What programs/files need to go on each application server?
As a MINIMUM, on each application server, you’ll need to put:* A Kerberos configuration file (/etc/krb5.conf).* The Kerberos application server daemons (telnetd, rlogind, ftpd, etc).* At least one encryption key (usually stored in /etc/krb5.keytab).The encryption key is really the critical part; it needs to be transmittedto the application server host in a secure fashion. This is typically thekey for the host principal (host/foo.bar.org@REALM). Note that the MIT adminclient kadmin encrypts all of the transfers between it and the admin server,so using ktadd from inside of kadmin is safe, provided that you’re notsending your admin password over the network in the clear.You’ll probably want to put the Kerberos client binaries on each applicationserver as well, if you plan on having interactive user logins on yourapplication servers.
As a MINIMUM, on each application server, you’ll need to put: * A Kerberos configuration file (/etc/krb5.conf). * The Kerberos application server daemons (telnetd, rlogind, ftpd, etc). * At least one encryption key (usually stored in /etc/krb5.keytab). The encryption key is really the critical part; it needs to be transmitted to the application server host in a secure fashion. This is typically the key for the host principal (host/foo.bar.org-at-REALM). Note that the MIT admin client kadmin encrypts all of the transfers between it and the admin server, so using ktadd from inside of kadmin is safe, provided that you’re not sending your admin password over the network in the clear. You’ll probably want to put the Kerberos client binaries on each application server as well, if you plan on having interactive user logins on your application servers.
As a MINIMUM, on each application server, you’ll need to put: • A Kerberos configuration file (/etc/krb5.conf). • The Kerberos application server daemons (telnetd, rlogind, ftpd, etc). • At least one encryption key (usually stored in /etc/krb5.keytab). The encryption key is really the critical part; it needs to be transmitted to the application server host in a secure fashion.
