Kerberos: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Der Seiteninhalt wurde durch einen anderen Text ersetzt: „*kerberos ssh samba“)
Zeile 1: Zeile 1:
=important=
+
*[[kerberos ssh samba]]
client and servers should have the correct time and should resolv A and PTR record on dns
 
=ssh-server=
 
==modification /etc/ssh/sshd_config==
 
<pre>
 
# GSSAPI options
 
GSSAPIAuthentication yes
 
GSSAPICleanupCredentials yes
 
GSSAPIKeyExchange yes
 
GSSAPIStoreCredentialsOnRekey yes
 
</pre>
 
==generate a keytab-file==
 
net ads keytab create -U administrator
 
=ssh-client=
 
==modification /etc/ssh/ssh_config==
 
<pre>
 
GSSAPIAuthentication yes
 
GSSAPIDelegateCredentials yes
 
GSSAPIKeyExchange yes
 
GSSAPIRenewalForcesRekey yes
 
GSSAPITrustDNS yes
 
</pre>
 
 
 
 
 
==required in smb.conf==
 
kerberos method = secrets and keytab
 
 
 
==create /etc/security/pam_winbind.conf ==
 
krb5_auth = yes
 
krb5_ccache_type = FILE
 
 
 
 
*https://wiki.samba.org/index.php/Authenticating_other_services_against_AD
 
*http://trabauer.com/?p=383
 

Version vom 9. September 2014, 14:29 Uhr

Abgerufen von „http://wiki.ixheim.de/index.php?title=Kerberos&oldid=5120