[31938] in Kerberos
Re: URG: Details abt Kerberos
daemon@ATHENA.MIT.EDU (Jason Edgecombe)
Mon Jan 18 19:52:41 2010
Message-ID: <4B55024C.70406@rampaginggeek.com>
Date: Mon, 18 Jan 2010 19:52:28 -0500
From: Jason Edgecombe <jason@rampaginggeek.com>
MIME-Version: 1.0
To: "Max (Weijun) Wang" <Weijun.Wang@Sun.COM>
In-Reply-To: <84BC374B-121E-4134-8B16-974CBE53B25D@sun.com>
Cc: vinay kumar <winay.l@gmail.com>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Max (Weijun) Wang wrote:
>> What's the difference between hosts and usernames, seriously?
>
> I guess Vinay is talking about the different type of principal names.
>
> A username, say, dummy@EXAMPLE.COM, is used on the client side. The
> client gets an initial TGT for it at the kinit time.
>
> A host, prepended with a service name, say,
> ftp/me.example.com@EXAMPLE.COM, is used on the server side. Normally,
> you create a keytab file holding secret keys for this name and it's
> readable by the server process.
>
> Both names are created using the kadmin tool.
>
> --Max
>
> On Jan 19, 2010, at 4:28 AM, Jason Edgecombe wrote:
>
>> vinay kumar wrote:
>>> *Hi,*
>>>
>>> I am new to kerberos, I have been asked to setup KDC, kerberos
>>> client
>>> and application server. Using these i have to capture AP_REQ,
>>> AP_REP, AS_REQ
>>> and AS_REP in wireshark. I have two systems both are working on Red Hat
>>> Linux. I downloaded Kerberos from MIT version 5. I went through
>>> installation
>>> and user guide of kerberos. I successfully constructed KDC server
>>> and able
>>> to capture AS_REQ and AS_REP, but i was not able to setup kerberos
>>> client
>>> and application server. *I have few doubts like can application
>>> server and
>>> client can be on the same system?
>>> How client machine differs from application server?
>>> Is client recognized by IP address or Principal by the KDC?
>>> For configuration setting we need to modify /etc/inetd.conf but this
>>> file is
>>> not there in Red Hat, so which file to edit?
>>> What exactly client means (I have understood it as a system on which
>>> u can
>>> get ticket for any principal in that realm)?
>>> What exactly application server means(I have confusion like ftp,
>>> telnet ...
>>> etc are available on client system only, then what is the function of
>>> application server)?
>>> What is the difference between host and usernames?
>>> *Plz help me by showing how to configure client and application
>>> server.*Kindly help me out. Waiting for ur reply.
>>>
>>> Regards,
>>> Vinay
>>>
>> It's time to read the fine manual.
>>
>> Kerberos comes with RedHat Enterprise Linux, although it's not the
>> latest version, it is kept patched for security vulnerabilities.
>>
>> Read this:
>> http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-kerberos.html
>>
>> The "next" link explains some of the kerberos terms.
>>
>> Kerberos is normally run as it's own service, not through inetd. Redhat
>> uses xinetd instead of inetd. Please read the manual page if you aren't
>> familiar with xinetd, especially the part about the HUP signal.
>>
>> What's the difference between hosts and usernames, seriously?
Hello Vinay and everyone,
I'm sorry for my grumpy response. I'm not normally that grouchy.
Sorry,
Jason
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
