|
|
|
|
47.2 Setting Up the KDC Hardware
The first thing required to use Kerberos is
a machine that acts as the key distribution center, or KDC for short.
This machine holds the entire Kerberos user
database with passwords and all information.
The KDC is the most important part of your security infrastructure—if
someone breaks into it, all user accounts and all of your infrastructure
protected by Kerberos is compromised. An attacker with access to the
Kerberos database can impersonate any principal in the database. Tighten
security for this machine as much as possible:
-
Put the server machine into a physically secured location, such as a
locked server room to which only a very few people have access.
-
Do not run any network applications on it except the KDC. This
includes servers and clients—for example, the KDC should not
import any file systems via NFS or use DHCP to retrieve its network
configuration.
-
Install a minimal system first then check the list of installed packages
and remove any unneeded packages. This includes servers, such as inetd,
portmap, and cups, as well as anything X-based. Even installing an SSH
server should be considered a potential security risk.
-
No graphical login is provided on this machine as an X server is a
potential security risk. Kerberos provides its
own administration interface.
-
Configure /etc/nsswitch.conf to use only
local files for user and group lookup. Change the lines for
passwd and group to look like
this: passwd: files
group: files
Edit the passwd, group,
shadow, and gshadow files in
/etc and remove the lines that
start with a + character (these are for NIS
lookups).
-
Disable all user accounts except root's account by editing
/etc/shadow and replacing the hashed passwords with
* or ! characters.
|
|
|