GL974 - Kerberos for Linux

This course is a subset of topics found in the GL550 "Enterprise Linux Security Administration" and designed to just cover Kerberos for Linux.

Prerequisites:

Strong Linux systems administration experience

Supported Distributions:
Red Hat Enterprise Linux 6
Course Outline:
  1. Kerberos Concepts and Components
    1. Common Security Problems
    2. Account Proliferation
    3. The Kerberos Solution
    4. Kerberos History
    5. Kerberos Implementations
    6. Kerberos Concepts
    7. Kerberos Principals
    8. Kerberos Safeguards
    9. Kerberos Components
    10. Authentication Process
    11. Identification Types
    12. Logging In
    13. Gaining Privileges
    14. Using Privileges
    15. Kerberos Components and the KDC
    16. Kerberized Services Review
    17. Kerberized Clients
    18. KDC Server Daemons
    19. Configuration Files
    20. Utilities Overview
  2. Implementing Kerberos
    1. Plan Topology and Implementation
    2. Kerberos 5 Client Software
    3. Kerberos 5 Server Software
    4. Synchronize Clocks
    5. Create Master KDC
    6. Configuring the Master KDC
    7. KDC Logging
    8. Kerberos Realm Defaults
    9. Specifying [realms]
    10. Specifying [domain_realm]
    11. Allow Administrative Access
    12. Create KDC Databases
    13. Create Administrators
    14. Install Keys for Services
    15. Start Services
    16. Add Host Principals
    17. Add Common Service Principals
    18. Configure Slave KDCs
    19. Create Principals for Slaves
    20. Define Slaves as KDCs
    21. Copy Configuration to Slaves
    22. Install Principals on Slaves
    23. Synchronization of Database
    24. Create Stash on Slaves
    25. Start Slave Daemons
    26. Client Configuration
    27. Install krb5.conf on Clients
    28. Client PAM Configuration
    29. Install Client Host Keys
    Lab Tasks
    1. Implementing Kerberos
  3. Administering and Using Kerberos
    1. Administrative Tasks
    2. Key Tables
    3. Managing Keytabs
    4. Managing Principals
    5. Viewing Principals
    6. Adding, Deleting, and Modifying Principals
    7. Principal Policy
    8. Overall Goals for Users
    9. Signing In to Kerberos
    10. Ticket types
    11. Viewing Tickets
    12. Removing Tickets
    13. Passwords
    14. Changing Passwords
    15. Giving Others Access
    16. Using Kerberized Services
    17. Kerberized FTP
    18. Enabling Kerberized Services
    19. OpenSSH and Kerberos
    Lab Tasks
    1. Using Kerberized Clients
    2. Forwarding Kerberos Tickets
    3. OpenSSH with Kerberos
  4. Securing the Filesystem
    1. Filesystem Mount Options
    2. NFS Properties
    3. NFS Export Option
    4. NFSv4 and GSSAPI Auth
    5. Implementing NFSv4
    6. Implementing Kerberos with NFS
    7. GPG – GNU Privacy Guard
    8. File Encryption with OpenSSL
    9. File Encryption With encfs
    10. Linux Unified Key Setup (LUKS)
    Lab Tasks
    1. Securing Filesystems
    2. Securing NFS
    3. Implementing NFSv4
    4. File Encryption with GPG
    5. File Encryption With OpenSSL
    6. LUKS-on-disk format Encrypted Filesystem
  1. Kerberos Auth for Apache
    1. Apache Access Controls (mod_access)
    2. Authentication via Kerberos
    Lab Tasks
    1. Enabling SSO in Apache with mod_auth_kerb
  2. Kerberos Auth for PostgreSQL
    1. PostgreSQL Overview
    2. PostgreSQL Default Config
    3. Configuring SSL
    4. Client Authentication Basics
    5. Advanced Authentication
    6. Ident-based Authentication
    Lab Tasks
    1. Configure PostgreSQL
    2. PostgreSQL with SSL
    3. PostgreSQL with Kerberos Authentication
    4. Securing PostgreSQL with Web Based Applications
Upcoming GL974 Classes
No classes currently scheduled.
Request this class
Don't see what you're looking for? Check our schedule or make a request.