Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 17. KerberosNext

17.6. Configuring a Kerberos 5 Client

Setting up a Kerberos 5 client is less involved than setting up a server. At a minimum, install the client packages and provide each client with a valid krb5.conf configuration file. Kerberized versions of rsh and rlogin will also require some configuration changes.

  1. Be sure that you have time synchronization in place between the Kerberos client and the KDC. See Section 17.5 Configuring a Kerberos 5 Server for more information. In addition, verify that DNS is working properly on the Kerberos client before configuring the Kerberos client programs.

  2. Install the krb5-libs and krb5-workstation packages on all of the client machines. You must supply a version of /etc/krb5.conf for each client; usually this can be the same krb5.conf file used by the KDC.

  3. Before a workstation in the realm can allow users to connect using kerberized rsh and rlogin, that workstation will need to have the xinetd package installed and have its own host principal in the Kerberos database. The kshd and klogind server programs will also need access to the keys for their service's principal.

    Using kadmin, add a host principal for the workstation on the KDC. The instance in this case will be the hostname of the workstation. You can use the -randkey option to kadmin's addprinc command to create the principal and assign it a random key: 

    addprinc -randkey host/blah.example.com

    Now that you have created the principal, you can extract the keys for the workstation by running kadmin on the workstation itself, and using the ktadd command within kadmin:

    ktadd -k /etc/krb5.keytab host/blah.example.com

  4. If you wish to use other kerberized network service, they will need to be started. Below is a list of some of the more common kerberized services and instructions on enabling them:

    • rsh and rlogin — In order to use the kerberized versions of rsh and rlogin, you must enable klogin, eklogin, and kshell.

    • Telnet — To use kerberized Telnet, you must enable krb5-telnet.

    • FTP — To provide FTP access, create and extract a key for the principal with a root of ftp. Be certain to set the instance to the fully qualified hostname of the FTP server, then enable gssftp.

    • IMAP — The IMAP server included in the imap package will use GSS-API authentication using Kerberos 5 if it finds the proper key in /etc/krb5.keytab. The root for the principal should be imap.

    • CVS — CVS's kerberized gserver uses a principal with a root of cvs and is otherwise identical to the CVS pserver.

    For details on enabling services, refer to the chapter titled Controlling Access to Services in the Red Hat Linux Customization Guide.

PrevHomeNext
Configuring a Kerberos 5 ServerUpAdditional Resources
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.