slapd

• apt-get install slapd libldap2-dev db-util sasl2-bin

grundkonfiguration

• dpkg-reconfigure -p low slapd

alles löschen

domain = linuggs.de
passwd = sysadm
server = maria.xinux.org

kontrolle der konfig

ldapsearch -Y EXTERNAL -LLL -H ldapi:/// -b cn=config "(|(cn=config)(olcDatabase={1}hdb))"

• cn=config

sasl changes=

• sasl.ldif

kerberos

• sudo apt-get install krb5-kdc krb5-admin-server

konfig /etc/krb4kdc/krb.conf

• krb.conf

konfig /etc/krb5.conf

• krb5.conf

make a newrealm

rm /var/lib/krb5kdc/*
krb5_newrealm  wenn langdauert dauer -> ssh -p 8472 gondor "cat /dev/urandom" > /dev/urandom

apparmor entfernen oder die doku lesen :-)

apt-get remove apparmor

ldaputils

• apt-get install ldap-utils libpam-ldap libnss-ldap ldapscripts

admin user im kerberos anlegen und passwors "sysadm" setzen

• kadmin.local -q "addprinc -pw sysadm admin"

hostkeytab anlegen und verteilen

• kadmin.local -q "addprinc -randkey host/maria"
• kadmin.local -q "ktadd -k /etc/krb5.keytab host/maria"

ldapkeytab anlegen und verteilen

• kadmin.local -q "addprinc -randkey ldap/maria.xinux.org"
• kadmin.local -q "ktadd -k /etc/ldap/ldap.keytab ldap/maria.xinux.org"

tests

• kinit admin

Password for admin@LINUGGS.DE:

• klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@LINUGGS.DE

Valid starting       Expires              Service principal
09.12.2014 19:04:36  10.12.2014 05:04:36  krbtgt/LINUGGS.DE@LINUGGS.DE

renew until 10.12.2014 19:04:29

openldap user zur slasl gruppe

• usermod -G sasl openldap

sasl

• sudo apt-get install sasl2-bin libsasl2-modules-gssapi-mit

/etc/default/saslauthd

• START=yes
• MECHANISMS="kerberos5"

restart sasl

• service saslauthd restart

sasl test

• testsaslauthd -u admin -p sysadm -r LINUGGS.DE

0: OK "Success."