Shulou(Shulou.com)06/02 Report--

This article mainly explains "Centos8 how to build nfs based on kdc encryption". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "Centos8 how to build nfs based on kdc encryption".

Configuration

1.Kerberos provides a centralized authentication server structure, and the function of the authentication server realizes the mutual authentication between the user and the server it accesses. (using symmetric key encryption technology)

2.Kerberos single sign-on schematic

3. Service environment

Hostname virtual machine ipwww.skills.com192.168.10.222nfs.skills.com192.168.10.223client.skills.com

192.168.10.224

two。 Turn off the firewall and download the krb5 package (master server (www.skills.com)) and add the hostname of the corresponding ip to / etc/hosts. (all three nodes)

5. Edit the main configuration file (vim / etc/krb5.conf) and change all the EXAMPLE.COM in it to your own domain name.

6. Modify / var/kerberos/krb5kdc/kadm5.acl to change EXAMPLE.COM to your own domain name.

[root@www ~] # vim / var/kerberos/krb5kdc/kadm5.acl

7. Initialize the KDC database and enter the database password

[root@www] # kdb5_util create-s

8. Restart the service

[root@www ~] # systemctl restart krb5kdc kadmin

[root@www ~] # systemctl enable krb5kdc kadmin

9. Log in to the Kerberos Server service root and log in to kadmin.local without secret, and create a user with Kerberos, randomly generate a key with a value as a three-Pacific node, and download the key of the main server.

Kadmin.local: addprinc root/adminkadmin.local: addprinc-randkey nfs/www.skills.comkadmin.local: addprinc-randkey nfs/nfs.skills.comkadmin.local: addprinc-randkey nfs/client.skills.comkadmin.local: ktadd nfs/www.skills.com

You can view the created key with listprincs

To this master server configuration is complete.

Nfs server (nfs.skills.com)

1. Download the nfs and kdc installation packages

Yum-y install krb5-workstation nfs-utils

two。 Edit the main configuration file (vim / etc/krb5.conf) and change all the EXAMPLE.COM in it to your own domain name.

3. Login password to KDC database download key (kadmin)

Kadminktadd nfs/nfs.skills.com

4. Create a nfs mount file that requires krb5p encrypted access

Mkdir / share vim / etc/exportsexportfs-rv

Configure the contents of the file (what is the encryption of sec).

5. Restart the service

Systemctl restart nfs-server

This is where the configuration is complete.

Nfs client (client.skills.com)

1. Because the kdc configuration contents of the client and the nfs master server are the same, we can use scp to transmit the configuration file, but we cannot use scp to transmit the configuration file of the master server. Our client does not contain the kdc database, so using the configuration file of the master server will report an error and cannot find the database.

two。 Download the nfs and kdc installation packages

Yum-y install krb5-workstation nfs-utils

3.。 Login password to KDC database download key (kadmin)

Kadminktadd nfs/client.skills.com

4. Restart the service, create a folder, mount share, and finally check with df.

Systemctl restart nfs-server mkdir / myshare mount 192.168.10.223:/share / share df-l

The nfs based on kdc encryption was mounted successfully.

Thank you for reading, the above is the content of "how Centos8 builds nfs based on kdc encryption". After the study of this article, I believe you have a deeper understanding of how Centos8 builds nfs based on kdc encryption, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.