Setting up Kerberos 5
Your Kerberos realm is normally the same as your DNS name, in capital letters. Therefore, if your DNS name is element.tla, your Kerberos realm will be ELEMENT.TLA
Under debian, install the following packages:
libkrb53 krb5-clients krb5-config krb5-doc krb5-user libpam-krb5 krb5-admin-server krb5-kdc
Enter your Kerberos realm, select 'nopreauth', and specify where your kerberos servers are (probably the curernt machine)
This will set up the realm and create an administrative principal called root/admin@ELEMENT.TLA, if your realm is ELEMENT.TLA
Alternative:
Run the following the set up kerberos (AddToMe)
kdb5_util create -r ELEMENT.TLA -s echo "*/admin@ELEMENT.TLA *" > /etc/krb5kdc/kadm5.acl kadmin.local
addprinc root/admin@ELEMENT.TLA ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw quit
/etc/init.d/krb5-kdc restart /etc/init.d/krb5-admin-server restart
check it works with
kinit root/admin
then
klist -e
to list your keys. if you don't have any keys, you've done something wrong. Good luck finding out what :) (but when you do... Wiki the problem/answer on this page)
kadmin.local has a whole heap of useful commands letting you add new users/delete users and change passwords. Neat!
One page links to KerberosNotes:
