Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Configure Script Settings
- # KDC Server Name, admin user, non-admin user, default password
- HOSTNAME=kerberos.labs.net
- ADMINUSER=aschurman
- NORMALUSER=pentaho
- PASSWORD=Pentaho123
- ## DO NOT EDIT BELOW THIS LINE ##
- # Configure server network settings
- HOSTNAME_SHORT=$(echo $HOSTNAME | cut -d. -f1)
- DOMAIN=$(echo $HOSTNAME | cut -d. -f 2-)
- REALM=$(echo $DOMAIN | tr '[:lower:]' '[:upper:]')
- sed -i.orig "s/localhost.localdomain/$HOSTNAME/g" /etc/sysconfig/network
- sed -i.orig "s/localhost /$HOSTNAME $HOSTNAME_SHORT localhost /g" /etc/hosts
- iptables -I INPUT -p tcp --dport 88 -j ACCEPT -m comment --comment "kerberos"
- iptables -I INPUT -p udp --dport 88 -j ACCEPT -m comment --comment "kerberos"
- iptables -I INPUT -p udp --dport 464 -j ACCEPT -m comment --comment "kerberos"
- iptables -I INPUT -p tcp --dport 749 -j ACCEPT -m comment --comment "kerberos"
- service iptables save
- service iptables restart
- service network restart
- # Install the kerberos components
- yum install -y krb5-libs krb5-server krb5-workstation
- yum -y install ntp && chkconfig ntpd on && /etc/init.d/ntpd start
- # Update Kerberos Client config file
- sed -i.orig "s/EXAMPLE.COM/$REALM/g" /etc/krb5.conf
- sed -i.m1 "s/kerberos.example.com/$HOSTNAME/g" /etc/krb5.conf
- sed -i.m2 "s/example.com/$DOMAIN/g" /etc/krb5.conf
- # Update the KDC Server configuration
- # Add Max Ticket Life / Renewable Life entries
- sed -i.orig "s/EXAMPLE.COM/$REALM/g" /var/kerberos/krb5kdc/kdc.conf
- sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf
- sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf
- sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf
- sed -i.m4 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf
- sed -i.m5 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf
- # Update the Admin ACL file
- sed -i.orig "s/EXAMPLE.COM/$REALM/" /var/kerberos/krb5kdc/kadm5.acl
- # Create the kerberos database
- kdb5_util create -s -P $PASSWORD
- # Create an admin user
- kadmin.local -q "addprinc -pw $PASSWORD $ADMINUSER/admin"
- # start the servers
- service krb5kdc start
- service kadmin start
- chkconfig krb5kdc on
- chkconfig kadmin on
- # Create normal users
- kadmin.local -q "addprinc -pw $PASSWORD $NORMALUSER"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement