|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Igor 2:5020/400 14 Jan 2004 23:51:06
To : All
Subject : Kerberos 5
--------------------------------------------------------------------------------
Hello, All!
Дано:
FreeBSD 4.9 и W2k SP4 Rus
Делаю по написанному в Samba-HOWTO-Collection.
7.4.2. Configure /etc/krb5.conf
With both MIT and Heimdal Kerberos, this is unnecessary, and may be
detrimental. All ADS domains will automatically create SRV records in the
DNS zone kerberos.REALM.NAME for each KDC in the realm. MIT's, as well as
Heimdal's, KRB5 libraries default to checking for these records, so they
will automatically find the
KDCs. In addition, krb5.conf only allows specifying a single KDC, even there
if there
is more than one.
Using the DNS lookup allows the KRB5 libraries to use whichever KDCs are
available.
When manually configuring krb5.conf, the minimal configuration is:
[libdefaults]
default_realm = YOUR.KERBEROS.REALM
[realms]
YOUR.KERBEROS.REALM = {
kdc = your.kerberos.server
}
When using Heimdal versions before 0.6 use the following configuration
settings:
[libdefaults]
default_realm = YOUR.KERBEROS.REALM
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
YOUR.KERBEROS.REALM = {
kdc = your.kerberos.server
}
Test your config by doing a kinit USERNAME @REALM and making sure that your
password is accepted by the Win2000 KDC.
Тестирую:
#k5init username@REALM
username@REALM's Password:
k5init: krb5_get_init_creds: Clock skew too great
Хотя, время синхронизировано.
Hа ввод неправильного пароля фря отвечает:
k5init: krb5_get_init_creds: Preauthentication failed
А в виндовом Event Log фиксируется отлуп.
А кому-то вообще удалось церберов?
With best regards, Igor.
--- ifmail v.2.15dev5.1
* Origin: Demos online service (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Kerberos 5 |
Igor |
14 Jan 2004 23:51:06 |
|
|
