API tools faq
paste
Guest User

Untitled

a guest
Nov 3rd, 2017
518
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.81 KB | None | 0 0
raw download clone embed print report
  1. unix_chkpwd[8790]: password check failed for user (demouser)
  2. passwd[8788]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1001 euid=0 tty=pts/2 ruser= rhost= user=demouser
  3.  
  4. unix_chkpwd[8792]: password check failed for user (demouser)
  5. passwd[8788]: pam_unix(passwd:chauthtok): user password changed by another process
  6. passwd[8788]: pam_krb5[8788]: password change failed for demouser@EXAMPLE.COM: Cannot contact any KDC for requested realm
  7. passwd[8788]: PAM 1 more authentication failure; logname= uid=1001 euid=0 tty=pts/2 ruser= rhost= user=demouser
  8.  
  9. passwd: Authentication token manipulation error
  10.  
  11. # collect input
  12. DOMAIN=$(hostname -d)
  13. REALM=$(echo "$DOMAIN" | tr '[:lower:]' '[:upper:]')
  14. read -s -p "Kerberos DB Master Password: " KRB_DBMASTER_PW && echo
  15. read -s -p "Kerberos root/admin Password: " KRB_ROOT_PW && echo
  16.  
  17. # setup ntp
  18. yum -y install ntp
  19. systemctl start ntpd
  20. systemctl enable ntpd
  21.  
  22. # install kerberos
  23. yum -y install krb5-server krb5-workstation
  24.  
  25. # replace realm and domain in krb5.conf
  26. sed -i 's|^(# Confi)|#1|' /etc/krb5.conf
  27. sed -i 's|^#||' /etc/krb5.conf
  28. sed -i "s|EXAMPLE.COM|$REALM|" /etc/krb5.conf
  29. sed -i "s|kerberos.example.com|$(hostname -f)|" /etc/krb5.conf
  30. sed -i "s|example.com|$DOMAIN|" /etc/krb5.conf
  31.  
  32. # replace realm in kdc.conf and kadm5.acl
  33. sed -i "s|EXAMPLE.COM|$REALM|" /var/kerberos/krb5kdc/kdc.conf
  34. sed -i "s|EXAMPLE.COM|$REALM|" /var/kerberos/krb5kdc/kadm5.acl
  35.  
  36. # initialize kerberos db
  37. echo -e "${KRB_DBMASTER_PW}n${KRB_DBMASTER_PW}" | kdb5_util create -s -r $REALM
  38.  
  39. # start kerberos services
  40. systemctl enable kadmin
  41. systemctl enable krb5kdc
  42. systemctl start kadmin
  43. systemctl start krb5kdc
  44. firewall-cmd --permanent --add-service kerberos
  45. firewall-cmd --reload
  46.  
  47. # add root/admin principal
  48. cat <<-EOF | kadmin.local
  49. addprinc root/admin
  50. $KRB_ROOT_PW
  51. $KRB_ROOT_PW
  52. quit
  53. EOF
  54.  
  55. # collect input
  56. DOMAIN=$(hostname -d)
  57. REALM=$(echo "$DOMAIN" | tr '[:lower:]' '[:upper:]')
  58. read -p "Server hostname: " SERVER_HOSTNAME
  59. read -s -p "Kerberos root/admin Password: " KRB_ROOT_PW && echo
  60.  
  61. # setup ntp
  62. yum -y install ntp
  63. systemctl start ntpd
  64. systemctl enable ntpd
  65.  
  66. # setup kerberos
  67. yum -y install krb5-workstation pam_krb5
  68.  
  69. # create host principal for this client on the kerberos server
  70. cat <<-EOF | ssh -t $SERVER_HOSTNAME "sudo kadmin.local ; sudo chown $USER /tmp/$(hostname -s).keytab"
  71. addprinc -randkey host/$(hostname -f)
  72. ktadd -k /tmp/$(hostname -s).keytab host/$(hostname -f)
  73. quit
  74. EOF
  75. scp $SERVER_HOSTNAME:{/tmp/$(hostname -s).keytab,/etc/krb5.conf} /tmp
  76.  
  77. # replace krb5.conf
  78. cp /tmp/krb5.conf /etc
  79.  
  80. # import host key on client
  81. cat <<-EOF | ktutil
  82. rkt /tmp/$(hostname -s).keytab
  83. wkt /etc/krb5.keytab
  84. quit
  85. EOF
  86.  
  87. # configure pam
  88. authconfig --enablekrb5 --update
  89.  
  90. kadmin
  91. addprinc demouser
  92. quit
  93.  
  94. useradd -m -s /bin/bash demouser
  95.  
  96. ssh demouser@krbclient
  97. passwd
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!