[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

=?gb2312?q?=BB=D8=B8=B4=A3=BA=20Re:=20kerberos=20setup,=20basic=20questio?==?gb2312?q?ns?=

Hi, I have 2 questions from Julius' mail too.


> 
> 1 jul 2008 kl. 14.01 skrev Julius:
> 
> > Hi,
> >
> > i would like to use nfs4 with kerberos (nfs4 is
> tested here), ive read
> > the documentation on the homepage and these two
> howtos:
> >
> >
>
http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt
> > https://help.ubuntu.com/community/NFSv4Howto
> >
> >
> > Some general questions:
> >
> > 1.
> > kadmin -l
> > add --random-key host/belgarath.lfs.org
> >
> > what does "host" mean in this case? the ubuntu
> howto uses nfs instead.
> 
> "host" is the service part, host is used for rsh
> (rcp), ssh, telnet,  
> sometime ftp, etc.

1. Does this "host" is the hostname of service PC? And
do I have to use hostname instead of the service PC's
IP address??

2. If my hostname is kerberosA, the kerberosized
service program is heimdal's telnetd, and my krb5.conf
is following:

[libdefaults]
        default_realm = WEDGIE.ORG

[realms]
        WEDGIE.ORG = {
                kdc = 192.168.0.30
                admin_server = 192.168.0.30
        }

[domain_realm]
        .wedgie.org = WEDGIE.ORG

the "host" should be kerberosA  or admin_server?
so will I input
kadmin>add -r kerberosA/WEDGIE.ORG
or the
kadmin>add -r admin_server/WEDGIE.ORG
??

> 
> For jabber its xmpp, imap imap, etc. Its protocol
> defined, For nfs you  
> should use nfs.
> 
> > 2.
> > The parameter encrypt in krb5.conf - isnt kerberos
> all about secure
> > authentication, why even allow the possibility to
> transfer something  
> > not
> > encrypted?
> 
> That for telnet and ftp, some older version of
> telnet defaulted to  
> integrity only (or cleartext!) of performance
> reason. Its no longer  
> the case.
> 
> > 3.
> > ive added the principle progger to the kerberos
> database, if i now run
> > mount /tmp/somedir (/tmp/somedir is added in
> /etc/fstab with options
> > sec=krb5,users) as user progger mount times out.
> 
> Any logs ?
> Does tcpdump/wireshark tell you any useful ?
> 
> 
> > kinit progger works from the client and server.
> 
> Check with kgetcred nfs/hostname too.
> 
> > btw, the 1.0 manual says to create
> > /var/heimdal
> >
> > but heimdal 1.0.1 tries to create its database in:
> > /var/lib/heimdal/
> 
> thanks, will check on that.
> 
> Love
> 
> 
> 



      ___________________________________________________________ 
 ÑÅ»¢ÓÊÏ䣬ÄúµÄÖÕÉúÓÊÏ䣡 
http://cn.mail.yahoo.com/