Jump to content

User:Razzi/Setting up kerberos locally

From Wikitech
learn-kerberos $ cd ~/forks/krb5/
                                                                                            [ 0s006 | Jan 25 10:55AM ]
krb5 $ export KRB5_KDC_PROFILE=(pwd)/config-files/kdc.conf
                                                                                            [ 0s000 | Jan 25 10:55AM ]
krb5 $ export KRB5_CONFIG=(pwd)/config-files/krb5.conf
                                                                                            [ 0s000 | Jan 25 10:57AM ]
krb5 $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local: No such file or directory while initializing kadmin.local interface
                                                                                            [ 0s022 | Jan 25 10:58AM ]
krb5 $ ls
NOTICE README doc    src
                                                                                            [ 0s004 | Jan 25 10:58AM ]
krb5 $ cd src/
                                                                                            [ 0s004 | Jan 25 10:58AM ]
src $ export KRB5_CONFIG=(pwd)/config-files/krb5.conf
                                                                                            [ 0s000 | Jan 25 10:58AM ]
src $ export KRB5_KDC_PROFILE=(pwd)/config-files/kdc.conf
                                                                                            [ 0s000 | Jan 25 10:58AM ]
src $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local: <pasted my password, oops>
kadmin.local: Unknown request "<my password>"
kadmin.local:  addprinc admin/admin@ATHENA.MIT.EDU
No policy specified for admin/admin@ATHENA.MIT.EDU; defaulting to no policy
Enter password for principal "admin/admin@ATHENA.MIT.EDU":
Re-enter password for principal "admin/admin@ATHENA.MIT.EDU":
Principal "admin/admin@ATHENA.MIT.EDU" created.
kadmin.local:  exit
                                                                                    [ 1h 14m 39s226 | Jan 25 12:12PM ]
src $ krb5kdc
                                                                                            [ 0s447 | Jan 25 12:12PM ]
src $ kadmind
kadmind: Cannot open /usr/local/var/krb5kdc/kadm5.acl: No such file or directory while initializing ACL file, aborting
                                                                                            [ 0s111 | Jan 25 12:13PM ]
src $ kadmind
kadmind: Cannot open /usr/local/var/krb5kdc/kadm5.acl: No such file or directory while initializing ACL file, aborting
                                                                                            [ 0s014 | Jan 25 12:13PM ]
src $ fd kadm5
include/krb5/kadm5_auth_plugin.h
include/krb5/kadm5_hook_plugin.h
kadmin/dbutil/kadm5_create.c
lib/kadm5
lib/kadm5/clnt/libkadm5clnt_mit.exports
lib/kadm5/srv/kadm5_hook.c
lib/kadm5/srv/libkadm5srv_mit.exports
lib/kadm5/t_kadm5.c
lib/kadm5/t_kadm5.py
man/kadm5.acl.man
plugins/kadm5_auth
plugins/kadm5_auth/test/kadm5_auth_test.exports
plugins/kadm5_hook
plugins/kadm5_hook/test/kadm5_hook_test.exports
tests/misc/test_cxx_kadm5.cpp
tests/t_kadm5_auth.py
tests/t_kadm5_hook.py
                                                                                            [ 0s040 | Jan 25 12:14PM ]
src $ fd kadm5.acl
man/kadm5.acl.man
                                                                                            [ 0s019 | Jan 25 12:14PM ]
src $ vim man/kadm5.acl.man
                                                                                            [ 9s009 | Jan 25 12:14PM ]
src $ man kadm5.acl
                                                                                           [ 16s533 | Jan 25 12:14PM ]
src $ ls /usr/local/var/krb5kdc/kadm5.acl
ls: /usr/local/var/krb5kdc/kadm5.acl: No such file or directory
                                                                                            [ 0s003 | Jan 25 12:14PM ]
src $ vim /usr/local/var/krb5kdc/kadm5.acl
                                                                                            [ 2s003 | Jan 25 12:16PM ]
src $ kadmind
kadmind: /usr/local/var/krb5kdc/kadm5.acl: syntax error at line 1 <*/admin@AT...> while initializing ACL file, aborting
                                                                                            [ 0s017 | Jan 25 12:16PM ]
src $ vim /usr/local/var/krb5kdc/kadm5.acl
                                                                                           [ 20s401 | Jan 25 12:17PM ]
src $ kadmind
                                                                                            [ 0s014 | Jan 25 12:17PM ]
src $ ls
Makefile       build-tools    config.log     doc            lib            prototype
Makefile.in    ccapi          config.status  include        man            tests
aclocal.m4     clients        configure      kadmin         patchlevel.h   util
appl           config         configure.ac   kdc            plugins        wconfig.c
autom4te.cache config-files   deps           kprop          po             windows
                                                                                            [ 0s004 | Jan 25 12:17PM ]
src $ krb5kdc
                                                                                            [ 0s014 | Jan 25 12:18PM ]
src $ kinit
kinit: Client 'rabuissa@ATHENA.MIT.EDU' not found in Kerberos database while getting initial credentials
                                                                                            [ 0s683 | Jan 25 12:18PM ]
src $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local:
kadmin.local:
kadmin.local:  ^D                                                                          [ 14s823 | Jan 25 12:18PM ]
src $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local:
kadmin.local:  ^D                                                                          [ 21s445 | Jan 25 12:19PM ]
src $ kinit --help
kinit: unrecognized option `--help'
Usage: kinit [-V] [-l lifetime] [-s start_time] [-r renewable_life]
        [-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]
        [--request-pac | --no-request-pac]
        [-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]
        [-S service_name] [-I input_ccache] [-T ticket_armor_cache]
        [-X <attribute>[=<value>]] [principal]

    options:
        -V verbose
        -l lifetime
        -s start time
        -r renewable lifetime
        -f forwardable
        -F not forwardable
        -p proxiable
        -P not proxiable
        -n anonymous
        -a include addresses
        -A do not include addresses
        -v validate
        -R renew
        -C canonicalize
        -E client is enterprise principal name
        -k use keytab
        -i use default client keytab (with -k)
        -t filename of keytab to use
        -c Kerberos 5 cache name
        -S service
        -I input credential cache
        -T armor credential cache
        -X <attribute>[=<value>]
        --{,no}-request-pac request KDC include/exclude a PAC
                                                                                            [ 0s014 | Jan 25 12:19PM ]
src $ klist
klist: Credentials cache 'KCM:501' not found
                                                                                            [ 0s193 | Jan 25 12:20PM ]
src $ ls /usr/local/var/krb5kdc/principal
/usr/local/var/krb5kdc/principal
                                                                                            [ 0s003 | Jan 25 12:20PM ]
src $ vim /usr/local/var/krb5kdc/principal
                                                                                            [ 6s771 | Jan 25 12:21PM ]
src $ kdb5_util dump --verbose dumpfile
Usage: kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-kv mkeyVNO]
                [-M mkeyname] [-m] [-sf stashfilename] [-P password]
                [-x db_args]* cmd [cmd_options]
        create  [-s]
        destroy [-f]
        stash   [-f keyfile]
        dump    [-b7|-r13|-r18] [-verbose]
                [-mkey_convert] [-new_mkey_file mkey_file]
                [-rev] [-recurse] [filename [princs...]]
        load    [-b7|-r13|-r18] [-hash] [-verbose] [-update] filename
        ark     [-e etype_list] principal
        add_mkey [-e etype] [-s]
        use_mkey kvno [time]
        list_mkeys
        update_princ_encryption [-f] [-n] [-v] [princ-pattern]
        purge_mkeys [-f] [-n] [-v]
        tabdump [-H] [-c] [-e] [-n] [-o outfile] dumptype

where,
        [-x db_args]* - any number of database specific arguments.
                        Look at each database documentation for supported arguments
                                                                                            [ 0s018 | Jan 25 12:21PM ]
src $ kdb5_util dump -verbose dumpfile
K/M@ATHENA.MIT.EDU
admin/admin@ATHENA.MIT.EDU
kadmin/admin@ATHENA.MIT.EDU
kadmin/changepw@ATHENA.MIT.EDU
krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
                                                                                           [ 0s014 | Jan 25 12:22PM