blob: 4b03c1d040334f8d00c5375cbc9c6447a535b84b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
To run a zephyr server with MIT Kerberos support, you need to generate a
Kerberos IV srvtab for the principal zephyr.zephyr@YOUR.REALM.NAME.
Doing this with the MIT Kerberos V server is a somewhat convoluted process,
but here we go:
[Note that this presumes that you have Kerberos administrator privileges, if
you don't, find someone who does.]
At the kadmin prompt, type
ank -randkey zephyr/zephyr
this creates the Kerberos principal, with whatever key types and cryptosystems
your realm defaults to. Next, also at the kadmin prompt, type the following
substituting appropriately for your realm name and various file locations:
xst -k /tmp/keytab -e des-cbc-crc:v4 zephyr/zephyr@YOUR.REALM.NAME
The key type is necessary because zephyr uses an older version of Kerberos
that used only single-DES. Now run ktutil:
rkt /tmp/keytab
wst /etc/zephyr/srvtab
q
You now want to make sure that the /tmp/keytab file is written-over and
removed. Fortunately, you have Kerberos, you have kdestroy.
env KRB5CCNAME=/tmp/keytab kdestroy
|
