Skip to content

Instantly share code, notes, and snippets.

@matthewtckr
Last active May 10, 2018 02:26
Show Gist options
  • Save matthewtckr/eaf6180c3edd7d4ce025 to your computer and use it in GitHub Desktop.
Save matthewtckr/eaf6180c3edd7d4ce025 to your computer and use it in GitHub Desktop.
CentOS Kerberos Configuration
#!/bin/bash
# Configure Script Settings
# KDC Server Name, admin user, non-admin user, default password
HOSTNAME=kerberos.muppets.com
ADMINUSER=mtucker
NORMALUSER=pentaho
PASSWORD=Pentaho123
## DO NOT EDIT BELOW THIS LINE ##
# Configure server network settings
HOSTNAME_SHORT=$(echo $HOSTNAME | cut -d. -f1)
DOMAIN=$(echo $HOSTNAME | cut -d. -f 2-)
REALM=$(echo $DOMAIN | tr '[:lower:]' '[:upper:]')
sed -i.orig "s/localhost.localdomain/$HOSTNAME/g" /etc/sysconfig/network
sed -i.orig "s/localhost /$HOSTNAME $HOSTNAME_SHORT localhost /g" /etc/hosts
iptables -I INPUT -p tcp --dport 88 -j ACCEPT -m comment --comment "kerberos"
iptables -I INPUT -p udp --dport 88 -j ACCEPT -m comment --comment "kerberos"
iptables -I INPUT -p udp --dport 464 -j ACCEPT -m comment --comment "kerberos"
iptables -I INPUT -p tcp --dport 749 -j ACCEPT -m comment --comment "kerberos"
service iptables save
service iptables restart
service network restart
# Install the kerberos components
yum install -y krb5-libs krb5-server krb5-workstation
yum -y install ntp && chkconfig ntpd on && /etc/init.d/ntpd start
# Update Kerberos Client config file
sed -i.orig "s/EXAMPLE.COM/$REALM/g" /etc/krb5.conf
sed -i.m1 "s/kerberos.example.com/$HOSTNAME/g" /etc/krb5.conf
sed -i.m2 "s/example.com/$DOMAIN/g" /etc/krb5.conf
# Update the KDC Server configuration
# Add Max Ticket Life / Renewable Life entries
sed -i.orig "s/EXAMPLE.COM/$REALM/g" /var/kerberos/krb5kdc/kdc.conf
sed -i.m1 '/dict_file/a max_life = 1d' /var/kerberos/krb5kdc/kdc.conf
sed -i.m2 '/dict_file/a max_renewable_life = 7d' /var/kerberos/krb5kdc/kdc.conf
sed -i.m3 's/^max_/ max_/' /var/kerberos/krb5kdc/kdc.conf
sed -i.m4 '/supported_enctypes/a default_principal_flags = +renewable, +forwardable' /var/kerberos/krb5kdc/kdc.conf
sed -i.m5 's/^default_principal_flags/ default_principal_flags/' /var/kerberos/krb5kdc/kdc.conf
# Update the Admin ACL file
sed -i.orig "s/EXAMPLE.COM/$REALM/" /var/kerberos/krb5kdc/kadm5.acl
# Create the kerberos database
kdb5_util create -s -P $PASSWORD
# Create an admin user
kadmin.local -q "addprinc -pw $PASSWORD $ADMINUSER/admin"
# start the servers
service krb5kdc start
service kadmin start
chkconfig krb5kdc on
chkconfig kadmin on
# Create normal users
kadmin.local -q "addprinc -pw $PASSWORD $NORMALUSER"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment