Ubuntu

How to setup Kerberos on Ubuntu

In a network, there is one machine which acts as a server for Kerberos and rest of the machines acts as clients. On the server machine, we will install Kerberos administrative server and database for Kerberos. On client machines, we will install Kerberos client. So first we will setup Kerberos server.

Setting Kerberos Server

Execute the below command to install Kerberos admin server and KDE (key distribution center).

sudo apt install krb5-kdc krb5-admin-server

It will ask you the following three things one by one
1. Kerberos realm. (let’s say MYREALM)
2. Kerberos server hostname. Type ‘localhost’ and enter.
3. Hostname of the administrative (password changing) server for MYREALM. In this case type ‘localhost’ and enter.
Kerberos installation
kerberos installation
kerberos installation
kerberos installation

Now execute the below command to setup realm.

sudo krb5_newrealm

It will ask you to enter a password for database creation and after that, it will start Kerberos KDC krb5kdc and Kerberos administrative servers kadmind processes.

Open /etc/krb5kdc/kadm5.acl file with your favourite text editor and uncomment the last line so that the file would look like.

# This file Is the access control list for krb5 administration.
# When this file is edited run /etc/init.d/krb5-admin-server restart to activate
# One common way to set up Kerberos administration is to allow any principal
# ending in /admin  is given full administrative rights.
# To enable this, uncomment the following line:
*/admin *

Your Kerberos server has been setup.

If you want to add principal, execute

sudo kadmin.local

and then run the command addprinc inside kadmin.local

addprinc your_principal_name

eg.

addprinc ashishdoneriya

Setting Kerberos Client

Add Kerberos server machine entry in your client machine /etc/hosts file. Let’s say the hostname of the machine in which you have just installed Kerberos server is ‘host1’ and IP is ‘192.168.1.10’ then add this line to /etc/hosts

192.168.1.10    host1

Execute the below command to install and setup Kerberos client.

sudo apt-get install krb5-user

It will ask 3 thing one by one
realm – MYREALM
hostname – host1
admin server – host1

That’s it. Now to test, run command

kinit -p [email protected]_REALM

eg.

kinit -p [email protected]

If you want to remove kerberos and all its configuration and pacakages from your system then

sudo apt-get remove --purge krb5-admin-server krb5-config krb5-kdc krb5-locales

Sources:
https://help.ubuntu.com/community/Kerberos
https://help.ubuntu.com/lts/serverguide/kerberos.html

Leave a Reply

Your email address will not be published. Required fields are marked *