Test Kerberos

michele_deb · 04-25-2018, 04:38 AM

Hi guys,
I have just studied the network authentication protocol Kerberos and, I would like to test it on Ubuntu configuring a Client Kerb. and a Server on two virtual machines. Is it feasible? How could I do? I was thinking to install two machines on VirtualBox, one called "Client" and the other "Server", basically two Ubuntu OS. Is it right?
Any tips?

Thanks
MB

Turbocapitalist · 04-25-2018, 05:07 AM

Kerberos uses two servers, a Key Distribution Center (KDC) and an Admin server. The KDC can do replication so you can set up a slave KDC synched with the master. So that would be three on the server side. With one more for the client, that makes four.

VirtualBox or Qemu could work. Depending on your budget, cheap Single Board Computers would work too.

michele_deb · 04-25-2018, 05:31 AM

Quote:

Originally Posted by Turbocapitalist

Kerberos uses two servers, a Key Distribution Center (KDC) and an Admin server. The KDC can do replication so you can set up a slave KDC synched with the master. So that would be three on the server side. With one more for the client, that makes four.

VirtualBox or Qemu could work. Depending on your budget, cheap Single Board Computers would work too.

You mean, I should install 4 machines= 3 server and 1 client. Right? So, can you suggest me a procedure or a pdf file with all steps to configure a Server and a Client (that asks for a service) on Ubuntu, creating and environment ad-hoc? I have no idea on how to start on it. I have studied theory about Kerberos and I would like to implement a system to emulate how it works. That's all.

Turbocapitalist · 04-25-2018, 05:34 AM

Yes. Install Ubuntu-server on the three and Ubuntu-desktop on the fourth. I'd start looking at the networking prerequisites layed out in documents like these:

https://help.ubuntu.com/community/Kerberos

https://help.ubuntu.com/lts/serverguide/kerberos.html

After each machine has a hostname which you can ping or connect to via from any of the others, then you can start looking at the actual Kerberos packages and configuration.

michele_deb · 04-25-2018, 01:26 PM

Quote:

Originally Posted by Turbocapitalist

Yes. Install Ubuntu-server on the three and Ubuntu-desktop on the fourth. I'd start looking at the networking prerequisites layed out in documents like these:

https://help.ubuntu.com/community/Kerberos

https://help.ubuntu.com/lts/serverguide/kerberos.html

After each machine has a hostname which you can ping or connect to via from any of the others, then you can start looking at the actual Kerberos packages and configuration.

Turbo, please, sorry for the stupid question:
instead of installing 3 servers, could I install just one virtual machine server, let's say: "kerberos.com" (my KDC) with an IP static address with the admin Server on the same machine and a Client virtual machine, let's say: "client.com" with a static IP?

Turbocapitalist · 04-25-2018, 01:38 PM

Quote:

Originally Posted by michele_deb

Turbo, please, sorry for the stupid question:
instead of installing 3 servers, could I install just one virtual machine server, let's say: "kerberos.com" (my KDC) with an IP static address with the admin Server on the same machine and a Client virtual machine, let's say: "client.com" with a static IP?

It's a sensible question.

You could put the admin server and kdc on the same machine but it would really be most practical, especially from a learning perspective, to have the client separate. This is a protocol intended to operate over the net, so you'll need that aspect to really know how it is used. There should be a GUI for VirtualBox that facilitates arranging the addresses of the VMs. If you're going to run it in a work environment then you'll want at least a little redundancy though.

michele_deb · 04-25-2018, 05:18 PM

Quote:

Originally Posted by Turbocapitalist

It's a sensible question.

You could put the admin server and kdc on the same machine but it would really be most practical, especially from a learning perspective, to have the client separate. This is a protocol intended to operate over the net, so you'll need that aspect to really know how it is used. There should be a GUI for VirtualBox that facilitates arranging the addresses of the VMs. If you're going to run it in a work environment then you'll want at least a little redundancy though.

Thanks. What I would like to do is at the following link: http://blog.manula.org/2012/04/setti...th-debian.html and I want configure the server part on the server virtual machine and client part on the client virtual machine following the instruction at that link. You think is the right way to proceed?

Turbocapitalist · 04-25-2018, 10:14 PM

Quote:

Originally Posted by michele_deb

Thanks. What I would like to do is at the following link:

For me that just goes to a blank page with some javascripts and no content. What about the two Ubuntu links above? Unfortunately it was kind of common knowledge how to set up Kerberos so now it is virtually undocumented, especially since most of the the canonical links from the 1990s dead and haven't been replaced.

michele_deb · 04-26-2018, 09:51 AM

Quote:

Originally Posted by Turbocapitalist

For me that just goes to a blank page with some javascripts and no content. What about the two Ubuntu links above? Unfortunately it was kind of common knowledge how to set up Kerberos so now it is virtually undocumented, especially since most of the the canonical links from the 1990s dead and haven't been replaced.

Sorry Turbocapitalist,
attached you can find a pdf file with all instruction included in the link I sent you. I have also to set up an IP address for my Server and Client on VirtualBox using option "Only Host".