URG: Details abt Kerberos

Jason Edgecombe jason at rampaginggeek.com
Mon Jan 18 19:52:28 EST 2010


Max (Weijun) Wang wrote:
>> What's the difference between hosts and usernames, seriously?
>
> I guess Vinay is talking about the different type of principal names.
>
> A username, say, dummy at EXAMPLE.COM, is used on the client side. The 
> client gets an initial TGT for it at the kinit time.
>
> A host, prepended with a service name, say, 
> ftp/me.example.com at EXAMPLE.COM, is used on the server side. Normally, 
> you create a keytab file holding secret keys for this name and it's 
> readable by the server process.
>
> Both names are created using the kadmin tool.
>
> --Max
>
> On Jan 19, 2010, at 4:28 AM, Jason Edgecombe wrote:
>
>> vinay kumar wrote:
>>> *Hi,*
>>>
>>>      I am new to kerberos, I have been asked to setup KDC, kerberos 
>>> client
>>> and application server. Using these i have to capture AP_REQ, 
>>> AP_REP, AS_REQ
>>> and AS_REP in wireshark. I have two systems both are working on Red Hat
>>> Linux. I downloaded Kerberos from MIT version 5. I went through 
>>> installation
>>> and user guide of kerberos. I successfully constructed KDC server 
>>> and able
>>> to capture AS_REQ and AS_REP, but i was not able to setup kerberos 
>>> client
>>> and application server. *I have few doubts like can application 
>>> server and
>>> client can be on the same system?
>>> How client machine differs from application server?
>>> Is client recognized by IP address or Principal by the KDC?
>>> For configuration setting we need to modify /etc/inetd.conf but this 
>>> file is
>>> not there in Red Hat, so which file to edit?
>>> What exactly client means (I have understood it as a system on which 
>>> u can
>>> get ticket for any principal in that realm)?
>>> What exactly application server means(I have confusion like ftp, 
>>> telnet ...
>>> etc are available on client system only, then what is the function of
>>> application server)?
>>> What is the difference between host and usernames?
>>> *Plz help me by showing how to configure client and application
>>> server.*Kindly help me out. Waiting for ur reply.
>>>
>>> Regards,
>>> Vinay
>>>
>> It's time to read the fine manual.
>>
>> Kerberos comes with RedHat Enterprise Linux, although it's not the
>> latest version, it is kept patched for security vulnerabilities.
>>
>> Read this:
>> http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-kerberos.html 
>>
>> The "next" link explains some of the kerberos terms.
>>
>> Kerberos is normally run as it's own service, not through inetd. Redhat
>> uses xinetd instead of inetd. Please read the manual page if you aren't
>> familiar with xinetd, especially the part about the HUP signal.
>>
>> What's the difference between hosts and usernames, seriously?
Hello Vinay and everyone,

I'm sorry for my grumpy response. I'm not normally that grouchy.

Sorry,
Jason



More information about the Kerberos mailing list