[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Automated Kerberos installation ready

Hi Volks!

I've used the last night to finish automated Kerberos installatin in
Skolelinux :-)

I've build a package that does the following

1. install: krb5-admin-server, krb5-kdc, krb5-user, krb5-config,
            ssh-krb5, libpam-krb5 (done by Pre-Depends)

2. Overwrite the config from krb5-admin-server and krb5-kdc.
   (How can I omit the interactive questions from debconf?)

3. Create the Kerberos database with help of an expect-script and set up
   all things needed to use Kerberos including a small selfwritten tool
   for user/principal adminstration. (bash-script)

4. Put Kerberos enable ssh-configs to /etc/ssh

5. Create a keytab for tjener and put it into the right place.

I have further made a patch for WLUS to create and delete Kerberos
Principals (I'm not sure, how exactly password changing is done, so
I did not do anything there, but it's rather easy to include my
bash-script into WLUS.

Some words to the package contents:
 I've put some scripts together to allow simple administration of Kerberos.
 In /usr/share/debian-edu-krb5 you'll find 3 directories
 1. setup	Here is all stuff, needed at install time.
 2. bin		Here are the "binaries" used to maintain Kerberos
 3. tmp		Should be clear :)

 and on file "ldap-users.pl.diff" which brings Kerberos support to WLUS.

 The "binaries":
 1. addHost	Tool, used to create and distribute clients keytabs
 2. delHost	Tool, used to delete clients out of the Kerberos DB
 3. krb5user	Tool for "administrating" user principals

So if you have install debian-edu-krb5, you can you Kerberos

Want check that out?
Do so:
deb http://debian.rfc3514.org/debian/debian-edu-krb5/ ./

apt-get install debian-edu-krb5
At both debconf questions simply hit enter, everything will be fine,
whatever you enter :)

But be aware: This is the first candidate and for testing purposes only
at the moment :-)

The Kerberos master password is set to "Skolelinux42" ;-)
(Should be set to $root-pw at install time IMO)

	Follow the white penguin.

Reply to: