qwertyuiopasdfghjklzxcvbnmqwerty

uiopasdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjklzxcvbnmq
NETWORK SECURITY
wertyuiopasdfghjklzxcvbnmqwertyui
LAB 1

opasdfghjklzxcvbnmqwertyuiopasdfg
10/11/2019

32195- Raima Aamir

hjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmrtyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyuiopas
How to Setup Kerberos Server and Client on Ubuntu 18.04 LTS

Kerberos was originally developed by the Massachusetts Institute of

Technology (MIT) to protect the network services provided by the Athena
project. Kerberos is a network authentication protocol that uses symmetric
key cryptography and requires authorization from a trusted third party to
authenticate client-server applications. In the modern world, Kerberos is
often used as a third-party authentication service. This means that all clients
trust Kerberos' judgment about another clients' identity. In this lab, we will
show you how to set up Kerberos authentication between two Ubuntu 18.04
Machines.

The following lab is conducted to show that how to setup the kerberos
authentication between to machines. Install and configure sever on ubuntu
server and install the kerberos client on the other.

Steps you need to perform

 set the FQDN file.

 Install the KDC kerberos server onto the server machine.
 Configuration of the KDC kerberos server.
 Installing and configuring kerberos client onto the client machine.
 Test

Requirements

You will be needing to machines one for server and other for the client.
SERVER SIDE:

To be in root use the command “sudo –i” then change then to change the FQDN
of the Kerberos server use the command

hostnamectl set-hostname krb5.raima.io

Check your IP address with the command “ifconfig”

Change the IP address and FQDN with your own and paste into it.

192.168.145.128 krb5.raima.io krb5

Save and close.

Now test using the 'ping' command below and make sure the FQDN is resolved to the right IP
address. ping -c 3 $(hostname -f)
Step 2 - Install KDC Kerberos Server

Now we're going to install the Kerberos server on the 'krb5' server with IP
address '192.168.145.128' and the FQDN is 'krb5.raima.io'. Install Kerberos
server using the following apt command.
Sudo apt install krb5-kdc krb5-admin-server krb5-config -y

During the installation, you will be asked about the Kerberos Realm, the Kerberos server of the
Realm, and the Admin server.

By default, the Kerberos will use the Kerberos server domain name as a REALM, 'RAIMA.IO'.
The Kerberos server is 'krb5.raima.io'.
And the Admin server same as the Kerberos server 'krb5.raima.io'.
Step 3 - Configure KDC Kerberos Server

Now generate a new strong master password for the Kerberos REALM using
the following command:
sudo krb5_newrealm
After that, we need to create the admin user (admin principal) for the KDC Kerberos server, add the
Kerberos server hostname to the database, and then create the keytab for the Kerberos server. Run
the 'kadmin.local' command-line interface for Kerberos administration command below.
sudo kadmin.local

Create a new admin user principal called 'root'.

addprinc root/admin

Type the strong password for the 'root' admin principal. Add the KDC Kerberos server to the
database and create the keytab file for the KDC host.

addprinc -randkey host/krb5.shehab.io kdadd host/krb5.raima.io

Then close the 'kadmin.local' utility by pressing “q”.

Next, we need to add the 'root' admin principle to the access control list by editing the
'/etc/krb5kdc/kadm5.acl' file.
nano /etc/krb5kdc/kadm5.acl

In the configuration menu, uncomment the ‘*admin*’, and add the following:
*root/admin*

Save and close the configuration, then restart the Kerberos service with the help of this command:

sudo systemctl restart krb5-admin-server.service

sudo systemctl status krb5-admin-server.service

And the configuration of KDC Kerberos server has been completed.

Client
After that, edit the '/etc/hosts' file using an editor of your choice.

nano /etc/hosts

Paste both KDC Kerberos server and the client as below:

192.168.145.128 krb5.raima.io krb5

Install Kerberos Client: Install Kerberos client packages by running the following apt command:
sudo apt install -y krb5-user libpam-ccreds auth-client-config

During the installation, in case you have been asked about the name of Kerberos realm, the
configuration will be the same as we did earlier: 1. By default, Kerberos will use the Kerberos server
domain name as a REALM, 'RAIMA.IO'.

2. The Kerberos server is 'krb5.raima.io'.

3. And the Admin server same as the Kerberos server 'krb5.raima.io'.

Once the installation is finished, you will be shown the Kerberos service is
failed to run. It's fine because we will configure on the next stage.
TESTING
Close the Kerberos Administration interface “q” and edit the ssh configuration
'/etc/ssh/sshd_config'.

Before you edit the ssh file, you need to install the ssh services by the following
command; and then edit the file.

apt install ssh

once the installation is complete, edit the ssh configuration file:

nano /etc/ssh/sshd_config
Save and close the configuration and restart the ssh service