To Kerberos server on Centos 7

# ln -s /etc/sysconfig/network-scripts/ifcfg-eno16777736 /root/eth0

# vi /root/eth0

 

TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no NAME=eno16777736 UUID=3c4feab2-78d1-4a55-a565-782089849306 DEVICE=eno16777736 ONBOOT=yes IPADDR=192.168.8.129 PREFIX=24 GATEWAY=192.168.8.2 DNS1=192.168.8.129

# systemctl restart network

# yum -y install bind bind-utils bind-libs

# vi /etc/named.conf 

options {         listen-on port 53 { any; };         directory       "/var/named";         dump-file       "/var/named/data/cache_dump.db";         statistics-file "/var/named/data/named_stats.txt";         memstatistics-file "/var/named/data/named_mem_stats.txt";         allow-query     { any; };         recursion yes;         dnssec-enable yes;         dnssec-validation yes;         /* Path to ISC DLV key */         bindkeys-file "/etc/named.iscdlv.key";         managed-keys-directory "/var/named/dynamic";         pid-file "/run/named/named.pid";         session-keyfile "/run/named/session.key"; };

# vi /etc/named.rfc1912.zones

Do add below lines

zone "kgitbank.local" IN {         type master;         file "kgitbank.local.db";         allow-update { 192.168.8.129; }; };

# cd /var/named/

#  cp -a named.localhost kgitbank.local.db

# vi /var/named/kgitbank.local.db 

$TTL 1D @       IN SOA  @ kgitbank.local. (                                         0       ; serial                                         1D      ; refresh                                         1H      ; retry                                         1W      ; expire                                         3H )    ; minimum         NS      lux01. lux01   A       192.168.8.129 lux02   A       192.168.8.130

# systemctl start named

# systemctl enable named

# rpm -e krb5-libs-1.15.1-8.el7.x86_64

# yum -y install krb5-*   pam_krb5

# vi /var/kerberos/krb5kdc/kadm5.acl 

*/admin@kgitbank.local  *

# vi /var/kerberos/krb5kdc/kdc.conf 

[kdcdefaults]  kdc_ports = 88  kdc_tcp_ports = 88 [realms]  kgitbank.local = {   #master_key_type = aes256-cts   acl_file = /var/kerberos/krb5kdc/kadm5.acl   dict_file = /usr/share/dict/words   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab   supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal  }

# vi /etc/krb5.conf

# Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging]  default = FILE:/var/log/krb5libs.log  kdc = FILE:/var/log/krb5kdc.log  admin_server = FILE:/var/log/kadmind.log [libdefaults]  dns_lookup_realm = false  ticket_lifetime = 24h  renew_lifetime = 7d  forwardable = true  rdns = false  default_realm = KGITBANK.LOCAL  default_ccache_name = KEYRING:persistent:%{uid} [realms]  KGITBANK.LOCAL = {  kdc = lux01.kgitbank.local   admin_server = lux01.kgitbank.local  } [domain_realm]  .kgitbank.local = KGITBANK.LOCAL  kgitbank.local = KGITBANK.LOCAL

# cd /var/kerberos/krb5kdc

# kdb5_util create -s -r KGITBANK.LOCAL

# ls

kadm5.acl  kdc.conf  principal  principal.kadm5  principal.kadm5.lock  principal.ok

# systemctl start krb5kdc kadmin

# systemctl enable krb5kdc kadmin

# kadmin.local

# vi /etc/ssh/sshd_config

# GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials no

 # authconfig --enablekrb5 --update

 # systemctl reload sshd

 # useradd tux

 # passwd tux

 # su - tux

# ssh lux01.kgitbank.local

# vi /etc/ssh/sshd_config 

#  systemctl restart sshd