Skip to content
/ docker-kerberos-with-ldap Public

Ubuntu based Kerberos server which is compatible with LDAP (even in Docker network).

12 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nugaon/docker-kerberos-with-ldap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
config.sh
config.sh
 
 

Repository files navigation

Docker kerberos

This image is for testing purposes for Kerberos/LDAP environments. With this Kerberos image you can initialize an Ubuntu based Kerberos server with LDAP connections. The whole project based on mrenouf/docker-images repository, but this codebase is not compatible with that.

Quick start

docker run -d --net docker_overlay -v /dev/urandom:/dev/random --name kerberos nugaon/kerberos-with-ldap

The containers have a pretty bad entropy level so the KDC won't start because of this. We can overcome this by using /dev/urandom which is less secure but does not care about entropy. Obviously, this Kerberos container has to be run on the same network as the ldap container or make it possible to reach the outsider LDAP server. For the former case, I suggest for you to use my compatible LDAP docker with Kerberos image nugaon/openldap-with-kerberos, that you can find on GitHub as well.

Useful environment variables:

Environment variables Description Default value
REALM the Kerberos realm EXAMPLE.COM
DOMAIN_REALM the DNS domain for the realm example.com
KERB_MASTER_KEY master key for the KDC masterkey
KERB_ADMIN_USER administrator account name admin
KERB_ADMIN_PASS administrator's password admin
SEARCH_DOMAINS domain suffix search list example.com
LDAP_DC domain suffix search list dc=example,dc=com
LDAP_USER ldap service user admin
LDAP_PASS ldap service pass admin
LDAP_URL ldap url ldap://ldap

Bind LDAP user to Kerberos DB

If you add new users in LDAP you have to register them in Kerberos as well in order to utilize Kerberos authentication. It is possible by the following command:

docker exec -ti $KERBEROS_CONTAINER kadmin.local -q 'addprinc -x dn=$USER_DN $USER_KERB_NAME'

example

docker exec -ti kerberos kadmin.local -q 'addprinc -x dn=cn=Teszt" "Elek,cn=users,dc=ldap,dc=hiflylabs,dc=hu telek'

Test

Once kerberos is enabled you need a ticket to execute any job on the cluster. Here's an example to get a ticket:

docker exec -ti kerberos sh -c "kinit admin && klist"

It authenticates the LDAP associated admin user by the Kerberos server.

About

Ubuntu based Kerberos server which is compatible with LDAP (even in Docker network).

Resources

Readme
Activity

Stars

12 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages