User:Tiicoo:AFSKRB/KrbInstall
| <<< Homepage of OpenAFS and Kerberos | Distributed User and Access Management using Kerberos and AFS Structures | << Table of Contents |
| < Overview on OpenAFS and Kerberos | Installation Of OpenAFS > |
What is Kerberos?
editKerberos is a Software developed at the MIT which can be used for network authentication. It uses a trusted third party (which we will call key distribution center or KDC) in case two entities are trying to communicate safely. That third party consists of an authentication server one one side and on the other side of a Ticket Granting Server. For each entity the third party knows the secret key. In case two entities try secret communication the key distribution center the KDC generates a session key.
The tickets you get from the KDC, specifically the AFS tokens you can make from those tickets will be the passport in the AFS network.
Where to get?
editInstalling packages provided by your distribution
editMost distributions provide an OpenAFS/Kerberos environment themselves. For Gentoo an ebuild is provided. In case you are using Slackware64 you may get packages from http://ossy86.bplaced.net/dev/afskrb/
Building it from source
editYou can download Kerberos packages from http://web.mit.edu/kerberos/www/ or download a current development release via
svn co svn://anonsvn.mit.edu/krb5/trunk/ .
into the your current working directory.
After you have got the sources we will do a
util/reconf
in order to update the necessary configuration files. After we have done that we tell the build system to compile modules we are relying on via
./configure \ --prefix=/usr \ --enable-dns-for-realm \ --enable-athena \ --enable-kdc-replay-cache \ --with-ldap \ --libdir=/usr/lib64
The following table describes necessary options.
| Description of configuration parameters | ||||||
|---|---|---|---|---|---|---|
| Switch | Description | |||||
| --prefix=/usr | We are going to install Kerberos into the directory /usr | |||||
| --enable-dns-for-realm | If this option is enabled we can use the Domain Name System for finding Kerberos Servers | |||||
| --enable-athena | Enable if you wish support for athena-like systems (distributed administration of thin clients and/or small computers with training software) | |||||
| --enable-kdc-replay-cache | Enable detection of retransmitted and/or replayed requests to the key distribution center | |||||
| --with-ldap | Enable the LDAP Backend | |||||
| --libdir=/usr/lib64 | We would like to install libraries into this directory in case we are running on a x86_64 machine. | |||||
| <<< Homepage of OpenAFS and Kerberos | Distributed User and Access Management using Kerberos and AFS Structures | << Table of Contents |
| < Overview on OpenAFS and Kerberos | Installation Of OpenAFS > |