Getting Heimdal to work with OpenSSH on OpenB…
2009-05-13 01:54:40来源:未知 阅读 ()
This is a rather quick manual and I foresee that you have basic UNIX skills.First off is /etc/krb5.conf, modify it so it suits you:
------
[libdefaults]
# Set the realm of this host here
default_realm = MYREALM.NET
[realms]
MYREALM.NET = {
# Specify KDC here
kdc = host.myrealm.net
# Administration server, used for creating users etc.
admin_server = host.myrealm.net
}
[domain_realm]
.myrealm.net = MYREALM.NET
[logging]
kadmind = FILE:/var/heimdal/kadmind.log
------
Next we will issue some commands for setting up Heimdal, I will not
explain these commands in particular instead you can read about them
with the man command.
# kstash
# kadmin -l
kadmin> init MYREALM.NET
kadmin> add me
kadmin> add --random-key host/host.myrealm.net
# /usr/sbin/kdc &
# kinit me
# klist
# ktutil list
Thats it for Heimdal. Now make sure your OpenSSH server is up to date
(3.9 or newer) and GSSAPIAuthentication and KerberosAuthentication is
set to yes in your sshd_config and GSSAPIAuthentication is set to yes
in the authenticating clients ssh_config. If you want to cleanup your
cedentials on logout you can set GSSAPICleanupCredentials to yes in
your sshd_config.
You should now try to authenticate to Heimdal via kauth or as in my
case I use the built-in Kerberos client in Mac OS X. Now try to ssh to
the host and use verbose mode (-vv) to check if GSSAPI works.
# ssh -vv me@host.myrealm.net
Check for these lines:
debug1: Authentications that can continue: gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentication succeeded (gssapi-with-mic).
If you found those lines then GSSAPI works and you will automatically login!
You can check how long your ticket is alive with:
# klist
Default Principal: me@MYREALM.NET
Valid Starting Expires Service Principal
05/28/05 01:12:58 05/28/05 11:12:59 krbtgt/MYREALM.NET@MYREALM.NET
renew until 06/04/05 01:12:59
05/28/05 01:13:10 05/28/05 11:12:59 host/host.myrealm.net@MYREALM.NET
renew until 06/04/05 01:13:00
You now have a working OpenSSH with support for Heimdal authentication.
If you have any questions about this howto just lookup my contact
information
here
. For more information about Heimdal you can visit
http://www.pdc.kth.se/heimdal/
.
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
- Freebsd oracle 10g 2009-05-13
- virtualbox for freeBSD 2009-05-13
- KDE/FreeBSD 测试 QT-4.5.1. 2009-05-13
- 安装'User manager for PureFTPd'无法建表? 2009-05-13
- OpenBSD 4.5下安装Gnome 2.24成功! 2009-05-13
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
