Now we can start creating the two new Kerberos realms. Before we begin, we must establish the prerequisites that must be satisfied before implementation of the new realms can start. The first prerequisite is a DNS server with functioning forward and reverse DNS zones for the sample.com DNS domain. In our example, the service is hosted through the existing Active Directory domain, and appropriate DNS records have been added to the zone files already for all of the machines in our sample network.
The second prerequisite is that all machines have NTP installed and configured. The Windows domain will perform time synchronization against the domain controllers, but NTP must be manually installed and configured on the Unix machines. Before the Kerberos realms is implemented as described below, these two services must be functioning correctly.
We’ll start with UNIX.SAMPLE.COM. Both KDCs, unixkdc1.sample.com and unixkdc2.sample.com, have a fresh installation of the latest FreeBSD distribution. Two 18GB hot-swappable SCSI disks have been installed into each machine, and each box has a hardware RAID card set up to do mirroring across the installed drives. The partition layout looks like Table 9-1.
Table 9-1. Partition table for Unix hosts
Root drive, includes all operating system programs and data
Kerberos database and software
Kernel swap space
This layout gives ample room ...