Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [libdefaults]
- default_realm = IGROUP.COM
- ticket_lifetime = 24h
- renew_lifetime = 7d
- forwardable = true
- # The following krb5.conf variables are only for MIT Kerberos.
- krb4_config = /etc/krb.conf
- krb4_realms = /etc/krb.realms
- kdc_timesync = 1
- ccache_type = 4
- forwardable = true
- proxiable = true
- # The following encryption type specification will be used by MIT Kerberos
- # if uncommented. In general, the defaults in the MIT Kerberos code are
- # correct and overriding these specifications only serves to disable new
- # encryption types as they are added, creating interoperability problems.
- #
- # Thie only time when you might need to uncomment these lines and change
- # the enctypes is if you have local software that will break on ticket
- # caches containing ticket encryption types it doesn't know about (such as
- # old versions of Sun Java).
- # default_tgs_enctypes = des3-hmac-sha1
- # default_tkt_enctypes = des3-hmac-sha1
- # permitted_enctypes = des3-hmac-sha1
- # The following libdefaults parameters are only for Heimdal Kerberos.
- v4_instance_resolve = false
- v4_name_convert = {
- host = {
- rcmd = host
- ftp = ftp
- }
- plain = {
- something = something-else
- }
- }
- fcc-mit-ticketflags = true
- [realms]
- IGROUP.COM = {
- kdc = igroup.com
- admin_server = igroup.com
- }
- [kdcdefaults]
- kdc_ports = 750,88
- [realms]
- IGROUP.COM = {
- database_name = /var/lib/krb5kdc/principal
- admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
- acl_file = /etc/krb5kdc/kadm5.acl
- key_stash_file = /etc/krb5kdc/stash
- kdc_ports = 750,88
- max_life = 10h 0m 0s
- max_renewable_life = 7d 0h 0m 0s
- master_key_type = des3-hmac-sha1
- supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
- default_principal_flags = +preauth
- }
- kdb5_util create -s
- kadmin.local:addprinc -randkey host/ashokkrishna-Lenovo-B560
- kadmin.local: ktadd -k /tmp/kdb5.keytab host/ashokkrishna-Lenovo-B560
- ashokkrishna@10:04:56:~$ klist
- Ticket cache: FILE:/tmp/krb5cc_1000_cK2wUG
- Default principal: ashokkrishna@IGROUP.COM
- Valid starting Expires Service principal
- 2015-06-29T10:01:11 2015-06-29T20:01:11 krbtgt/IGROUP.COM@IGROUP.COM
- renew until 2015-07-06T10:01:09
- ashokkrishna@10:07:16:~$ sudo klist -k
- Keytab name: FILE:/etc/krb5.keytab
- KVNO Principal
- ---- --------------------------------------------------------------------------
- 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
- 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
- 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
- 2 host/ashokkrishna-Lenovo-B560@IGROUP.COM
- GSSAPIAuthentication yes
- GSSAPICleanupCredentials yes
- #ssh 127.0.0.1
- The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
- ECDSA key fingerprint is f9:6a:ea:81:fc:7a:b1:da:12:17:95:c6:5d:d5:25:7e.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
- ashokkrishna@127.0.0.1's password:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement