PROJECTS: Kerberos Research - Host Requirements

Page last modified Mon Jun 2 12:51:26 2003

Different types of hosts have different minimum requirements to participate in a Kerberos realm.

The KDC

• REQUIRED: The KDC needs to be running the krb5kdc (MIT) or kdc (Heimadl) daemon.
• OPTIONAL: The kadmind and kpasswdd daemons are also handy to have, though not necessary if you perform administrative on the local console with kadmin.local (MIT) or kadmin -l (Heimdal).
• REQUIRED: The keytab (generally /etc/krb5.keytab) needs to contain the key for the KDC host principal
• REQUIRED: A valid krb5.conf (generally in /etc). There may be extra stanzas in this krb5.conf to cover options such as logging.
• REQURIED: For an MIT KDC, a valid kdc.conf (generally in /usr/local/lib/krb5kdc/REQUIRED: Working DNS (both an A and a PTR record)
• OPTIONAL: Application servers such as kerberized telnetd, rshd, eklogind, ftpd
• OPTIONAL: (but recommended) The base kerberos applications such as kinit, kdestroy, klist
• OPTIONAL: (but recommended) The kerberos client applications such as telnet, rsh, rlogin, ftp

Application Server

• REQUIRED: The keytab (generally /etc/krb5.keytab needs to contain the key for the host principal
• REQUIRED: A valid krb5.conf (generally in /etc)
• REQUIRED: Working DNS (both an A and a PTR record)
• REQUIRED: Application servers such as kerberized telnetd, rshd, eklogind, ftpd
• OPTIONAL: (but recommended) The base kerberos applications such as kinit, kdestroy, klist
• OPTIONAL: (but recommended) The kerberos client applications such as telnet, rsh, rlogin, ftp

Workstation

• REQUIRED: A valid krb5.conf (generally in /etc)
• REQUIRED: Working DNS (both an A and a PTR record)
• REQUIRED: The base kerberos applications such as kinit, kdestroy, klist
• REQUIRED: (but recommended) The kerberos client applications such as telnet, rsh, rlogin, ftp