telnet服务配置Kerberos的具体过程(1)(2)
- bash-2.05b# hostname
- fsaix005.in.ibm.com
- bash-2.05b# kadmin -p admin/admin
- Authenticating as principal admin/admin with password.
- Password for admin/admin@ISL.IN.IBM.COM:
- kadmin: ank -pw vipin vipin
- WARNING: no policy specified for vipin@ISL.IN.IBM.COM;
- defaulting to no policy. Note that policy may be overridden by
- ACL restrictions.
- Principal "vipin@ISL.IN.IBM.COM" created.
- kadmin: q
- bash-2.05b#
转到配置Kerberos 客户端的任何其他客户端计算机 (fakir.in.ibm.com) 上。运行 '/usr/krb5/bin/kinit vipin' 以获取初始Kerberos票证,如下所示:
- bash-2.05b# hostname
- fakir.in.ibm.com
- bash-2.05b# /usr/krb5/bin/kinit vipin
- Password for vipin@ISL.IN.IBM.COM:
- bash-2.05b# /usr/krb5/bin/klist
- Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
- Default principal: vipin@ISL.IN.IBM.COM
- Valid starting ExpiresService principal
- 02/16/08 04:31:41 02/17/08 04:31:39 krbtgt/ISL.IN.IBM.COM@ISL.IN.IBM.COM
- bash-2.05b#
尝试远程登录到 telnetd 计算机 (fsaix005.in.ibm.com)。如果一切顺利,系统将要求您输入密码,您将以用户“vipin”的身份登录。
下面是完成这项工作的命令:
- bash-2.05b# hostname
- fakir.in.ibm.com
- bash-2.05b#telnet-l vipin fsaix005.in.ibm.com
- Trying...
- Connected to fsaix005.in.ibm.com.
- Escape character is '^]'.
- [KerberosV5 accepts you as ``vipin@ISL.IN.IBM.COM'' ]
- telnet (fsaix005.in.ibm.com)
- *******************************************************************************
- * *
- * *
- * Welcome to AIX Version 5.3!*
- * *
- * *
- * Please see the README file in /usr/lpp/bos for information pertinent to*
- * this release of the AIX Operating System. *
- * *
- * *
- *******************************************************************************
- Last unsuccessful login: Wed Feb 13 11:50:40 CST 2008 on /dev/pts/2 from
- land.in.ibm.com
- Last login: Fri Feb 15 12:49:06 CST 2008 on /dev/pts/3 from aixdce8.in.ibm.com
- $ hostname
- fsaix005.in.ibm.com
- $ id
- uid=237(vipin) gid=1(staff)
- $ exit
- Connection closed
- bash-2.05b# hostname
- fakir.in.ibm.com
- bash-2.05b#
完成配置Kerberos之后,现在是以Kerberos方式运行telnet所需完成的全部工作!请注意在发出telnet命令时的附加选项位于上面突出显示的文本中)。
如果您希望检查是否确实获得telnet服务主体的票证,请在客户端上运行 /usr/krb5/bin/klist 并查看其输出。您应该看到与下面所示类似的内容:
- bash-2.05b# hostname
- fakir.in.ibm.com
- bash-2.05b# /usr/krb5/bin/klist
- Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
- Default principal: vipin@ISL.IN.IBM.COM
- Valid starting ExpiresService principal
- 02/16/08 04:31:41 02/17/08 04:31:39 krbtgt/ISL.IN.IBM.COM@ISL.IN.IBM.COM
- 02/16/08 04:32:56 02/17/08 04:31:39 host/fsaix005.in.ibm.com@ISL.IN.IBM.COM
- bash-2.05b#
评论暂时关闭