At IU, how do I set up a Unix computer as a Kerberized application server?
In Kerberos, an application server is a server that supports Kerberized access via several common Internet protocols, such as telnet or rlogin. With a Kerberized client, you can connect to an application server securely; your password will not be passed over the network, and you can also encrypt your session.
Note: Because UITS does not recommend that novices attempt to set up an application server, this document assumes that you are comfortable with Unix. Also, these instructions are for Kerberos 5 only.
To set up a Unix computer as a Kerberized application server at Indiana University:
Download the latest
version of Kerberos, available from MIT.
Click the link for the latest Kerberos release, and then read the
instructions on how to retrieve the Kerberos source.
- The source will be packaged in a tar archive. Enclosed
in this file will be the Kerberos distribution and its PGP
signature. The distribution will be a tar archive compressed with
- Decompress and unpack the distribution files. This will create a
[version]is the patch level of the distribution (e.g.,
- To view instructions on how to install Kerberos, go to the
docdirectory (located in the top-level distribution directory). The installation guide is available in several formats, including HTML and PostScript.
When you get to the./configure --without-krb4
./configurestep, use the
--without-krb4option to disable building Kerberos 4 compatibility code. At IU, this code is useless, and previously contained security vulnerabilities. Your command line should look like this:
- Create both a
/etc/krb5.conffile and a
/etc/krb5.keytabfile (download a working copy of the
/etc/krb5.conffile from SharePoint).
To request a keytab file:
- If you are an LSP, complete the Support Request web form. This form is only accessible to LSPs and will have an option to request a Kerberos keytab.
- If you are not an LSP, work with your LSP or contact your campus Support Center.
- To set up application services, read the installation guide. The
two files you will likely need to edit are
/etc/inetd.conf. For information about how the Kerberized clients included with the distribution work, see the user guide, which is available in the same directory as the installation guide.
At Indiana University, for personal or departmental Linux or Unix systems support, see At IU, how do I get support for Linux or Unix?
Last modified on June 05, 2012.