In this tutorial I will show you how to install Kerberos server on Ubuntu 16.04.
- sudo apt install krb5-kdc krb5-admin-server krb5-config -y
Enter your realm. I will use REALM.CA
Enter your servers. I will use localhost
Enter your administrative server. I will use localhost
Now you can click Ok and installation will continue.
Next we can create our new realm
- sudo krb5_newrealm
Enter your password then confirm it.
Now we can edit our kadm5.acl to have admin. Uncomment “*/admin *”
- sudo nano /etc/krb5kdc/kadm5.acl
Now we make our keytabs directory and grant the necessary permissions.
- sudo mkdir -p /etc/security/keytabs/
- sudo chown root:hduser /etc/security/keytabs
- sudo chmod 750 /etc/security/keytabs
Now we edit our krb5.conf file
- sudo nano /etc/krb5.conf
Ensure it looks like the below
- [libdefaults]
- default_realm = REALM.CA
- [realms]
- REALM.CA = {
- kdc = localhost
- admin_server = localhost
- }
- [domain_realm]
- .realm.ca = REALM.CA
- realm.ca = REALM.CA
Now we can restart the kerberos services
- sudo service krb5-kdc restart; service krb5-admin-server restart
Once you create a principal if when you attempt to use kadmin you get the error “GSS-API (or Kerberos) error while initializing kadmin interface”. Then do the following.
- sudo RUNLEVEL=1 apt-get install rng-tools
- cat /dev/random | rngtest -c 1000
- sudo apt-get install haveged
- cat /proc/sys/kernel/random/entropy_avail
- cat /dev/random | rngtest -c 1000
- haveged -n 2g -f - | dd of=/dev/null
Uninstallation
- sudo apt remove --purge krb5-kdc krb5-admin-server krb5-config -y
- sudo rm -rf /var/lib/krb5kdc
References
I used the following references as a guide.
http://blog.ruanbekker.com/blog/2017/10/18/setup-kerberos-server-and-client-on-ubuntu/
http://csetutorials.com/setup-kerberos-ubuntu.html
12 thoughts on “Kerberos Server Installation”
Comments are closed.