Linux. Level 4: Identity Management and Access Control - course RUB 34,490. from Specialist, training, Date: November 30, 2023.

Miscellaneous   /   by admin   /   December 03, 2023

click fraud protection

Consider the network of a typical enterprise. We will see several dozen workstations, a couple of file servers, an email server, and an Internet gateway. How to make sure that an employee enters his login and password once in the morning, after which he can “transparently” use everything corporate services - surf the Internet, read messages in corporate chat and email, work with files on server?
All this is not difficult if you use software from one manufacturer, for example, Microsoft. However, this is not always the case. What if we have Linux workstations in addition to Windows? What if we have a Postfix/Dovecot mail server? Is it possible to organize authorized Internet access through a Squid proxy server? Is it possible to organize a file server on Linux with the Samba package? Is it possible to save on Microsoft AD licenses and deploy an analogue on a Linux server? What are the advantages and disadvantages of this or that solution?
Answers to these and other questions related to secure and transparent (one-time) Single Sign On (SSO) identification of users and organization of unified workplaces - workplace innovation (WPI), contains in this course. You will become familiar with technologies such as NIS, PAM, NSS, Kerberos, LDAP, GSSAPI. You will be offered three options for organizing an identification system on the network:

instagram viewer

At the same time, the services themselves - SSH, HTTP, CIFS, IMAP, SMTP, XMPP will run under our favorite operating system - Linux.
The purpose of the course is to help students choose the most optimal solution in terms of cost and functionality.

You will learn:
Understand the composition and operating principles of such packaged products as Microsoft Active Directory and, in general, why include Linux systems in them
Use PAM and NSS libraries to identify users on Linux systems.
Use the LDAP protocol to store information about users on the enterprise network.
Deploy your own analogue of FreeIPA to identify users in mixed Linux/Windows networks.
Use Microsoft Active Directory with Linux workstations and servers.
Use Samba servers as a file server and domain controller.

Module 1. Deployment of an enterprise network (1 ac. h.)

Stand layout
Lab: Basic Setup of Linux Systems

Module 2. Retrospective of authentication and authorization mechanisms in UNIX (2 ac. h.)

Basic authentication and authorization mechanisms in UNIX
Network authentication and authorization system NIS
Lab: Using the NIS Protocol to Authenticate and Authorize Linux Users
Lab: Using NFS to Centrally Store Roaming User Profiles

Module 3. Modern authentication and authorization mechanisms in UNIX (2 ac. h.)

PAM Library
NSS Library
Lab: Authorization Using the NSS Library
Lab: Authentication Using the PAM Library
Lab: Using Modules for SSO Authentication of SSH Service Users

Module 4. Authentication using the Kerberos protocol (3 ac. h.)

Kerberos Protocol - Operating Principles and Use Cases
GSSAPI is a software interface for implementing SSO
Lab: Adding SRV Records to DNS and Synchronizing Time
Lab: Installing a KDC and Registering User and Service Principals in the Kerberos Realm
Lab: Using the GSSAPI protocol for SSO authentication of SSH, HTTP, IMAP, SMTP, CIFS, XMPP services for Linux users

Module 5. Windows clients in the Kerberos sphere of Linux (3 ac. h.)

Architecture of local and domain authentication of Windows workstations
Lab: Registering Windows Clients in the Kerberos Realm of Linux
Lab: Using the GSSAPI protocol for SSO authentication of SSH, HTTP, IMAP, SMTP, CIFS, XMPP services for Windows users

Module 6. LDAP protocol (3 ac. h.)

LDAP Protocol - Basics, Purpose and Use Cases
Lab: Using LDAP to Authenticate Linux Users
Lab: Using an LDAP directory to store additional information about network users (corporate address book)

Module 7. Using Microsoft Active Directory for authentication and authorization of users and services (3 ac. h.)

Microsoft AD Architecture and Interfaces
Lab: Deploying a Domain Controller
Lab: Joining Windows and Linux Workstations to a Domain
Lab: Using the LDAP Interface to Authenticate Linux Users in Microsoft AD
Lab: Registering Linux Service Principals in Microsoft AD
Lab: Using SSPI and GSSAPI protocols to authenticate Windows and Linux users on SSH, HTTP, IMAP, SMTP, LDAP, CIFS, XMPP servers

Module 8. Using Winbind and SSSD/Realmd services (3 ac. h.)

Architecture and use cases for Winbind and SSSD/Realmd servicesLab: Using Winbind and SSSD/Realm services to register Linux systems in Microsoft AD
Lab: Using Winbind to Manage Service Keys in Microsoft AD
Lab: Using Winbind and SSSD/Realm Services to Generate UNIX Microsoft AD User Attributes
Lab: Using Winbind to Authenticate Microsoft AD Users on Linux Servers

Module 9. Using the Samba4 package as a domain controller (3 ac. h.)

History of the development of Microsoft identification systems
Pros and cons of Samba4 as a domain controller
Lab: Configuring Samba4 as a Domain Controller
Lab: Registering Windows and Linux Workstations in a Samba4 Domain
Lab: Using a Samba4 domain to authenticate and authorize Windows and Linux users on SSH, HTTP, IMAP, SMTP, LDAP, CIFS, XMPP servers
Lab: Using Group Policies in Samba4

Module 10. Results and conclusions (1 academic. h.)

Comparison of authentication and authorization technologies, their positive and negative sides.

Tags cloud
Rating
0
Views
0
Comments
YOU MIGHT ALSO LIKE
Instagram story viewer