brunowego / poc-mit-kerberos

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

MIT Kerberos

Using Password

docker-compose \
  -f ./docker-compose.krb5.yml \
  -f ./docker-compose.through.yml \
  exec through-password klist
docker-compose \
  -f ./docker-compose.krb5.yml \
  -f ./docker-compose.through.yml \
  exec through-password /bin/sh -c 'echo "keniac" | kinit eniac'

Using PAM

docker-compose \
  -f ./docker-compose.krb5.yml \
  -f ./docker-compose.through.yml \
  exec through-pam klist
docker-compose \
  -f ./docker-compose.krb5.yml \
  -f ./docker-compose.through.yml \
  exec -u eniac through-pam /bin/sh -c 'su - johndoe' # kjohndoe

Using Keytab

cat << EOF | docker build $(echo $DOCKER_BUILD_OPTS) -t example/host -
FROM centos:7

RUN yum -y install krb5-workstation openssh-clients sshpass

RUN sed -i 's/^ default_ccache_name/# default_ccache_name/' /etc/krb5.conf

EOF
docker run -it --rm \
  $(echo $DOCKER_RUN_OPTS) \
  -h host \
  -v "$PWD"/services/through-keytab/krb5.conf.d:/etc/krb5.conf.d \
  -v "$PWD"/services/through-keytab/keytabs:/etc/security/keytabs \
  --name host \
  --net workbench \
  example/host:latest /bin/bash
#
klist

#
klist -etk /etc/security/keytabs/eniac.keytab

#
kinit -kt /etc/security/keytabs/eniac.keytab host/through-keytab@KRB5.LOCAL

#
sshpass -p 'keniac' ssh \
  -o UserKnownHostsFile=/dev/null \
  -o StrictHostKeyChecking=no \
  eniac@through-keytab

About


Languages

Language:Dockerfile 45.7%Language:Makefile 31.5%Language:Shell 22.8%