KERBEROS(8) BSD System Manager's Manual KERBEROS(8)NAMEkerberos - configuration procedure
DESCRIPTION
Edit /etc/kerberosIV/krb.conf to define the local realm and the adminis-
tration server, e.g.:
BSDI.COM
BSDI.COM BSDI.COM admin server
Run kdb_init(8) to initialize the master database.
Run kstash(8) to store the master key.
Uncomment the command `kerberos >> /var/log/kerberos.log &' in
/etc/rc.local. Go ahead and start the /usr/sbin/kerberos daemon by hand
also.
Uncomment the lines for `krbupdate' and `kpasswd' in /etc/inetd.conf and
send inetd a SIGHUP.
Run `kdb_edit -n' and create entries for `rcmd.host' (where host is the
hostname) for each host that will be running Kerberos. Also, create a
`kpasswd.host' for the main host (where host is the hostname).
Create an /.update.keyXX.XX.XX.XX file (where XX.XX.XX.XX is the ip ad-
dress of the server machine) on each machine that should be able to run
the register(1) program. The contents are a single line with a string
that is the shared password.
Create /etc/kerberosIV/register_keys/.update.keyXX.XX.XX.XX on the master
Kerberos machine for each of the machines from the previous step (the
passwds must match, of course).
Run ext_srvtab(8) for each of the client machines (and the server) copy
the srvtab.new files onto the appropriate machines. Make sure the client
machines also have the correct /etc/kerberosIV/krb.conf files and have
the correct services enabled in /etc/inetd.conf.
Users should be able to create principals for themselves using regis-
ter(1) on the machines that are set up to run it.
The kerberized Nm passwd command will change the Kerberos password -- use
the -l flag to change the local password.
The su command uses roots .klogin file for authentication uses the root
instance for the current user for the passwd -- the entries in root's
user.root@realm
(e.g., polk.root@BSDI.COM). You can create root instances using
`kdb_edit -n'.
FILES
/etc/kerberosIV/krb.conf
Kerberos configuration file, contains Kerberos domain and server
information.
/etc/kerberosIV/krb.realms
Host to Kerberos realm translation file
/etc/kerberosIV/master_key
Saved master encryption key (used with commands that support -n).
/etc/kerberosIV/principal.db
The Kerberos database.
/etc/kerberosIV/register_keys/*
Encryption keys for register(1), one copy on the server in this
directory, and another on the machine itself in
/.update.keyXX.XX.XX.XX.
/etc/kerberosIV/srvtabs/*
Output files from ext_srvtab(8). These files contains all the
keys registered for Kerberos-mediated services on each host.
SEE ALSOkdestroy(1), kerberos(1), kinit(1), klist(1), ksrvtgt(1),
register(1), ext_srvtab(8), kdb_destroy(8), kdb_edit(8), kdb_init(8),
kdb_util(8), kpasswdd(8), kstash(8), make_keypair(8), registerd(8),
krb.conf(5), krb.realms(5)BSDI BSD/OS January 31, 1994 2
