Playground I
This lesson provides hands-on practice with MIT Kerberos.
Set up
We’ll set up MIT Kerberos on Ubuntu running in a docker container and then see how the theory we have covered so far looks in practice. Fire-up the terminal and then enter the commands shown in the widget below.
Along the way, we’ll discuss the various components of the system and their use. As you execute the various commands, you should be able to relate and connect the concepts we have discussed in theory.
# Get latest packagesapt-get update# installing Kerberos serverapt install krb5-kdc krb5-admin-server krb5-config -y# Enter the following string (or any of your choice) when# prompted for 'Default Kerberos version 5 realm'DATAJEK# Enter localhost when prompted for 'Kerberos servers for your realm'localhost# Enter localhost when prompted for 'Administrative server for your Kerberos realm'localhost# Initialize the realm we created and then enter a suitable password when promptedkrb5_newrealm# You should have a KDC up and running at this point. You can execute the following# command and look for the process krb5kdcps -aef# Now install the client packages for interacting with the KDCapt install -y krb5-user libpam-krb5 libpam-ccreds auth-client-config# Set the following environment variable so that we see detailed outputsexport KRB5_TRACE=/dev/stdout# Examine the configuration filecat /etc/krb5.conf# Check for any ticketsklist# Start the kadmin consolekadmin.local# Print the list of existing user principalskadmin.local: list_principals# Add the user principal lailakadmin.local: add_principal laila/educative# Quit the kadmin consolekadmin.local: quit# Request a TGT from Authentication Serverkinit -V laila/educative# View the list of ticketsklist# Destroy the ticketkdestroy# Perform a listing again and see the credential cache emptyklist
Note that in this set-up, the KDC, Admin Server, and the client are all running on the same machine/VM. As a quick check, you can execute the following command and look for the KDC process:
ps -aef
The process named krb5kdc is the Kerberos V5 Authentication Service and Key Distribution Center (AS/KDC).
krb5.conf
First, we’ll examine the configuration file that consists of several defaults.
cat /etc/krb5.conf
The krb5.conf file contains Kerberos configuration information, including the locations of KDCs and admin servers for the Kerberos realms of interest, defaults for the current realm and for Kerberos applications, and mappings of hostnames onto Kerberos ...