[1981] in Kerberos
Re: setting up kerberos....
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sat Jun 20 01:37:51 1992
Date: Sat, 20 Jun 92 01:16:47 -0400
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: cdaniel@cse.unl.edu
Cc: kerberos@Athena.MIT.EDU
In-Reply-To: Charles Daniel's message of Thu, 18 Jun 1992 19:44:17 GMT,
Reply-To: tytso@Athena.MIT.EDU
Date: Thu, 18 Jun 1992 19:44:17 GMT
From: cdaniel@cse.unl.edu (Charles Daniel)
We just install kerberos on one of our workstations and have
so far been unable to figure out how to run kerberos
applications on other machines. For example, we are able
to run 'kinit' on the machine that houses the master kerberos
server, but how does one go about setting things up so that
one could run 'kinit' on a remote machine and have it contact
the master kerberos server for a ticket.
Short answer: you need to install the files /etc/krb.conf and
/etc/krb.realms.
Also, does anyone know of any good documentation on installing
and setting up kerberos. The stuff that's enclosed with the kerberos
package seems to be the bare minimum required and does not
address setting up kerberos on a multi workstation environment.
Kerberos isn't very useful on a single-workstation environment --- after
all, it's _network_ security system. Are you sure you've looked at all
of the documentation? (Look in /pub/kerberos/doc on
athena-dist.mit.edu.)
In general, the client machines only need krb.conf and krb.realms to be
installed on their machine, and Kerberos binaries: kinit, kdestroy,
klist, and whatever application client programs that use Kerberos.
Application server machines will also need /etc/srvtab (or possibly
other srvtab files in other directories), so that the application
servers can get access to their service keys.
It sounds like you have the Master Kerberos Server set up correctly, but
make sure you keep it secure! Letting general users login to the Master
Server, or leaving it on a physically open area is a big mistake, since
if someone can get your Kerberos database, you're in deep do-do....
- Ted
