kerberos\u662f\u7531MIT\u958b\u767c\u7684\u63d0\u4f9b\u7db2\u7d61\u8a8d\u8b49\u670d\u52d9\u7684\u7cfb\u7d71\uff0c\u5f88\u65e9\u5c31\u807d\u8aaa\u904e\u5b83\u7684\u5927\u540d\uff0c\u4f46\u58f9\u76f4\u6c92\u6709\u4f7f\u7528\u904e\u5b83\u3002\u5b83\u53ef\u7528\u4f86\u70ba\u7db2\u7d61\u4e0a\u7684\u5404\u7a2eserver\u63d0\u4f9b\u8a8d\u8b49\u670d\u52d9,\u4f7f\u5f97\u53e3\u4ee4\u4e0d\u518d\u662f\u4ee5\u660e\u6587\u65b9\u5f0f\u5728\u7db2\u7d61\u4e0a\u50b3\u8f38\uff0c\u4e26\u4e14\u806f\u63a5\u4e4b\u9593\u901a\u8a0a\u662f\u52a0\u5bc6\u7684\uff1b\u5b83\u548cPKI\u8a8d\u8b49\u7684\u539f\u7406\u4e0d\u58f9\u6a23\uff0cPKI\u4f7f\u7528\u516c\u9470\u9ad4\u5236(\u4e0d\u5c0d\u7a31\u5bc6\u78bc\u9ad4\u5236)\uff0ckerberos\u57fa\u65bc\u79c1\u9470\u9ad4\u5236(\u5c0d\u7a31\u5bc6\u78bc\u9ad4\u5236)\u3002\u3000\u3000\u3000\u3000\u672c\u7bc7\u6587\u7ae0\u4e0d\u6253\u7b97\u8a73\u7d30\u8b1b\u89e3kerberos\u7684\u5de5\u4f5c\u539f\u7406\uff0c\u800c\u662f\u5074\u91cd\u4ecb\u7d39\u5728redhat8.0\u74b0\u5883\u4e0b\u5982\u4f55\u4f7f\u7528kerberos\u81ea\u5df1\u63d0\u4f9b\u7684Ktelnetd\uff0cKrlogind\uff0cKrshd\u4f86\u66ff\u4ee3\u50b3\u7d71\u7684telnetd\uff0crlogind\uff0crshd\u670d\u52d9\uff0c\u6709\u95dckerberos\u5de5\u4f5c\u7684\u539f\u7406\u53ef\u4ee5\u53c3\u8003\u300aKerberos:AN Authentication Services for Computer Networks\u300b\u3002\u3000\u3000\u3000\u3000\u5b89\u88dd\u74b0\u5883\uff1a\u58f9\u81fai386\u6a5f\u5668\u3002\u3000\u3000\u5b89\u88dd\u5305\uff1akrb5-server-1.2.5-6\uff0ckrb5-workstation-1.2.5-6\uff0ckrb5-libs-1.2.5-6 \u3000\u3000rpm -ivh krb5-libs-1.2.5-6.i386.rpm \u3000\u3000rpm -ivh krb5-server-1.2.5-6.i386.rpm \u3000\u3000rpm -ivh krb5-workstation-1.2.5-6.i386.rpm \u3000\u3000 \u3000\u3000\u4e0a\u8ff0\u8981\u6c42\u6eff\u8db3\u5f8c\uff0c\u6211\u5011\u5c31\u53ef\u4ee5\u5148\u914dKDC\u670d\u52d9\u5668\uff0c\u7136\u5f8c\u518d\u914dKtelnetd\uff0cKrlogind,Krsh\u670d\u52d9\u5668\uff0c\u6700\u5f8c\u5c31\u53ef\u4ee5\u4f7f\u7528krb5-workstation\u63d0\u4f9b\u7684telnet\uff0crlogin\uff0crsh\u4f86\u767b\u9304\u9019\u4e9b\u670d\u52d9\u4e86\u3002\u4e0b\u9762\u662f\u5b89\u88dd\u6b65\u9a5f\uff1a\u3000\u3000\u3000\u30001\u3001\u751f\u6210kerberos\u7684\u672c\u5730\u6578\u64da\u5eab\u3000\u3000kdb5_util create -r EXAMPLE.COM -s \u3000\u3000\u9019\u500b\u547d\u4ee4\u7528\u4f86\u751f\u6210kerberos\u7684\u672c\u5730\u6578\u64da\u5eab\uff0c\u5305\u62ec\u5e7e\u500b\u6587\u4ef6\uff1aprincipal\uff0cprincipal.OK\uff0cprincipal.kadm5\uff0cprincipal.kadm5.lock. -r \u6307\u5b9arealm(kerberos\u8853\u8a9e)\uff0c\u6211\u5011\u96a8\u4fbf\u53d6\u58f9\u500b\u53ebEXAMPLE.COM. \u3000\u3000\u3000\u30002\u3001\u751f\u6210\u8cec\u865f\u3000\u3000kerberos\u7528principal(kerberos\u8853\u8a9e)\u4f86\u8868\u793arealm\u4e0b\u7684\u58f9\u500b\u5e33\u6236\uff0c\u8868\u793a\u70baprimary\/instance@realm\uff0c\u8209\u500b\u4f8b\u5b50\u5c31\u662fusername\/9.181.92.90@EXAMPLE.COM,\u9019\u88cf\u5047\u8a2d9.181.92.90\u662f\u59b3\u6a5f\u5668\u7684ip\u5730\u5740. \u3000\u3000\u3000\u3000\u5728\u6578\u64da\u5eab\u4e2d\u52a0\u5165\u7ba1\u7406\u54e1\u5e33\u6236\uff1a\u3000\u3000\/usr\/kerberos\/sbin\/kadmin.local \u3000\u3000kadmin.local: addprinc admin\/admin@EXAMPLE.COM \u3000\u3000\u5728\u6578\u64da\u5eab\u4e2d\u52a0\u5165\u7528\u6236\u7684\u5e33\u865f\uff1a\u3000\u3000kadmin.local: addprinc username\/9.181.92.90@EXAMPLE.COM \u3000\u3000\u5728\u6578\u64da\u5eab\u4e2d\u52a0\u5165Ktelnetd\uff0cKrlogind\uff0cKrshd\u516c\u7528\u7684\u5e33\u865f\uff1a\u3000\u3000kadmin.local: addprinc -randkey host\/9.181.92.90@EXAMPLE.COM \u3000\u3000 \u3000\u30003\u3001\u6aa2\u67e5\/var\/kerberos\/krb5kdc\/kadm5.keytab\u662f\u5426\u6709\u4e0b\u5217\u8a9e\u53e5\uff1a\u3000\u3000*\/admin@EXAMPLE.COM * \u3000\u3000\u82e5\u6c92\u6709\uff0c\u90a3\u9ebd\u5c31\u6dfb\u4e0a\u3002\u3000\u3000\u3000\u30004\u3001\u4fee\u6539\/etc\/krb5.conf\u6587\u4ef6\uff0c\u4fee\u6539\u6240\u6709\u7684realm\u70baEXAMPLE.COM,\u4e26\u4e14\u52a0\u5165\u4e0b\u5217\u53e5\u5b50\u3000\u3000kdc = 9.181.92.90:88 \u3000\u3000admin_server = 9.181.92.90:749 \u3000\u3000\u3000\u30005\u3001\u5728\/etc\/krb.conf\u4e2d\u52a0\u5165\u4e0b\u5217\u8a9e\u53e5\uff1a\u3000\u3000EXAMPLE.COM \u3000\u3000EXAMPLE.COM 9.181.92.90:88 \u3000\u3000EXAMPLE.COM 9.181.92.90:749 admin server \u3000\u3000\u3000\u30006\u3001\u555f\u52d5kdc\u670d\u52d9\u5668\u548cKtelnetd\uff0cKrlogind\uff0cKrshd \u3000\u3000\/etc\/init.d\/krb5kdc restart \u3000\u3000chkconfig klogin on \u3000\u3000chkconfig kshell on \u3000\u3000chkconfig eklogin on \u3000\u3000chkconfig krb5-telnet on \u3000\u3000\/etc\/init.d\/xinetd restart \u3000\u3000\u3000\u30007\u3001\u5236\u4f5c\u672c\u5730\u7de9\u5b58\u3000\u3000\u5c07username\/9.181.92.90@EXAMPLE.COM\u7684credentials(kerberos\u8853\u8a9e)\u53d6\u5230\u672c\u5730\u505a\u70bacache\uff0c\u9019\u6a23\u4ee5\u5f8c\u5c31\u53ef\u4ee5\u4e0d\u7528\u91cd\u5fa9\u8f38\u5165password\u4e86\u3002\u3000\u3000kinit username\/9.181.92.90 \u3000\u3000\u5982\u679c\u9806\u5229\u7684\u8a71\uff0c\u5728\/tmp\u4e0b\u9762\u6703\u751f\u6210\u6587\u4ef6krb5*\uff1b\u9019\u6b65\u5982\u679c\u4e0d\u901a\uff0c\u90a3\u9ebd\u5c31\u5fc5\u9808\u6aa2\u67e5\u4ee5\u4e0a\u6b65\u9a5f\u662f\u5426\u6709\u6f0f\u3002\u3000\u3000\u53ef\u4ee5\u7528klist\u547d\u4ee4\u4f86\u67e5\u770bcredential\u3002\u3000\u3000\u3000\u30008\u3001\u5c0e\u51fa\u7528\u6236\u5bc6\u5319\u3000\u3000export host\/9.181.92.90@EXAMPLE.COM\u7684key\u5230\/etc\/krb5.keytab\uff0cKtelnetd\u3001Krlogind\u548cKrshd\u9700\u8981\/etc\/krb5.keytab\u4f86\u9a57\u8b49username\/9.181.92.90\u7684\u8eab\u4efd\u3002\u3000\u3000kadmin.local: ktadd -k \/etc\/krb5.keytab host\/9.181.92.90 \u3000\u3000\u3000\u30009\u3001\u4fee\u6539~\/.k5login\u6587\u4ef6\u3000\u3000\u5728\u5176\u4e2d\u52a0\u5165username\/9.181.92.90@EXAMPLE.COM\uff0c\u8868\u793a\u5141\u8a31username\/9.181.92.90@EXAMPLE.COM\u767b\u9304\u8a72\u5e33\u6236\u3000\u3000\u3000\u3000cat username\/9.181.92.90@EXAMPLE.COM >>~\/.k5login \u3000\u3000 \u3000\u300010\u3001\u6e2c\u8a66kerberos\u5ba2\u6236\u7aef\u3000\u3000krsh 9.181.92.90 -k EXAMPLE.COM ls \u3000\u3000krlogin 9.181.92.90 -k EXAMPLE.COM \u3000\u3000rlogin 9.181.92.90 -k EXAMPLE.COM \u3000\u3000rsh 9.181.92.90 -k EXAMPLE.COM \u3000\u3000telnet -x 9.181.92.90 -k EXAMPLE.COM<\/p>\n","protected":false},"excerpt":{"rendered":"
kerberos\u662f\u7531MIT\u958b\u767c\u7684\u63d0\u4f9b\u7db2\u7d61\u8a8d\u8b49\u670d\u52d9\u7684\u7cfb\u7d71\uff0c\u5f88\u65e9\u5c31\u807d\u8aaa\u904e\u5b83\u7684\u5927\u540d\uff0c\u4f46\u58f9\u76f4\u6c92\u6709\u4f7f\u7528\u904e\u5b83\u3002\u5b83\u53ef\u7528\u4f86\u70ba\u7db2 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[531],"tags":[615,616,617],"class_list":["post-1558","post","type-post","status-publish","format-standard","hentry","category-unix","tag-kerberos","tag-616","tag-617"],"_links":{"self":[{"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/posts\/1558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/comments?post=1558"}],"version-history":[{"count":0,"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/posts\/1558\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/media?parent=1558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/categories?post=1558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.killtest.hk\/index.php\/wp-json\/wp\/v2\/tags?post=1558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}