[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
=?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questio?==?gb2312?q?ns?=
Hi, I have 2 questions from Julius' mail too.
>
> 1 jul 2008 kl. 14.01 skrev Julius:
>
> > Hi,
> >
> > i would like to use nfs4 with kerberos (nfs4 is
> tested here), ive read
> > the documentation on the homepage and these two
> howtos:
> >
> >
>
http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt
> > https://help.ubuntu.com/community/NFSv4Howto
> >
> >
> > Some general questions:
> >
> > 1.
> > kadmin -l
> > add --random-key host/belgarath.lfs.org
> >
> > what does "host" mean in this case? the ubuntu
> howto uses nfs instead.
>
> "host" is the service part, host is used for rsh
> (rcp), ssh, telnet,
> sometime ftp, etc.
1. Does this "host" is the hostname of service PC? And
do I have to use hostname instead of the service PC's
IP address??
2. If my hostname is kerberosA, the kerberosized
service program is heimdal's telnetd, and my krb5.conf
is following:
[libdefaults]
default_realm = WEDGIE.ORG
[realms]
WEDGIE.ORG = {
kdc = 192.168.0.30
admin_server = 192.168.0.30
}
[domain_realm]
.wedgie.org = WEDGIE.ORG
the "host" should be kerberosA or admin_server?
so will I input
kadmin>add -r kerberosA/WEDGIE.ORG
or the
kadmin>add -r admin_server/WEDGIE.ORG
??
>
> For jabber its xmpp, imap imap, etc. Its protocol
> defined, For nfs you
> should use nfs.
>
> > 2.
> > The parameter encrypt in krb5.conf - isnt kerberos
> all about secure
> > authentication, why even allow the possibility to
> transfer something
> > not
> > encrypted?
>
> That for telnet and ftp, some older version of
> telnet defaulted to
> integrity only (or cleartext!) of performance
> reason. Its no longer
> the case.
>
> > 3.
> > ive added the principle progger to the kerberos
> database, if i now run
> > mount /tmp/somedir (/tmp/somedir is added in
> /etc/fstab with options
> > sec=krb5,users) as user progger mount times out.
>
> Any logs ?
> Does tcpdump/wireshark tell you any useful ?
>
>
> > kinit progger works from the client and server.
>
> Check with kgetcred nfs/hostname too.
>
> > btw, the 1.0 manual says to create
> > /var/heimdal
> >
> > but heimdal 1.0.1 tries to create its database in:
> > /var/lib/heimdal/
>
> thanks, will check on that.
>
> Love
>
>
>
___________________________________________________________
ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡
http://cn.mail.yahoo.com/