kadmin> add --random-key host/test1.the9.com //说明添加的是主机不是用户
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
kadmin> ext host/test1.the9.com
kadmin> ext --keytab=/tmp/the9.keytab host/test1.the9.com
这样完成以后就好了,基本配置已经结束了,可以使用 。调试
我们开始使用Kerberos的认证部署网络服务,注意Kerberos通过修改用户主目录下的.klogin和.k5login文件,将你允许登陆的用户Principal添加在文件里就好了 。
test1# cat .k5login
# $FreeBSD: src/etc/root/dot.k5login,v 1.1 2003/04/30 20:58:49 markm Exp $
#
# user1/root@YOUR.REALM.WHEREVER
# user2/root@YOUR.REALM.WHEREVER
cnhawk/test1.the9.com@THE9.COM
这样就可以了
使用Kerberos认证的telnet
修改/etc/inetd.conf 添加
telnet stream tcp nowait root /usr/libexec/telnetd telnetd -a user
然后开启
test2# inetd
然后从test1登陆test2
test1# kinit cnhawk/test1.the9.com //先取得票据
cnhawk/test1.the9.com@THE9.COM"s Password:
test1# klist –f //看看是不是取得
Credentials cache: FILE:/tmp/krb5cc_0
Principal: cnhawk/test1.the9.com@THE9.COMIssued Expires Flags Principal
Jun 11 16:21:36 Jun 12 02:21:36 I krbtgt/THE9.COM@THE9.COM
//可以了
test1# telnet -a -l the9 192.168.0.3 //开始登陆
Trying 192.168.0.3...
Connected to test2.the9.com.
Escape character is "^]".
[ Trying mutual KERBEROS5 (host/test2.the9.com@THE9.COM)... ]
[ Kerberos V5 accepts you as `` cnhawk/test1.the9.com@THE9.COM"" ]
FreeBSD/i386 (test2.the9.com) (ttyp1)
//登陆欢迎词
%id
uid=1001(the9) gid=0(wheel) groups=0(wheel)
% //好了成功了
使用Kerberos认证的ssh
修改测试A,B,C的sshd 配置文件 。
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
然后重启sshd
Test2#kill –HUP 80
开始从test1登陆到test2,因为只有ssh1支持Kerberos,所以使用ssh1连接同时开启debug信息 。
test1# ssh -1v the9@test2.the9.com
OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to test2.the9.com [192.168.0.3] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 FreeBSD-20030924
debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.6.1p1 FreeBSD-20030924
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host "test2.the9.com" is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos v5 authentication.
debug1: Kerberos v5 authentication accepted.
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
Last login: Fri Jun 11 16:31:14 2004 from test1.the9.com
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.FreeBSD 4.9-RELEASE (GENERIC) #0: Mon Oct 27 17:51:09 GMT 2003
FreeBSD/i386 (test2.the9.com) (ttyp1)
//登陆欢迎词
%id
uid=1001(the9) gid=0(wheel) groups=0(wheel)
% //好了成功了
测试已经完成了 。可以使用Kerberos了 。ftp 服务
%kinit cnhawk/test1.the9.com
Cnhawk/test1.the9.com @THE9.COM"s Password:
%klist -f
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: cnhawk/test1.the9.com@THE9.COMIssued Expires Flags Principal
推荐阅读
- oppo r11s手机什么时候上市?oppo r11s多少钱?
- FreeBSD上的软件安装方法
- 减少农药残留几种方法
- 一 首信S750使用感受---照相功能图文说
- 用FreeBSD5.3建立安全网关,ADSL+FreeBSD+ipfilter+ipnat
- 流量怎么开启使用
- 福特嘉年华aux使用方法
- FreeBSD如何跑diskless
- FreeBSD光盘运行版的制作过程
- 91 FreeBSD连载:提升静态网页服务能力的综合方式