电脑技术学习

Solaris 10 实现安全Kerberos 身份验证

dn001

  在 keytab 文件中创建服务主体条目的方法有很多种。清单 4 显示了其中一种方法,创建 Kerberos 服务主体,并使用承载 KDC 的 AIX 计算机中的 IBM NAS 提供的 kadmin 工具将其条目添加到 keytab 文件中。然后使用 FTP 将 keytab 文件从 AIX 计算机传输到合适的 Solaris 计算机。Kerberos 实用工具,如 ktutil,在需要的情况下也可以用来完成相同的任务。

  清单 4. 创建 krb5.keytab 文件

root@aixdce39: / >
$ hostname
aixdce39.in.ibm.com
root@aixdce39: / >
$ /usr/krb5/bin/kinit admin/admin
PassWord for admin/admin@AIX_KDC:
root@aixdce39: / >
$ /usr/krb5/bin/klist
Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
Default principal: admin/admin@AIX_KDC
Valid starting   Expires      Service principal
09/20/06 07:24:41 09/21/06 07:24:32 krbtgt/AIX_KDC@AIX_KDC
root@aixdce39: / >
$ /usr/krb5/sbin/kadmin
Authenticating as principal admin/admin@AIX_KDC with password.
Password for admin/admin@AIX_KDC:
kadmin: add_principal -e des3-cbc-sha1:normal -randkey host/solsarpc2.in.ibm.com
WARNING: no policy specifIEd for host/solsarpc2.in.ibm.com@AIX_KDC;
 defaulting to no policy. Note that policy may be overridden by
 ACL restrictions.
Principal "host/solsarpc2.in.ibm.com@AIX_KDC" created.
kadmin: ktadd -e des3-cbc-sha1:normal host/solsarpc2.in.ibm.com
Entry for principal host/solsarpc2.in.ibm.com with kvno 3, encryption type Triple DES
  cbc mode
with HMac/sha1 added to keytab WRFILE:/etc/krb5/krb5.keytab.
kadmin:
kadmin: q
root@aixdce39: / >
$ /usr/krb5/bin/klist -k /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
---- ---------
  3 host/solsarpc2.in.ibm.com@AIX_KDC
root@aixdce39: / >
$ cd /etc/krb5
root@aixdce39: /etc/krb5 >
$ ftp solsarpc2.in.ibm.com
Connected to solsarpc2.in.ibm.com.
220 solsarpc2 FTP server ready.
Name (solsarpc2.in.ibm.com:root): root
331 Password required for root.
Password:
230 User root logged in.
ftp> cd /etc/krb5
250 CWD command successful.
ftp> binary
200 Type set to I.
ftp> mput krb5.keytab
mput krb5.keytab? y
200 PORT command successful.
150 Opening BINARY mode data connection for krb5.keytab.
226 Transfer complete.
306 bytes sent in 0.1978 seconds (1.511 Kbytes/s)
local: krb5.keytab remote: krb5.keytab
ftp> bye
221-You have transferred 306 bytes in 1 files.
221-Total traffic for this session was 842 bytes in 1 transfers.
221-Thank you for using the FTP service on solsarpc2.
221 Goodbye.
root@aixdce39: /etc/krb5 >

标签:

首页上一页34567下一页尾页

上一篇 在Enterprise Server上配置SCSI磁带机

下一篇 使用JumpStart快速安装Solaris

相关文章