Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana

gilangvperdana/README.md

Last active March 15, 2022 13:30
Show Gist options
  • Save gilangvperdana/3b8252f69a58a5a51a93b4fab4d097c3 to your computer and use it in GitHub Desktop.
Save gilangvperdana/3b8252f69a58a5a51a93b4fab4d097c3 to your computer and use it in GitHub Desktop.
Download ZIP
Kerebros Installation on Ubuntu Server 20.04 LTS
Raw
README.md

Instalasi Kerberos pada Ubuntu 20.04 LTS

Mencoba untuk implementasi Kerberos pada Ubuntu 20.04LTS.
Jika saya menuliskan Server, silahkan eksekusi di Server Node begitupun sebaliknya.

Kerberos Cluster:

1 Server & 1 Client.
Realm : kerberos.com
Server : 192.168.0.13
Client : 192.168.0.12

Server :

hostnamectl set-hostname server.kerberos.com

Client :

hostnamectl set-hostname client.kerberos.com

All Node :

nano /etc/hosts
192.168.0.13 server.kerberos.com
192.168.0.12 client.kerberos.com

ping server.kerberos.com
ping client.kerberos.com

Server :

sudo apt install krb5-kdc krb5-admin-server krb5-config -y
REALM : kerberos.com
Kerberos Server : server.kerberos.com
Administrative Server : server.kerberos.com

Konfigurasi user principal "root" :
sudo krb5_newrealm
sudo kadmin.local
addprinc root/admin

Memabahkan server.kerberos.com sebagai Host :
addprinc -randkey host/server.kerberos.com
ktadd host/server.kerberos.com
quit

Tambahkan "root" kedalam ACL :
nano /etc/krb5kdc/kadm5.acl
---
root/admin *
---
sudo systemctl restart krb5-admin-server.service

Client :

sudo apt install krb5-user sssd-krb5
REALM : kerberos.com
Kerberos Server : server.kerberos.com
Administrative Server : server.kerberos.com

Tambahkan client ke dalam server Kerberos :
kadmin
"masukkan password seperti yang tadi diawal instalasi pada server"

addprinc -randkey host/client.mbclab.com
ktadd host/client.mbclab.com

Testing Server :

Server :
useradd -m -s /bin/bash g-user

Tambahkan g-user kedalam Kerberos Administration :
kadmin.local
addprinc g-user
quit

nano /etc/ssh/sshd_config
Hilangkan comment pada,
---
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
---

systemctl restart sshd

Client :

useradd -m -s /bin/bash g-user
su - g-user
kinit g-user

Lihat tiket :
klist

Percobaan pada Client :
Silahkan ssh ke Kerberos server dan buatlah sebuah folder.

ssh server.kerberos.com
mkdir g-user_folder

Silahkan periksa folder pada server, Silahkan berksperimen untuk memberikan permission dari client lalu buka lagi pada server, dan apa yang terjadi.

Source

https://ubuntu.com/server/docs/service-kerberos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment