90 likes | 228 Views
ITIS 3110 Lab 5. Kerberos & LDAP. Kerberos & LDAP. Kerberos is used for... LDAP is used for... The purpose of this lab is to give you a glimpse into the world of centralized authentication and authorization
E N D
ITIS 3110 Lab 5 Kerberos & LDAP
Kerberos & LDAP Kerberos is used for... LDAP is used for... The purpose of this lab is to give you a glimpse into the world of centralized authentication and authorization As you complete the work, think of what having a working Kerberos & LDAP installation would benefit your large corporate environment
Kerberos - DNS Kerberos REQUIRES DNS to be working properly • Use dig to determine of your subzone is functional • If it isn't, you need to get this working After modifying the zone file • Don't forget to increment the serial number • Don't forget to resign the zone • READ the status of your dig to verify proper DNS configuration!!!!
Kerberos Installation - You CANNOT install MIT Kerberos through a remote console. You need to be on the server VM console. * Note: This is the only thing this semester you need to be on the server console to do Make sure you are root for Kerberos configuration kadmin.local is a command with prompts after the command is initiated You will come across commands that use this instead of command line flags
LDAP LDIF • 2 files (yes these are just text files) • These are not the directory, they load the directory • init.ldif - creates the top level OUs • user.ldif - creates your new LDAP/Kerberos user OK, lets look at the file and draw our tree
LDAP init.ldif dc = lab dc = hades dc = LAST_NAME ou = People ou = Group
LDAP user.ldif dc = lab dc = hades dc = LAST_NAME ou = People ou = Group uid = NEWUSER cn = NEWUSER dn = dn = NEWUSER,People,LAST_NAME,hades,lab NEWUSER,Group,LAST_NAME,hades,lab
Kerberos & LDAP - Client Client configuration • Kerberos for authentication • LDAP for userids and groupids