URG: Details abt Kerberos

Max (Weijun) Wang Weijun.Wang at sun.com
Mon Jan 18 18:38:33 EST 2010


> What's the difference between hosts and usernames, seriously?

I guess Vinay is talking about the different type of principal names.

A username, say, dummy at EXAMPLE.COM, is used on the client side. The  
client gets an initial TGT for it at the kinit time.

A host, prepended with a service name, say, ftp/me.example.com at EXAMPLE.COM 
, is used on the server side. Normally, you create a keytab file  
holding secret keys for this name and it's readable by the server  
process.

Both names are created using the kadmin tool.

--Max

On Jan 19, 2010, at 4:28 AM, Jason Edgecombe wrote:

> vinay kumar wrote:
>> *Hi,*
>>
>>      I am new to kerberos, I have been asked to setup KDC, kerberos  
>> client
>> and application server. Using these i have to capture AP_REQ,  
>> AP_REP, AS_REQ
>> and AS_REP in wireshark. I have two systems both are working on Red  
>> Hat
>> Linux. I downloaded Kerberos from MIT version 5. I went through  
>> installation
>> and user guide of kerberos. I successfully constructed KDC server  
>> and able
>> to capture AS_REQ and AS_REP, but i was not able to setup kerberos  
>> client
>> and application server. *I have few doubts like can application  
>> server and
>> client can be on the same system?
>> How client machine differs from application server?
>> Is client recognized by IP address or Principal by the KDC?
>> For configuration setting we need to modify /etc/inetd.conf but  
>> this file is
>> not there in Red Hat, so which file to edit?
>> What exactly client means (I have understood it as a system on  
>> which u can
>> get ticket for any principal in that realm)?
>> What exactly application server means(I have confusion like ftp,  
>> telnet ...
>> etc are available on client system only, then what is the function of
>> application server)?
>> What is the difference between host and usernames?
>> *Plz help me by showing how to configure client and application
>> server.*Kindly help me out. Waiting for ur reply.
>>
>> Regards,
>> Vinay
>>
> It's time to read the fine manual.
>
> Kerberos comes with RedHat Enterprise Linux, although it's not the
> latest version, it is kept patched for security vulnerabilities.
>
> Read this:
> http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-kerberos.html
> The "next" link explains some of the kerberos terms.
>
> Kerberos is normally run as it's own service, not through inetd.  
> Redhat
> uses xinetd instead of inetd. Please read the manual page if you  
> aren't
> familiar with xinetd, especially the part about the HUP signal.
>
> What's the difference between hosts and usernames, seriously?
>
> Jason
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list