Kerberos on Centos 8 - notes

Basics on Kerberos on Centos Linux 8.

A user or service is defined as a principal. E.g. a user dev, a service postgres and postgres/TBOX.SITE

An instance is used to manage principals. 

E.g. root/admin, where

root = principal

/admin = instance

A Key Distribution Center (KDC) contains database of all principals and

• Authentication Server (AS)
• Ticket Granting Server (TGS)

Keytab is a binary file that where the encryption key is extracted from a service or host.

Following are among the admin console commands

Admin console

sudo kadmin.local

List principals

listprincs

Add principals

addprinc -randkey HTTP/10.8.8.186@TBOX.SITE

addprinc -randkey postgres/10.8.8.186@TBOX.SITE

Delete principal

delprinc dev@TBOX.SITE

Install and configure kerberos server

sudo dnf install krb5-server 

sudo vi /etc/krb5.conf

[libdefaults] default_realm = TBOX.SITE [realms] TBOX.SITE = { kdc = 10.8.8.186 admin_server = 10.8.8.186 } [domain_realm] pg.tbox.com = TBOX.SITE .pg.tbox.com = CTBOX.SITE

Create a Realm

To create realm called TBOX.SITE. This will initialise a database at /var/kerberos/krb5kdc/principal

sudo kdb5_util create -r TBOX.SITE -s

Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'TBOX.SITE', master key name 'K/M@TBOX.SITE' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify:

Assign administration access rights to the kerberos database;

sudo vi /var/kerberos/krb5kdc/kadm5.acl

*/admin@TBOX.SITE     *

Restart kerberos service

sudo systemctl restart krb5kdc

Destroy a kerberos database (optional)

sudo kdb5_util -r TBOX.SITE destroy

Initial Principal Admin setup in kadmin

sudo kadmin.local

kadmin.local: addprinc root/admin

kadmin.local: q

Add additional users to specific realm with random key

addprinc -randkey daniel@TBOX.SITE

Add additional users to specific realm with password and default realm

addprinc dev

Credential list

List credentials

klist

Ticket cache: KCM:1001:31655

Default principal: dev@TBOX.SITE

Valid starting       Expires              Service principal

10/27/2021 18:29:48  10/28/2021 18:29:48  krbtgt/TBOX.SITE@TBOX.SITE

        renew until 10/27/2021 18:29:48

Create credentials

kinit root/admin

kinit dev

Delete credentials (optional)

kdestroy -A

Keytab management

ktutil

Load keytab data

rkt /tmp/postgres.keytab

List cached

list

Remove entry

delent {slot_number}

Create keytab for use in remote server (to be confirmed)

addprinc -randkey HTTP/www.mydomain.org@MYDOMAIN.ORG

ktadd -k /tmp/http.keytab HTTP/www.mydomain.org@MYDOMAIN.ORG

Copy /tmp/http.keytab to the site

Reduce image size on Linux

ImageMagick provide tools on Linux to manipulate images such as those of the  JPEG, TIFF, PNM, GIF and Photo CD image formats. Default installation includes special effects that can be applied to the images.

Using other Linux scripts and commands, there are many uses to the tool provided by ImageMagick.

Install on Centos 

sudo yum install ImageMagick

Or

sudo dnf install ImageMagick

Resize images

convert original_apple.jpg -resize 1024 new_apple.jpg

Search files larger than 2Mb size in a directory and convert image to max width 2048 while preserving image ratio.

find directory_name -type f  -size +2M -exec convert {} -resize 2048 {} \;

Other actions by ImageMagick

Change image compression (value between 1 and 100)

convert original_apple.jpg -quality 95 new_apple.jpg

Resize image by height 

convert original_apple.jpg -resize x200 new_apple.jpg

Rotate an image

convert original_apple.jpg -rotate 180 new_apple.jpg

Convert PNG format to JPEG

convert original_apple.png original_apple.jpg

This will remove any transparency in PNG.

Apply an image effect.

convert original_apple.png -swirl 45 original_apple.jpg

Following are effects available:

-annotate geometry text

-charcoal radius

-enhance

-implode amount

-monochrome

-sketch geometry

-swirl degrees

-transpose

-transverse