summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--configs/kerberos/kadm5.acl6
-rw-r--r--configs/kerberos/krb5.conf10
-rwxr-xr-xscripts/kerberos6
3 files changed, 13 insertions, 9 deletions
diff --git a/configs/kerberos/kadm5.acl b/configs/kerberos/kadm5.acl
new file mode 100644
index 0000000..76df603
--- /dev/null
+++ b/configs/kerberos/kadm5.acl
@@ -0,0 +1,6 @@
+# This file Is the access control list for krb5 administration.
+# When this file is edited run service krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal
+# ending in /admin is given full administrative rights.
+# To enable this, uncomment the following line:
+*/admin *
diff --git a/configs/kerberos/krb5.conf b/configs/kerberos/krb5.conf
index 61f51c1..c78717b 100644
--- a/configs/kerberos/krb5.conf
+++ b/configs/kerberos/krb5.conf
@@ -1,19 +1,11 @@
[libdefaults]
default_realm = HADES.HR
- # The following krb5.conf variables are only for MIT Kerberos.
- kdc_timesync = 1
- ccache_type = 4
- forwardable = true
- proxiable = true
-
- # The following libdefaults parameters are only for Heimdal Kerberos.
- fcc-mit-ticketflags = true
-
[realms]
HADES.HR = {
kdc = krb.hades.hr
admin_server = krb.hades.hr
+ default_domain = hades.hr
}
[domain_realm]
diff --git a/scripts/kerberos b/scripts/kerberos
index 8ecfde4..8948b22 100755
--- a/scripts/kerberos
+++ b/scripts/kerberos
@@ -3,6 +3,7 @@ set -e
ROOT_PASS=root
KRB5_PASS=krb5
+KRB5_ADMIN_PASS=pass
scripts/debian_roll kerberos
lxc-attach -n kerberos -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install krb5-admin-server
@@ -12,8 +13,13 @@ IP="$(lxc-info -n kerberos | grep IP | tr -s ' ' | cut -d ' ' -f 2)"
sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$IP
scp configs/kerberos/krb5.conf root@$IP:/etc/
scp configs/kerberos/kdc.conf root@$IP:/etc/krb5kdc/
+scp configs/kerberos/kadm5.acl root@$IP:/etc/krb5kdc/
lxc-attach -n kerberos -- bash -c 'echo -e "'$KRB5_PASS'\n'$KRB5_PASS'" | krb5_newrealm'
lxc-attach -n kerberos -- systemctl restart krb5-admin-server
lxc-attach -n kerberos -- systemctl restart krb5-kdc
+
+lxc-attach -n kerberos -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$KRB5_ADMIN_PASS'" | kadmin.local addprinc root/admin'
+
+# should be able to now use kadmin, but cannot ?
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 12:21:30 +0000