How to set up a Kerberized PennKey service

Follow these steps so set up a Kerberized PennKey service.

  1. Acquire a User PennKey for yourself.

  2. Request a KAdmin PennKey which will allow you to create Service PennKeys for the domain name of the host on which you are installing.

  3. Create Service PennKeys for each service. For Unix-flavored servers this means using 'kadmin' and the Service PennKey must have the server DNS name in lowercase. For Windows domains this means creating a Cross Domain PennKey and the Microsoft domain must be in uppercase.

  4. Get Kerberos working. For Unix-flavored servers this means installing kerberos server software. For Windows domains this means configuring the system to authenticate to Penn's MIT KDC.

  5. Kerberize all relevant software requiring authentication, or determine other alternatives to clear-text password transmission, such as ssh or SSL/TLS.


HOME...