Playground II

# Get latest packages
apt-get update
# installing Kerberos server
apt install krb5-kdc krb5-admin-server krb5-config -y
# Enter the following string (or any of your choice) when 
# prompted for 'Default Kerberos version 5 realm'
DATAJEK
# Enter localhost when prompted for 'Kerberos servers for your realm'
localhost
# Enter localhost when prompted for 'Administrative server for your Kerberos realm'
localhost
# Initialize the realm we created and then enter a suitable password when prompted
krb5_newrealm
# Now install the client packages for interacting with the KDC
apt install -y krb5-user libpam-krb5 libpam-ccreds auth-client-config
# Set the following environment variable so that we see detailed outputs
export  KRB5_TRACE=/dev/stdout
# Start the kadmin console
kadmin.local
# Add the user principal laila
kadmin: add_principal laila/educative
# Quit the kadmin console
kadmin: quit
###################
# CREATING KEYTAB #
###################
# Start ktutil console
ktutil
# Add an entry
ktutil: add_entry -password -p laila/educative -k 1 -e aes256-cts
# Export the keytab to disk
ktutil: wkt /tmp/laila.keytab
# Exit ktutil console
ktutil: quit
# Verify the keytab has been created
ls -ltr /laila.keytab
# Exmaine the keytab
klist -ekt /tmp/laila.keytab
# Use this created keytab file to authenticate to Kerberos
kinit -V -k -t laila.keytab laila/educative@DATAJEK 
###################
#   USING KADMIN  #
###################
# Modify ACL
vim /etc/krb5kdc/kadm5.acl
# At the bottom of the file add the following line and save
laila/educative@DATAJEK *
# Pess ESC key and quit vim by entering the following sequence and hitting enter
wq!
# Run the kadmind server
/etc/init.d/krb5-admin-server restart
# Connect to the kadmind server using the principal we created earlier
kadmin -p laila/educative
# List principals to verify we are connected to kadmind and able to execute commands
kadmin: list_principals
# Exit the kadmin console
kadmin: quit