diff --git a/.gitignore b/.gitignore index cbe778b..0fc0948 100644 --- a/.gitignore +++ b/.gitignore @@ -179,3 +179,4 @@ a.out sample/server sample/client sample/core +*.keytab diff --git a/sample/client.py b/sample/client.py index e555093..9578f65 100755 --- a/sample/client.py +++ b/sample/client.py @@ -20,13 +20,13 @@ def recv_data(): return data curr_path = os.getcwd() -os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf" +os.environ["KRB5_CONFIG"] = curr_path + "/krb5.conf" os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000" -os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab" +os.environ["KRB5_KTNAME"] = curr_path + "/cli.keytab" os.environ["KRB5_TRACE"] = "/tmp/client.log" -principal = "cli@TEST.COM" +principal = "cli@TEST.HADOOP.COM" -res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal]) +res = subprocess.call(["kinit", "-kt", "cli.keytab", principal]) subprocess.call(["klist"]) name = gssapi.Name(principal) diff --git a/sample/kinit_client.sh b/sample/kinit_client.sh new file mode 100755 index 0000000..0237713 --- /dev/null +++ b/sample/kinit_client.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# + +export KRB5CCNAME=/tmp/krb5cc_cli_1000 +export KRB5_CONFIG="/home/zeekling/project/gitea/kerberosTest/sample/krb5.conf" + +kinit -kt ./cli.keytab cli + +klist diff --git a/sample/kinit_server.sh b/sample/kinit_server.sh new file mode 100755 index 0000000..fb54ded --- /dev/null +++ b/sample/kinit_server.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# + +export KRB5CCNAME=/tmp/krb5_server_1000 +export KRB5_CONFIG="/home/zeekling/project/gitea/kerberosTest/sample/krb5.conf" + +kinit -kt ./hadoop.keytab server/hadoop.test.hadoop.com@TEST.HADOOP.COM + +klist diff --git a/sample/krb5.conf b/sample/krb5.conf new file mode 100644 index 0000000..27bdc46 --- /dev/null +++ b/sample/krb5.conf @@ -0,0 +1,18 @@ +[logging] +default = FILE:/var/log/krb5libs.log +kdc = FILE:/var/log/krb5kdc.log +admin_server = FILE:/var/log/kadmind.log + +[libdefaults] +default_realm = TEST.HADOOP.COM +dns_lookup_realm = false +dns_lookup_kdc = false +ticket_lifetime = 24h +renew_lifetime = 7d +forwardable = true + +[realms] +TEST.HADOOP.COM = { + kdc = krb5-kdc-server:88 + admin_server = krb5-kdc-server +} diff --git a/sample/sample-client.c b/sample/sample-client.c index 5077ef1..6162334 100644 --- a/sample/sample-client.c +++ b/sample/sample-client.c @@ -12,13 +12,13 @@ char buf[SAMPLE_SEC_BUF_SIZE]; static sasl_conn_t *conn = NULL; -const char *realm = "TEST.COM"; +const char *realm = "TEST.HADOOP.COM"; const char *mech = "GSSAPI"; const char *iplocal = "127.0.0.1"; const char *ipremote = "127.0.0.1"; char *searchpath = NULL; const char *service = "server"; -const char *fqdn = "hadoop.test.com"; +const char *fqdn = "hadoop.test.hadoop.com"; int cfd; int init_sasl() { diff --git a/sample/sample-server.c b/sample/sample-server.c index c942779..c8ab061 100644 --- a/sample/sample-server.c +++ b/sample/sample-server.c @@ -60,7 +60,7 @@ kClient *createClient(int fp) { int auth_client(kClient *c) { if (!c->begin_auth) { - int result = sasl_server_new(server, "hadoop.test.com", "TEST.COM", NULL, NULL, NULL, 0, &c->conn); + int result = sasl_server_new(server, "hadoop.test.hadoop.com", "TEST.HADOOP.COM", NULL, NULL, NULL, 0, &c->conn); if (result != SASL_OK) { printf("Allocating sasl connection state, %s\n", sasl_errdetail(c->conn)); return 1; diff --git a/sample/server.py b/sample/server.py index d602cbf..6f71824 100755 --- a/sample/server.py +++ b/sample/server.py @@ -22,16 +22,16 @@ def recv_data(cli:socket): # 设置环境变量 -principal = "server/hadoop.test.com@TEST.COM" +principal = "server/hadoop.test.hadoop.com@TEST.HADOOP.COM" curr_path = os.getcwd() -os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf" -os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab" -os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000" +os.environ["KRB5_CONFIG"] = curr_path + "/krb5.conf" +os.environ["KRB5_KTNAME"] = curr_path + "/hadoop.keytab" +os.environ["KRB5CCNAME"] = "/tmp/krb5_server_1000" os.environ["KRB5_TRACE"] = "/tmp/server.log" kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal]) klist_res = subprocess.call(["klist"]) -name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal) +name = gssapi.Name("server/hadoop.test.hadoop.com", name_type=gssapi.NameType.kerberos_principal) cname = name.canonicalize(gssapi.MechType.kerberos) print(cname)