Go to main content

Oracle® ZFS Storage Appliance 管理指南,发行版 OS8.8.0

退出打印视图

更新时间: 2018 年 11 月
 
 

创建 Kerberos 主体和密钥 (CLI)

使用以下过程可使用设备在 KDC 管理服务器上创建 Kerberos 主体。将为每个主体生成密钥,并将密钥存储在设备密钥表中。有关每个属性的说明,请参见Kerberos 服务属性Kerberos 属性和日志

开始之前

  • 确保启用了 Kerberos 服务,设置了领域,并确定了 KDC,如创建 Kerberos 领域 (CLI)中所述。

  • 确保您在 KDC 上有登录凭证。

  1. 转到 configuration services kerberos 并输入 list 
    hostname:configuration services kerberos> list
REALM               KDC
TEST.NET
  2. 选择领域。 
    hostname:configuration services kerberos> select TEST.NET
hostname:configuration services kerberos TEST.NET>
  3. 要创建主体,请输入 principals,然后再输入 show 以查看属性。 
    hostname:configuration services kerberos TEST.NET> principals
hostname:configuration services kerberos TEST.NET principals (uncommitted)> show
Properties:
               realm = TEST.NET
              server = kdc1.us.oracle.com
               admin = (unset)
            password = (unset)
  4. (u53ef选) 要更改 KDC 服务器,请输入 set kdcs= 和 KDC 服务器主机名称。然后输入 commit 
    hostname:configuration services kerberos TEST.NET> set kdcs=kdc2.us.oracle.com
               kdcs = kdc2.us.oracle.com (uncommitted)
hostname:configuration services kerberos TEST.NET> commit
  5. 输入 set admin= 和领域的 KDC 管理员名称。 
    hostname:configuration services kerberos TEST.NET principals (uncommitted)> set admin=kdc/admin
  6. 输入 set password= 和 KDC 管理员密码,然后再输入 commit 
    hostname:configuration services kerberos TEST.NET principals (uncommitted)> set password=test123
             password = (set)
hostname:configuration services kerberos TEST.NET principals (uncommitted)> commit
  7. 输入 show 查看 KDC 的主体。 
    hostname:configuration services kerberos TEST.NET> show
Properties:
                kdcs = kdc1.us.oracle.com
Keytab entries:
NAME            KEYS  PRINCIPAL
principal-000   4     host/hostname.us.oracle.com@TEST.NET
principal-001   4     nfs/hostname.us.oracle.com@TEST.NET
  8. 要查看主体的密钥,请选择一个主体,然后输入 show 
    hostname:configuration services kerberos TEST.NET> select principal-001
hostname:configuration services kerberos principal-001> show
Properties:
                 name = nfs/hostname.us.oracle.com@TEST.NET
Keys:
KEY       KVNO   ENCTYPENO   ENCTYPE
key-000   28     18          AES-256 CTS mode with 96-bit SHA-1 HMAC
key-001   28     17          AES-128 CTS mode with 96-bit SHA-1 HMAC
key-002   28     16          Triple DES cbc mode with HMAC/sha1
key-003   28     23          ArcFour with HMAC/md5
key-004   28     24          Exportable ArcFour with HMAC/md5
key-005   28     3           DES cbc mode with RSA-MD5
key-006   28     1           DES cbc mode with CRC-32

    列标题图例:

    • KEY = 密钥名称

    • KVNO = 密钥版本号

    • ENCTYPENO = 加密类型编号

    • ENCTYPE = 加密类型

  9. 要查看密钥的属性,请选择一个密钥,然后输入 show 
    hostname:configuration services kerberos principal-001> select key-003
hostname:configuration services kerberos principal-001 key-003> show
Properties:
               principal = nfs/hostname.us.oracle.com@TEST.NET
                    kvno = 28
                 enctype = ArcFour with HMAC/md5
               enctypeno = 23
版权所有 © 2009, 2018, Oracle 和/或其附属公司。 保留所有权利。 
上一页
下一页