Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- unix_chkpwd[8790]: password check failed for user (demouser)
- passwd[8788]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1001 euid=0 tty=pts/2 ruser= rhost= user=demouser
- unix_chkpwd[8792]: password check failed for user (demouser)
- passwd[8788]: pam_unix(passwd:chauthtok): user password changed by another process
- passwd[8788]: pam_krb5[8788]: password change failed for demouser@EXAMPLE.COM: Cannot contact any KDC for requested realm
- passwd[8788]: PAM 1 more authentication failure; logname= uid=1001 euid=0 tty=pts/2 ruser= rhost= user=demouser
- passwd: Authentication token manipulation error
- # collect input
- DOMAIN=$(hostname -d)
- REALM=$(echo "$DOMAIN" | tr '[:lower:]' '[:upper:]')
- read -s -p "Kerberos DB Master Password: " KRB_DBMASTER_PW && echo
- read -s -p "Kerberos root/admin Password: " KRB_ROOT_PW && echo
- # setup ntp
- yum -y install ntp
- systemctl start ntpd
- systemctl enable ntpd
- # install kerberos
- yum -y install krb5-server krb5-workstation
- # replace realm and domain in krb5.conf
- sed -i 's|^(# Confi)|#1|' /etc/krb5.conf
- sed -i 's|^#||' /etc/krb5.conf
- sed -i "s|EXAMPLE.COM|$REALM|" /etc/krb5.conf
- sed -i "s|kerberos.example.com|$(hostname -f)|" /etc/krb5.conf
- sed -i "s|example.com|$DOMAIN|" /etc/krb5.conf
- # replace realm in kdc.conf and kadm5.acl
- sed -i "s|EXAMPLE.COM|$REALM|" /var/kerberos/krb5kdc/kdc.conf
- sed -i "s|EXAMPLE.COM|$REALM|" /var/kerberos/krb5kdc/kadm5.acl
- # initialize kerberos db
- echo -e "${KRB_DBMASTER_PW}n${KRB_DBMASTER_PW}" | kdb5_util create -s -r $REALM
- # start kerberos services
- systemctl enable kadmin
- systemctl enable krb5kdc
- systemctl start kadmin
- systemctl start krb5kdc
- firewall-cmd --permanent --add-service kerberos
- firewall-cmd --reload
- # add root/admin principal
- cat <<-EOF | kadmin.local
- addprinc root/admin
- $KRB_ROOT_PW
- $KRB_ROOT_PW
- quit
- EOF
- # collect input
- DOMAIN=$(hostname -d)
- REALM=$(echo "$DOMAIN" | tr '[:lower:]' '[:upper:]')
- read -p "Server hostname: " SERVER_HOSTNAME
- read -s -p "Kerberos root/admin Password: " KRB_ROOT_PW && echo
- # setup ntp
- yum -y install ntp
- systemctl start ntpd
- systemctl enable ntpd
- # setup kerberos
- yum -y install krb5-workstation pam_krb5
- # create host principal for this client on the kerberos server
- cat <<-EOF | ssh -t $SERVER_HOSTNAME "sudo kadmin.local ; sudo chown $USER /tmp/$(hostname -s).keytab"
- addprinc -randkey host/$(hostname -f)
- ktadd -k /tmp/$(hostname -s).keytab host/$(hostname -f)
- quit
- EOF
- scp $SERVER_HOSTNAME:{/tmp/$(hostname -s).keytab,/etc/krb5.conf} /tmp
- # replace krb5.conf
- cp /tmp/krb5.conf /etc
- # import host key on client
- cat <<-EOF | ktutil
- rkt /tmp/$(hostname -s).keytab
- wkt /etc/krb5.keytab
- quit
- EOF
- # configure pam
- authconfig --enablekrb5 --update
- kadmin
- addprinc demouser
- quit
- useradd -m -s /bin/bash demouser
- ssh demouser@krbclient
- passwd
Add Comment
Please, Sign In to add comment