heimdal on 5.4

Wed Jun 1 03:33:39 GMT 2005

Good day,

I've already installed heimdal and was able to run kdc
daemon. Now I'm ready to test everything but.. I'm not
sure if I'm on the right track... Maybe you can help
me.

Here are the actual steps I've committed:
1. install heimdal on a computer which will run
KDC(gaheris)

2. install heimdal on a computer which will run
kerberized applications(gwenever)

2.a install heimdal on a computer which will be the
client requesting a service ticket for use with
gwenever(galahad)

3. edit krb5.conf on gaheris and scp it to gwenever
and galahad

4. create a master key by running kstash and init the
realm...
on gaheris:
# init CAMLANN.PREGI.NET

5. add a service principal for a kerberized ftp that
will be running on gwenever,
on gaheris:
# kadmin -l
kadmin>add ftp/gwenever.camlann.pregi.net

6. then extract its key
kadmin>ext --keytab=/tmp/gwenever.keytab
ftp/gwenever.camlann.pregi.net

7. Now scp this key to /etc of gwenever
scp /tmp/gwenever.keytab user at gwenever:/etc

8. edit gwenever's krb5.conf such that the keytab
says:
default_keytab_name = FILE:/etc/gwenever.keytab

9. edit the inetd.conf such that ftp service is
enabled but the exact path of ftpd executable is
located on /usr/local/heimdal/libexec/ftpd

10. Now on a client machine(galahad)
# kinit ftp/gwenever.camlann.pregi.net

I entered the password and running klist gives me:

Credentials cache: FILE:/tmp/krb5cc_0
        Principal:
ftp/gwenever.camlann.pregi.net at CAMLANN.PREGI.NET

  Issued           Expires        Principal
Jun  1 10:33:35  >>>Expired<<< 
krbtgt/CAMLANN.PREGI.NET at CAMLANN.PREGI.NET

My BIG question is.. now what??=)

I'm assuming I'm supposed to use the kerberized
clients insided /usr/local/heimdal/bin right? But how?

Am, I on the right track or I am missing something
very important here. How about the kdc.conf?? I
haven't encountered it and yet kdc daemon started
without any error. 

I have attached below my complete krb5.conf
I'm running on those three computers I've mentioned
above...

# uname -a
FreeBSD gaheris.camlann.pregi.net 5.4-RELEASE FreeBSD
5.4-RELEASE #0: Sun May  8 10:21:06 UTC 2005    
root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
 i386

my heimdal version is:
heimdal-0.6.4

Thank you very much for your time.
Sincerely,

Mark Jayson Alvarez
Science Research Assistant
Advance Science and Technology
Institute(http://asti.dost.gov.ph
PREGINET(http://www.pregi.net)
Quezon City, Philippines

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html
-------------- next part --------------
[libdefaults]
        default_realm = CAMLANN.PREGI.NET
	clockskew = 300
	default_keytab_name = FILE:/etc/gwenever.keytab
	max_retries = "1 day"
	ticket_lifetime = 600 
	renew_lifetime = "1 day"
	scan_interfaces = true
	default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
	default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
	CAMLANN.PREGI.NET = {
		kdc = gaheris.camlann.pregi.net:88
		admin_server = gaheris.camlann.pregi.net
		kpasswd_server = gaheris.camlann.pregi.net
		default_domain = camlann.pregi.net
	}

[domain_realm]
	.camlann.pregi.net = CAMLANN.PREGI.NET

[logging]
	kdc = FILE:/var/heimdal/logs/krb5kdc.log
	admin_server = FILE:/var/heimdal/logs/kadmin.log
	default = FILE:/var/heimdal/logs/krb5lib.log