms]
DEVAPP.COM = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
key_stash_file = /usr/local/var/krb5kdc/.k5.DEVAPP.COM
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}
7,创建数据库
/usr/local/sbin/kdb5_util create -r DEVAPP.COM -s
系统添加用户useradd devk
1)kadmin.local 中查看用户
listprincs
2)kadmin.local 中添加用户
addprinc [email protected]
8,重启krb5kdc和kadmind进程
/usr/local/sbin/kadmind /usr/local/sbin/krb5kdc
9,配置服务端/etc/hosts
#本机的KDC服务hosts 192.168.0.102 devapp.com kerberos.devapp.com #客户机的hosts 192.168.0.103 103.devapp.com