1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
To run a zephyr server with MIT Kerberos IV and V support, you need to
generate a Kerberos V keytab and a Kerberos IV srvtab for the
principal zephyr.zephyr@YOUR.REALM.NAME.
Doing this with the MIT Kerberos V server is a somewhat convoluted
process, but here we go:
[Note that this presumes that you have Kerberos administrator privileges, if
you don't, find someone who does.]
At the kadmin prompt, type
ank -randkey zephyr/zephyr
this creates the Kerberos principal, with whatever key types and cryptosystems
your realm defaults to. Next, also at the kadmin prompt, type the following
substituting appropriately for your realm name and various file locations:
xst -k /etc/zephyr/krb5.keytab -e des-cbc-crc:v4 zephyr/zephyr@YOUR.REALM.NAME
The key type is necessary because zephyr Kerberos IV uses only
single-DES. Now run ktutil:
rkt /etc/zephyr/krb5.keytab
wst /etc/zephyr/srvtab
q
The krb5.keytab and srvtab files need to be the same on all of your
zephyr servers; note that with the MIT kerberos server, xst changes
the key each time, invalidating previously-extracted keytabs.
|
