{"id":13648972,"url":"https://github.com/gcavalcante8808/docker-krb5-server","last_synced_at":"2026-01-16T14:31:15.360Z","repository":{"id":17949713,"uuid":"77538488","full_name":"gcavalcante8808/docker-krb5-server","owner":"gcavalcante8808","description":"A Krb5Server Docker Image very easy and simple to use.","archived":false,"fork":false,"pushed_at":"2024-07-18T15:23:24.000Z","size":23,"stargazers_count":37,"open_issues_count":2,"forks_count":25,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-22T11:42:49.937Z","etag":null,"topics":["docker-image","kadmin","krb5-kdc","krb5-realm","krb5-server"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gcavalcante8808.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-28T14:26:54.000Z","updated_at":"2025-03-16T17:10:08.000Z","dependencies_parsed_at":"2024-11-09T23:31:07.273Z","dependency_job_id":"778497dd-db30-41e8-90da-29fe0b628e2e","html_url":"https://github.com/gcavalcante8808/docker-krb5-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gcavalcante8808/docker-krb5-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gcavalcante8808%2Fdocker-krb5-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gcavalcante8808%2Fdocker-krb5-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gcavalcante8808%2Fdocker-krb5-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gcavalcante8808%2Fdocker-krb5-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gcavalcante8808","download_url":"https://codeload.github.com/gcavalcante8808/docker-krb5-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gcavalcante8808%2Fdocker-krb5-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28479396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","kadmin","krb5-kdc","krb5-realm","krb5-server"],"created_at":"2024-08-02T01:04:40.758Z","updated_at":"2026-01-16T14:31:15.340Z","avatar_url":"https://github.com/gcavalcante8808.png","language":"Shell","funding_links":["https://www.buymeacoffee.com/gcavalcante8808"],"categories":["Shell"],"sub_categories":[],"readme":"↖️ Table of Contents\n\n\u003ch1 align=\"center\"\u003e\u003ccode\u003eKrb5 Server - Docker Image\u003c/code\u003e\u003c/h1\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://github.com/gcavalcante8808/docker-krb5-server/actions/workflows/cd.yaml\"\u003e\n    \u003cimg src=\"https://github.com/gcavalcante8808/docker-krb5-server/actions/workflows/cd.yaml/badge.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/gcavalcante8808/docker-krb5-server/actions/workflows/tests.yaml\"\u003e\n    \u003cimg src=\"https://github.com/gcavalcante8808/docker-krb5-server/actions/workflows/tests.yaml/badge.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.buymeacoffee.com/gcavalcante8808\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-buy_me_a%C2%A0coffee-gray?logo=buy-me-a-coffee\" alt=\"buy me a coffee\"\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\u003cbr\u003e\n\nKrb5 Server\n-----------\n\nThis is a gcavalcante8808/krb5-server image with MIT Kerberos v5 installed with Alpine as base image. \n\nDaily Builds are available and linux/amd64 and linux/arm64 support.\n\nSimple Usage\n------------\n\nIf you just want to create a Krb5 Server from scratch, just clone the repository and use docker compose to bring it up quickly:\n\n```\n    cd tmp\n    git clone https://github.com/gcavalcante8808/docker-krb5-server.git\n    cd docker-krb5-server\n    docker compose up -d\n```\n\nBy default, an anonymous volume will be created and mounted on /var/lib/krb5kdc but you can mount your own\nvolume. Use the example bellow as a guide:\n\n```yml\nvolumes:\n    krb5kdc-data:\n\nservices:\n   kdc:\n     image: gcavalcante8808/krb5-server\n     build: .\n     restart: always\n     ports:\n      - \"88:88\"\n      - \"464:464\"\n      - \"749:749\"\n     environment:\n       KRB5_REALM: EXAMPLE.COM\n       KRB5_KDC: localhost\n     volumes:\n      - krb5kdc-data:/var/lib/krb5kdc\n```\n\nUsage\n-----\n\nYou need to supply the following environment variables:\n\n * KRB5_REALM (MANDATORY): Your KRB5 REALM name in Upper Case and DNS format, like EXAMPLE.COM;\n * KRB5_KDC (MANDATORY): Your KRB5 KDC Address. It's recommended that you use a TXT Dns entry, but you can use localhost for a simple installation (if you use localhost you can't setup the KDC slaves later ...);\n * KRB5_ADMINSERVER(OPTIONAL): If not provided will be the same value that was provided for KRB5_KDC;\n * KRB5_PASS: KDB and **admin** password for the database. If you don't provide this value, one will be created and printed in the first time that container is started; **write down this password, it is necessary to login with kadmin and unblock the kdb files**.\n\nWith all this information, you can now run the container:\n\n```\n    docker run -d --name krb5-server -e KRB5_REALM=EXAMPLE.COM -e KRB5_KDC=localhost -e KRB5_PASS=mypass -p 88:88 -p 464:464 -p 749:749 gcavalcante8808/krb5-server\n```\n\nIf you haven't provided the password, find it at the logs:\n\n```\n    docker logs krb5-server\n```\n\nTo acquire a ticket from your new domain, create a krb5.conf on \"/etc\" with the following config:\n\n```\n[libdefaults]\n dns_lookup_realm = false\n ticket_lifetime = 24h\n renew_lifetime = 7d\n forwardable = true\n rdns = false\n default_realm = YOURREALM.FQDN\n \n[realms]\n YOURREALM.FQDN = {\n    kdc = localhost\n    admin_server = localhost\n }\n\n```\n\nBy default Kerberos client on Apple laptops is having troubles to connect to KDC with following error message:\n```\nkinit admin@EXAMPLE.COM\nadmin@EXAMPLE.COM's password: \nkinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM, tried 1 KDC\n```\n\nIt happens because Kerberos client doesn't fall to TCP protocol to fix it, you have to change your krb5.conf file\n```\n[libdefaults]\n dns_lookup_realm = false\n ticket_lifetime = 24h\n renew_lifetime = 7d\n forwardable = true\n rdns = false\n default_realm = YOURREALM.FQDN\n \n[realms]\n YOURREALM.FQDN = {\n    kdc = tcp/localhost:88\n    admin_server = tcp/localhost:749\n }\n\n```\n\nAfter that changes you can successfully run `kinit` command mentioned above\n\nBy Default just the user admin/admin@REALM is created; to test the setup, try to acquire the ticket with the following commands:\n\n```\n    kinit admin/admin@YOURREALM.FQDN # Will prompt for the password provided or the generated.\n    klist\n```\n\n**The Default Kadmin policy allows all members inside /admin policy to do anything in your kerberos database(default to * perm); if you need a more simple user, you can create users with /service policy (which defaults to aci perm)**.\n\nNote About Low Entropy and Kerberos Database Creation\n-----------------------------------------------------\n\nIf your container won't start properly and show a message like \"Loading random data\" for a couple minutes, it indicates that the system don't have enough entropy available to provide a secure cryptographic loop to the program.\n\nIn this case you can use rngd (will be necessary to restart the container after this):\n\n```\n    /sbin/rngd\n```\n\nYou can use `havaged` as well, as we can see in the digitalOcean tutorial:\n\nhttps://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged\n\nAfter this, you just need to restart your container and it is g-n-go.\n\nOther Information\n-----------------\n\nThis container uses the Krb5-Server provided by the Alpine Team. Take a look at the alpine site to verify the available versions of the package.\n\nFor more information on how to configure the clients or even the server take a loot at the MIT Krb5 Documentation.\n\nCheck the issues page at github if you want to contribute or profile a bug/request/enhancement.\n\nRunning Tests\n-------------\n\nThere are a set of tests (written in python) available on the tests directory. \n\nYou run can the tests by running `make run-tests-on-docker` command.\n\nNote: By Default, it requires docker/docker-compose and make installed and working.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgcavalcante8808%2Fdocker-krb5-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgcavalcante8808%2Fdocker-krb5-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgcavalcante8808%2Fdocker-krb5-server/lists"}