Kerberos trust

From Student Computing Consortium

[edit] krbtgt principal creation

Create krbtgt/LOCAL-REALM@STUDENT-COMPUTING.ORG and krbtgt/STUDENT-COMPUTING.ORG@LOCAL-REALM principals, with different passwords for each.
Send GPG-encrypted copy of both passwords to elizabeth@ugcs.caltech.edu with key 0xfbddd2a4; corresponding cross-realm principals will be created on the STUDENT-COMPUTING.ORG realm, allowing for transitive trust between all SCC participants for user authentication (including AFS ACLs, if applicable).

[edit] krb5.conf

[realms]
       STUDENT-COMPUTING.ORG = {
               kdc = krb-head.student-computing.org
               kdc = krb-backup.student-computing.org
               admin_server = krb-head.student-computing.org
       }

       UGCS.CALTECH.EDU = {
               kdc = krb-head.ugcs.caltech.edu
               kdc = krb-backup.ugcs.caltech.edu
               admin_server = krb-head.ugcs.caltech.edu
       }

[domain_realm]
       .student-computing.org = STUDENT-COMPUTING.ORG
       student-computing.org = STUDENT-COMPUTING.ORG
       .ugcs.caltech.edu = UGCS.CALTECH.EDU
       ugcs.caltech.edu = UGCS.CALTECH.EDU

[capaths]
       STUDENT-COMPUTING.ORG = {
               LOCAL-REALM = .
       }
       LOCAL-REALM = {
               OTHER-REALM-1 = STUDENT-COMPUTING.ORG
               OTHER-REALM-2 = STUDENT-COMPUTING.ORG
               STUDENT-COMPUTING.ORG = .
       }
       OTHER-REALM-1 = {
               LOCAL-REALM = STUDENT-COMPUTING.ORG
       }
       OTHER-REALM-2 = {
               LOCAL-REALM = STUDENT-COMPUTING.ORG
       }

Retrieved from "http://www.student-computing.org/wiki/Kerberos_trust"

Kerberos trust

From Student Computing Consortium

[edit] krbtgt principal creation

[edit] krb5.conf

Views

Personal tools

Navigation

Search

Toolbox