Skip to content

Instantly share code, notes, and snippets.

@gaborgsomogyi

gaborgsomogyi/Macos kerberos server setup.md

Last active March 3, 2020 22:56
Show Gist options
  • Save gaborgsomogyi/0bf284fe3e2a2eac29184eeb4fa47569 to your computer and use it in GitHub Desktop.
Save gaborgsomogyi/0bf284fe3e2a2eac29184eeb4fa47569 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Macos kerberos server setup.md

OS version: MacOS Calatina 10.15.3

Setup

REALM=EXAMPLE.COM
KDC_KADMIN_SERVER=$(ipconfig getifaddr en0)
CUSTOM_PRINCIPAL=user/example.com
CUSTOM_PRINCIPAL_PASSWORD=user
CUSTOM_KEYTAB_PATH=$HOME/user.keytab

brew install krb5

tee /etc/krb5.conf <<EOF
[libdefaults]
	default_realm = $REALM

[realms]
	$REALM = {
		kdc_ports = 88
		kadmind_port = 749
		kdc = $KDC_KADMIN_SERVER
		admin_server = $KDC_KADMIN_SERVER
	}
EOF

mkdir -p /usr/local/Cellar/krb5/1.18/var/krb5kdc/
kdb5_util create -r EXAMPLE.COM -s

kadmin.local -q "delete_principal -force $CUSTOM_PRINCIPAL@$REALM"
kadmin.local -q "addprinc -pw $CUSTOM_PRINCIPAL_PASSWORD $CUSTOM_PRINCIPAL@$REALM"
rm -f $CUSTOM_KEYTAB_PATH
kadmin.local -q "xst -k $CUSTOM_KEYTAB_PATH $CUSTOM_PRINCIPAL@$REALM"
chmod 600 $CUSTOM_KEYTAB_PATH

krb5kdc

Test

export KRB5_TRACE=/dev/stdout
kinit -kt $HOME/user.keytab user/example.com@EXAMPLE.COM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment