12.2.3. Configure the Kerberos Client

Procedure 12.1. Configure the Kerberos Client

1. Create the Kerberos Configuration File

   Create the krb5.conf configuration file in the /etc directory and add the following to the file:

   [logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
   
   [libdefaults]
     default_realm = EXAMPLE.COM
     default_tgs_enctypes = des-cbc-md5,des3-cbc-sha1-kd
     default_tkt_enctypes = des-cbc-md5,des3-cbc-sha1-kd
     dns_lookup_realm = false
     dns_lookup_kdc = false
     allow_weak_crypto = yes
     ticket_lifetime = 24h
     renew_lifetime = 7d
     forwardable = yes  
   
   [realms]
     EXAMPLE.COM = {
       kdc = localhost:60088
       admin_server = localhost:60088
     }
   
   [domain_realm]
     .example.com = EXAMPLE.COM
     example.com = EXAMPLE.COM

   Copy to Clipboard Toggle word wrap

2. Create a Key Tab

   Create a key tab in the /etc/httpd folder with the following contents:

   ktutil
   ktutil:  addent -password -p HTTP/localhost@EXAMPLE.COM -k 0 -e des-cbc-md5
   Password for HTTP/localhost@EXAMPLE.COM: secretpwd
   ktutil:  list
   slot KVNO Principal
   ---- ---- ---------------------------------------------------------------------
      1    0               HTTP/localhost@EXAMPLE.COM
   ktutil:  wkt krb5.keytab
   ktutil:  quit
   
   Under root user:
   chgrp apache /etc/httpd/krb5.keytab
   chmod 640 /etc/httpd/krb5.keytab

   Copy to Clipboard Toggle word wrap

3. Check the Hosts File

   Ensure that the following host configuration is included in the /etc/hosts file:

   127.0.0.1 localhost

   Copy to Clipboard Toggle word wrap