This chapter provides a brief description of installing
the Kerberos server. The KDC is the heart of the Kerberos system
that issues Kerberos tickets and maintains a database of users and
services within its realm.
The Kerberos server should be installed on a system that has
restricted access and is physically secure. If necessary, ensure
that the system on which, you wish to install the KDC is kept under
lock and key.
You will also need to disable all the network services, such
as ftp, telnet, rlogin, finger et all, by restricting access to the machine by changing
the /etc/inetd.conf file to deactivate the non-kerberized services.
The inetd daemon must be restarted after these changes have been
made.
Also, ensure that the file system is protected with proper
permissions in order to restrict the non-root users from accessing
and manipulating the Kerberos maintained files, such as cache files, stash files et all.
Printable version
