Automated Kerberos installation ready
Hi Volks!
I've used the last night to finish automated Kerberos installatin in
Skolelinux :-)
I've build a package that does the following
1. install: krb5-admin-server, krb5-kdc, krb5-user, krb5-config,
ssh-krb5, libpam-krb5 (done by Pre-Depends)
2. Overwrite the config from krb5-admin-server and krb5-kdc.
(How can I omit the interactive questions from debconf?)
3. Create the Kerberos database with help of an expect-script and set up
all things needed to use Kerberos including a small selfwritten tool
for user/principal adminstration. (bash-script)
4. Put Kerberos enable ssh-configs to /etc/ssh
5. Create a keytab for tjener and put it into the right place.
I have further made a patch for WLUS to create and delete Kerberos
Principals (I'm not sure, how exactly password changing is done, so
I did not do anything there, but it's rather easy to include my
bash-script into WLUS.
Some words to the package contents:
I've put some scripts together to allow simple administration of Kerberos.
In /usr/share/debian-edu-krb5 you'll find 3 directories
1. setup Here is all stuff, needed at install time.
2. bin Here are the "binaries" used to maintain Kerberos
3. tmp Should be clear :)
and on file "ldap-users.pl.diff" which brings Kerberos support to WLUS.
The "binaries":
1. addHost Tool, used to create and distribute clients keytabs
2. delHost Tool, used to delete clients out of the Kerberos DB
3. krb5user Tool for "administrating" user principals
So if you have install debian-edu-krb5, you can you Kerberos
nearly-out-of-the-box.
Want check that out?
Do so:
deb http://debian.rfc3514.org/debian/debian-edu-krb5/ ./
apt-get install debian-edu-krb5
At both debconf questions simply hit enter, everything will be fine,
whatever you enter :)
But be aware: This is the first candidate and for testing purposes only
at the moment :-)
The Kerberos master password is set to "Skolelinux42" ;-)
(Should be set to $root-pw at install time IMO)
Ciao
Max
--
Follow the white penguin.
Reply to: