updating config and adding how to kerberos description

src/kerberos/etc/krb5.conf

@@ -4,13 +4,12 @@
     dns_lookup_realm = false
     permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac
 
-
- [realms]
- EXAMPLE.COM = {
-    kdc = dbildungs-iam-server-kdc-1
-    admin_server = dbildungs-iam-server-kdc-1
- }
+[realms]
+    EXAMPLE.COM = {
+        kdc = dbildungs-iam-server-kdc-1
+        admin_server = dbildungs-iam-server-kdc-1
+    }
 
- [domain_realm]
+[domain_realm]
     .example.com = EXAMPLE.COM
     example.com = EXAMPLE.COM

src/kerberos/how to kerberos.md

@@ -0,0 +1,52 @@
+create new principal:
+
+HTTP/[email protected]
+
+```
+kadmin.local
+addprinc HTTP/[email protected]
+ktadd -k /etc/krb5.keytab HTTP/[email protected]
+```
+
+Export keytab
+
+krb5.conf
+```
+[libdefaults]
+    default_realm = EXAMPLE.COM
+    dns_lookup_kdc = false
+    dns_lookup_realm = false
+    permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac
+
+[realms]
+    EXAMPLE.COM = {
+        kdc = dbildungs-iam-server-kdc-1
+        admin_server = dbildungs-iam-server-kdc-1
+    }
+
+[domain_realm]
+    .example.com = EXAMPLE.COM
+    example.com = EXAMPLE.COM
+```
+
+copy keytab file and krb5.conf file to keycloak image to /etc
+
+set Kerberos Provider with
+
+![[Pasted image 20241217162644.png]]
+
+restart keycloak
+
+create new in Keykloak
+create Userprincipal in kerberos server:
+
+```
+kadmin.local
+addprinc [email protected]
+```
+
+Login to Client with activated Kerberos flow
+
+Create Kerberos Token in keycloak with:
+
+kinit <username>