RHCE - exam
1. Configure Authentication using Kerberos Protocol
a) Understanding Kerberos Authentication Protocol
What is Kerberos Protocol?
- Kerberos is a network authentication protocol created by MIT
-It uses symmetric-key cryptography to authenticate users to network services so the passwords are never actually sent over the network.
-The authentication mechanism will be done through Tickets.
-The KDC Server (Key Distribution Center) will be responsible for giving the users that Tickets, so it is an SSO System.
-It has its own Database to store passwords of all users.
-It does not store user information (Shell, home Directory ...etc.) like LDAP, Kerberos Provides Authentication Process.
-Realm:
*The Administrative Domain and it is written as Upper-Case like (example.com)
-Principle:
*An Entry in the authentication DB of Kerberos like (nfs/nfs.example.com)
-KDC (Key Distribution Center):
*KDC Server has 3 Components:
**1. DB: to host all Principles Information
**2. Auth Server: to initialize the Authentication Process.
**3. TGS: (Ticket Granting Ticket) to generate encrypted keys and to be sent to the user
-Ticket:
*The client gets this Ticket from the KDC and present it to the Network Service to Access
Authentication Process - Kerberos realm
1) User sends principal identity and credentials to the KDC (TGT request) - user
2) KDC checks for the principal database - KDC+database
3) KDC creates TGT and wraps it in the principal's user key - TGT+key
4) TGT is decrypted and stored in the credentials cache - credentials cache
5) checks the list of active TGT in the keytab - Kerberos-aware applications & services -> keytab
Authentication Process
1) Client wants to Access Network Service lie (NFS)
2) Client will request TGS (Ticket Granting Session) from the KDC Server
3) KDC Server will Grant the user Encrypted TGT (Ticket Granting Ticket)
4) Client will Present this TGT to the Network Service
5) Network Service will Verify the user's Ticket
6) Now the Client can Access the Network Service Normally
b) Setup KDC Admin Server
c) Configure Client for Kerberos Authentication
2. NFS File Sharing
a) Features of NFS v4
b) NFS Network Shares for Group Collabaration
c) Using Kerberos to Control Access to Network Shares
3. SMB File Sharing
a) Samba Server Overview
b) Creating SMB Share
c) Provide network shares suitable for group collaboration
4. Advanced Networking using Network Manager
a) Setting Up Static Routing
b) Understanding Network Bridges
c) Setting Up Network Bridges
d) Understanding Network Teaming and Bonding
e) Configuring Network Teaming
f) Configure IPv6
5. Managing Firewalld
a) Understanding Firewalld
b) Configuring Rich Rules
c) NAT and Port forwarding
d) Configuring NAT and Port forwarding
6. DNS Server
a) Understanding DNS Server
b) Configuring Cache-Only DNS Server
7. Apache Web Server
a) Understanding Apache Web Server
b) Creating Virtual Host
c) Configuring Private Directiories
d) Deploy Basic CGI Application
e) Configuring Group-Managed Content
f) Configuring TLS Security
8. ISCSI Storage
a) Understanding ISCSI Target & Initiator
b) Configure ISCSI Target
c) Setting Up ISCSI Initiatior
9. SMTP Server
a) Understanding Mail Service
b) Configure a system to forward all email to a central mail server
10. Managing SSH
a) Understanding SSH Security
b) Configuring Key-Based Authentication
11. Maria DB
a) Installing Maria DB
b) Backup & Restore a DB
c) Create DB Schema
d) Running SQL Queries
12. NTP
a) Setup NTP Service
13. Shell scripting
a) Shell Scripting to Automate System Maintenance
14. Logging & Monitoring
a) Setting Up Remove Logging using rsyslogd
b) Integrating rsyslogd with Journalctl
c) Useful Tools to Analize System Performance
d) Working with sysctl
a) Understanding Kerberos Authentication Protocol
What is Kerberos Protocol?
- Kerberos is a network authentication protocol created by MIT
-It uses symmetric-key cryptography to authenticate users to network services so the passwords are never actually sent over the network.
-The authentication mechanism will be done through Tickets.
-The KDC Server (Key Distribution Center) will be responsible for giving the users that Tickets, so it is an SSO System.
-It has its own Database to store passwords of all users.
-It does not store user information (Shell, home Directory ...etc.) like LDAP, Kerberos Provides Authentication Process.
-Realm:
*The Administrative Domain and it is written as Upper-Case like (example.com)
-Principle:
*An Entry in the authentication DB of Kerberos like (nfs/nfs.example.com)
-KDC (Key Distribution Center):
*KDC Server has 3 Components:
**1. DB: to host all Principles Information
**2. Auth Server: to initialize the Authentication Process.
**3. TGS: (Ticket Granting Ticket) to generate encrypted keys and to be sent to the user
-Ticket:
*The client gets this Ticket from the KDC and present it to the Network Service to Access
Authentication Process - Kerberos realm
1) User sends principal identity and credentials to the KDC (TGT request) - user
2) KDC checks for the principal database - KDC+database
3) KDC creates TGT and wraps it in the principal's user key - TGT+key
4) TGT is decrypted and stored in the credentials cache - credentials cache
5) checks the list of active TGT in the keytab - Kerberos-aware applications & services -> keytab
Authentication Process
1) Client wants to Access Network Service lie (NFS)
2) Client will request TGS (Ticket Granting Session) from the KDC Server
3) KDC Server will Grant the user Encrypted TGT (Ticket Granting Ticket)
4) Client will Present this TGT to the Network Service
5) Network Service will Verify the user's Ticket
6) Now the Client can Access the Network Service Normally
b) Setup KDC Admin Server
c) Configure Client for Kerberos Authentication
2. NFS File Sharing
a) Features of NFS v4
b) NFS Network Shares for Group Collabaration
c) Using Kerberos to Control Access to Network Shares
3. SMB File Sharing
a) Samba Server Overview
b) Creating SMB Share
c) Provide network shares suitable for group collaboration
4. Advanced Networking using Network Manager
a) Setting Up Static Routing
b) Understanding Network Bridges
c) Setting Up Network Bridges
d) Understanding Network Teaming and Bonding
e) Configuring Network Teaming
f) Configure IPv6
5. Managing Firewalld
a) Understanding Firewalld
b) Configuring Rich Rules
c) NAT and Port forwarding
d) Configuring NAT and Port forwarding
6. DNS Server
a) Understanding DNS Server
b) Configuring Cache-Only DNS Server
7. Apache Web Server
a) Understanding Apache Web Server
b) Creating Virtual Host
c) Configuring Private Directiories
d) Deploy Basic CGI Application
e) Configuring Group-Managed Content
f) Configuring TLS Security
8. ISCSI Storage
a) Understanding ISCSI Target & Initiator
b) Configure ISCSI Target
c) Setting Up ISCSI Initiatior
9. SMTP Server
a) Understanding Mail Service
b) Configure a system to forward all email to a central mail server
10. Managing SSH
a) Understanding SSH Security
b) Configuring Key-Based Authentication
11. Maria DB
a) Installing Maria DB
b) Backup & Restore a DB
c) Create DB Schema
d) Running SQL Queries
12. NTP
a) Setup NTP Service
13. Shell scripting
a) Shell Scripting to Automate System Maintenance
14. Logging & Monitoring
a) Setting Up Remove Logging using rsyslogd
b) Integrating rsyslogd with Journalctl
c) Useful Tools to Analize System Performance
d) Working with sysctl
Komentarze
Prześlij komentarz