What is Kerberos
Kerberos is an authentication protocol for allowing secure authentication over untrusted networks by using secret-key cryptography and trusted third parties.
Kerberos set up
To set up and run a Kerberos server, you need three Linux systems; they should be able to communicate with each other, and they should also have accurate system clocks.
Set the hostnames for each system as:
- Kerberos system – mykerberos.com
- SSH Server system – sshserver.com
- Client system – sshclient.com
Then, edit the /etc/hosts file in each system and add the following details:
Now, let’s see how to do the setup of a Kerberos server and other systems;
The first step is to install the Kerberos server:
During the installation process, a few questions will be asked. Enter the details as mentioned here:
The next step is to create a new realm. To do so, use the following command:
During this process, you will be asked to create a password for the Kerberos database. you can choose any password you want.
Next, you need to edit the /etc/krb5.conf file and modify the details as shown here:
Then go to the domain_realm section and enter the lines as shown:
Next, you need to add principles or entries into the Kerberos database that would represent users or services on the network. To do this, you should use the kadmin.local tool. The principle must be defined for every user that participates in Kerberos authentication.
Run the tool by typing the following:
Now, to add a principle for a user, use the addprinc command, as shown:
To add an admin role to the account, use the following command:
Secure Your Organization’s Mind with Securemind.se