[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.2. What sort of resources do I need to dedicate to a KDC?
Next Document: 2.4. What programs/files need to go on each client?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.2. What sort of resources do I need to dedicate to a KDC?
Next Document: 2.4. What programs/files need to go on each client?
2.3. What programs/files need to go on each application server?
As a MINIMUM, on each application server, you'll need to put: * A Kerberos configuration file (/etc/krb5.conf). * The Kerberos application server daemons (telnetd, rlogind, ftpd, etc). * At least one encryption key (usually stored in /etc/krb5.keytab). The encryption key is really the critical part; it needs to be transmitted to the application server host in a secure fashion. This is typically the key for the host principal (host/foo.bar.org@REALM). Note that the MIT admin client kadmin encrypts all of the transfers between it and the admin server, so using ktadd from inside of kadmin is safe, provided that you're not sending your admin password over the network in the clear. You'll probably want to put the Kerberos client binaries on each application server as well, if you plan on having interactive user logins on your application servers.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.2. What sort of resources do I need to dedicate to a KDC?
Next Document: 2.4. What programs/files need to go on each client?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update September 08 2008 @ 00:11 AM