Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 2.3. What programs/files need to go on each application server?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Business Photos and Profiles ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.2. What sort of resources do I need to dedicate to a KDC?
Next Document: 2.4. What programs/files need to go on each client?
See reader questions & answers on this topic! - Help others by sharing your knowledge
As a MINIMUM, on each application server, you'll need to put:

   * A Kerberos configuration file (/etc/krb5.conf).
   * The Kerberos application server daemons (telnetd, rlogind, ftpd, etc).
   * At least one encryption key (usually stored in /etc/krb5.keytab).

The encryption key is really the critical part; it needs to be transmitted
to the application server host in a secure fashion. This is typically the
key for the host principal (host/foo.bar.org@REALM). Note that the MIT admin
client kadmin encrypts all of the transfers between it and the admin server,
so using ktadd from inside of kadmin is safe, provided that you're not
sending your admin password over the network in the clear.

You'll probably want to put the Kerberos client binaries on each application
server as well, if you plan on having interactive user logins on your
application servers.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.2. What sort of resources do I need to dedicate to a KDC?
Next Document: 2.4. What programs/files need to go on each client?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM