Red Hat Training

A Red Hat training course is available for Red Hat JBoss Web Server

12.2.3. Configure the Kerberos Client

Use the following procedure to configure a Kerberos client for testing purposes:

Procedure 12.1. Configure the Kerberos Client

  1. Create the Kerberos Configuration File

    Create the krb5.conf configuration file in the /etc directory and add the following to the file: 
    [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log

[libdefaults]
  default_realm = EXAMPLE.COM
  default_tgs_enctypes = des-cbc-md5,des3-cbc-sha1-kd
  default_tkt_enctypes = des-cbc-md5,des3-cbc-sha1-kd
  dns_lookup_realm = false
  dns_lookup_kdc = false
  allow_weak_crypto = yes
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = yes  

[realms]
  EXAMPLE.COM = {
    kdc = localhost:60088
    admin_server = localhost:60088
  }

[domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM

  2. Create a Key Tab

    Create a key tab in the /etc/httpd folder with the following contents: 
    ktutil
ktutil:  addent -password -p HTTP/localhost@EXAMPLE.COM -k 0 -e des-cbc-md5
Password for HTTP/localhost@EXAMPLE.COM: secretpwd
ktutil:  list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    0               HTTP/localhost@EXAMPLE.COM
ktutil:  wkt krb5.keytab
ktutil:  quit

Under root user:
chgrp apache /etc/httpd/krb5.keytab
chmod 640 /etc/httpd/krb5.keytab

  3. Check the Hosts File

    Ensure that the following host configuration is included in the /etc/hosts file: 
    127.0.0.1 localhost
Report a bug