My question when setting up a application server of kerberos - Kerberos

This is a discussion on My question when setting up a application server of kerberos - Kerberos ; Hi all, I am a beginner of kerberos. I am trying to set up a application server, which offers kerberized services to users. I have three machines. The server gcnode028 is used as the KDC; the server gcnode021 is used ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: My question when setting up a application server of kerberos

  1. My question when setting up a application server of kerberos

    Hi all,
    I am a beginner of kerberos. I am trying to set up a application server,
    which offers kerberized services to users. I have three machines. The server
    gcnode028 is used as the KDC; the server gcnode021 is used as the
    application server; the machine gcnode029 is used as a client.

    On the KDC, I created the principal of gcnode021:
    kadmin: add_principal test/gcnode021

    And created a keytab file on the KDC for the application server:
    kadmin: ktadd test/gcnode021

    Then I use command scp to send the keytab file to gcnode021(the
    application server) as /etc/krb5.keytab

    At last, I changed the /etc/xinetd.conf file like this, and restarted
    the xinetd service:
    #
    # Simple configuration file for xinetd
    #
    # Some defaults, and include /etc/xinetd.d/

    defaults
    {
    instances = 60
    log_type = SYSLOG authpriv
    log_on_success = HOST PID
    log_on_failure = HOST
    cps = 25 30
    }
    Service telnet
    {
    Socket_type=strem
    protocol=tcp
    wait=no
    user=root
    server=/usr/kerberos/sbin/telnetd
    }
    includedir /etc/xinetd.d

    I tried to use telnet to connect the gcnode021 from the gcnode029 like
    this:
    [root@gcnode021 ~]# telnet gcnode029
    Trying 192.168.10.29...
    telnet: connect to address 192.168.10.29: Connection refused
    telnet: Unable to connect to remote host: Connection refused

    So what is the problem? Thank you!

    --
    Lizhong
    lizhong @ncic.ac.cn



    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: My question when setting up a application server of kerberos

    >
    > Hi all,
    > I am a beginner of kerberos. I am trying to set up a application server,
    > which offers kerberized services to users. I have three machines. The server
    > gcnode028 is used as the KDC; the server gcnode021 is used as the
    > application server; the machine gcnode029 is used as a client.
    >
    > On the KDC, I created the principal of gcnode021:
    > kadmin: add_principal test/gcnode021
    >
    > And created a keytab file on the KDC for the application server:
    > kadmin: ktadd test/gcnode021
    >
    > Then I use command scp to send the keytab file to gcnode021(the
    > application server) as /etc/krb5.keytab
    >
    > At last, I changed the /etc/xinetd.conf file like this, and restarted
    > the xinetd service:
    > #
    > # Simple configuration file for xinetd
    > #
    > # Some defaults, and include /etc/xinetd.d/
    >
    > defaults
    > {
    > instances = 60
    > log_type = SYSLOG authpriv
    > log_on_success = HOST PID
    > log_on_failure = HOST
    > cps = 25 30
    > }
    > Service telnet
    > {
    > Socket_type=strem
    > protocol=tcp
    > wait=no
    > user=root
    > server=/usr/kerberos/sbin/telnetd
    > }
    > includedir /etc/xinetd.d
    >
    > I tried to use telnet to connect the gcnode021 from the gcnode029 like
    > this:
    > [root@gcnode021 ~]# telnet gcnode029
    > Trying 192.168.10.29...
    > telnet: connect to address 192.168.10.29: Connection refused
    > telnet: Unable to connect to remote host: Connection refused


    This is a question about xinetd, not Kerberos.

    Perhaps you need "disabled = false" or some such in the xinetd config?

    > So what is the problem? Thank you!
    >
    > --
    > Lizhong
    > lizhong @ncic.ac.cn
    >
    >
    >
    > ________________________________________________

    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


    --
    Richard Silverman
    res@qoxp.net


  3. Re: My question when setting up a application server of kerberos

    lizhong wrote:
    > Hi all,
    > I am a beginner of kerberos. I am trying to set up a application server,
    > which offers kerberized services to users. I have three machines. The server
    > gcnode028 is used as the KDC; the server gcnode021 is used as the
    > application server; the machine gcnode029 is used as a client.
    >
    > On the KDC, I created the principal of gcnode021:
    > kadmin: add_principal test/gcnode021
    >
    > And created a keytab file on the KDC for the application server:
    > kadmin: ktadd test/gcnode021
    >
    > Then I use command scp to send the keytab file to gcnode021(the
    > application server) as /etc/krb5.keytab
    >
    > At last, I changed the /etc/xinetd.conf file like this, and restarted
    > the xinetd service:
    > #
    > # Simple configuration file for xinetd
    > #
    > # Some defaults, and include /etc/xinetd.d/
    >
    > defaults
    > {
    > instances = 60
    > log_type = SYSLOG authpriv
    > log_on_success = HOST PID
    > log_on_failure = HOST
    > cps = 25 30
    > }
    > Service telnet
    > {
    > Socket_type=strem
    > protocol=tcp
    > wait=no
    > user=root
    > server=/usr/kerberos/sbin/telnetd
    > }
    > includedir /etc/xinetd.d
    >
    > I tried to use telnet to connect the gcnode021 from the gcnode029 like
    > this:
    > [root@gcnode021 ~]# telnet gcnode029
    > Trying 192.168.10.29...
    > telnet: connect to address 192.168.10.29: Connection refused
    > telnet: Unable to connect to remote host: Connection refused
    >
    > So what is the problem? Thank you!
    >


    Well obviously the telnet server is not running on 192.168.10.29. That
    part has nothing to do with Kerberos.

    Danny
    > --
    > Lizhong
    > lizhong @ncic.ac.cn
    >
    >
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread