Setting up the Kerberos server

This topic lists the steps to set up the Kerberos server.

Before following these steps, see the Prerequisites topic.

1. Install and configure the Kerberos server.

   yum install krb5-server krb5-libs krb5-workstation

2. Create /etc/krb5.conf with the following contents:

   [logging]
   default = FILE:/var/log/krb5libs.log
   kdc = FILE:/var/log/krb5kdc.log
   admin_server = FILE:/var/log/kadmind.log
    
   [libdefaults]
   default_realm = IBM.COM
   dns_lookup_realm = false
   dns_lookup_kdc = false
   ticket_lifetime = 24h
   renew_lifetime = 7d
   forwardable = true
   default_realm = IBM.COM
    
   [realms]
   IBM.COM =  {
       kdc = {KDC_HOST_NAME}
       admin_server = {KDC_HOST_NAME}
       }
    
   [domain_realm]
       .ibm.com = IBM.COM
       ibm.com = IBM.COM
   

   Note: The KDC_HOST_NAME, KDC_HOST_NAME and IBM®.COM should reflect the correct host and REALM based on your environment.
3. Set up the server.

       kdb5_util create -s
   
       systemctl start krb5kdc
       systemctl start kadmin
       chkconfig krb5kdc on
       chkconfig kadmin on

4. Add the admin principal, and set the password.

   kadmin.local -q "addprinc root/admin"

   Check the kadm5.acl to ensure that the entry is correct.

   cat /var/kerberos/krb5kdc/kadm5.acl 
   */admin@IBM.COM
   
   systemctl restart krb5kdc.service
   
   systemctl restart kadmin.service

5. Ensure that the password is working by running the following command:

   kadmin -p root/admin@IBM.COM