Kerberos setup - 2 (Kerberos Client)

Install

yum --disablerepo=*  --enablerepo=base,update install -y dmidecode krb5-libs

 

Configuration

1. Set files if you need

• /etc/hosts
• /etc/ssh/sshd_config

2. Run ntp update

ntpdate -u pool.ntp.org

3. Registration for principal with kadmin account at the new kerberos server. And create keytab

# addpric
/usr/bin/kadmin -p account/admin -w RkaWkrdldi -q "addprinc -randkey host/dev1-api-all.abcdef.com"

# ktadd
/usr/bin/kadmin -p account/admin -w RkaWkrdldi -q ktadd -k "/home/ec2-user/seeds/keytabs/dev1-api-all.abcdef.com host/dev1-api-all.abcdef.com"

# chmod
chmod og+r /home/ec2-user/seeds/keytabs/dev1-api-all.abcdef.com

4. Add kdc hosts

cat /home/ec2-user/seeds/hosts

10.100.56.52      dev1-api-lucky21.abcdef.com       dev1-api-lucky21              
10.100.56.51      dev1-api-lucky11.abcdef.com       dev1-api-lucky11              
10.100.56.50      dev1-api-lucky01.abcdef.com       dev1-api-lucky01              
10.100.56.21      dev1-api-point11.abcdef.com     dev1-api-point11                
10.100.56.22      dev1-api-point12.abcdef.com     dev1-api-point12                 
10.100.56.20      dev1-api-point01.abcdef.com     dev1-api-point01                
10.100.56.23      dev1-api-point21.abcdef.com     dev1-api-point21                
10.100.56.24      dev1-api-point22.abcdef.com     dev1-api-point22                 
10.100.0.162      dev1-proxy-out21.abcdef.com        dev1-proxy-out21             
10.100.0.161      dev1-proxy-out11.abcdef.com        dev1-proxy-out11    

5. Copy keytab(Step. 3) file to kerberos client

/etc/krb5.keytab

 

Setup api server for this setting

Launce ec2 & setup nginx + gunicorn + flask 

When setup kerberos client

Just run command

• curl -s krb5-client.abcdef.com/seeds/krb-svr-config | /bin/bash