Course Locator

Integrate Linux Services with SSL, LDAP & Kerberos, Advanced Technical Training, Course 9065

Course Overview

In this course, you are introduced to the configuration of an Open Source identity server base on OpenSSL, OpenLDAP and MIT Kerberos. Integration of common Linux services with this identity server is then covered.  Services that are covered include: Apache, NFS, Samba, DHS, DHCP and Libvirt.

Training Level: 3 - Experienced

Duration: 3 Days

Key Objectives

During this course, you learn the following concepts and skills fundamental to integrating Linux services:

  • Introduction to Secure Authentication Mechanisms
  • Configure TLS/SSL
  • Configure OpenLDAP Servers and Clients
  • Configure Kerberos Servers and Clients
  • Configure SSH to Use Kerberos
  • Integrate Apache with SSL and LDAP
  • Integrate NFSv4 with Kerberos
  • Integrate a Samba Domain Controller with LDAP
  • Integrate Samba with Active Directory and LDAP
  • Libvirt with LDAP, Kerberos and SSL
  • Integrate DNS with LDAP
  • Integrate DHCP with LDAP

Audience Summary

This course is designed for those who need to integrate Linux services with SSL, LDAP, & Kerberos.

Course Prerequisites

Before taking this course, you should have basic Linux administrative skills.

Course Outline

SECTION 1 – Introduction to Secure Authentication Mechanisms

  • Objective 1: Introduction to Secure Authentication and Transport
  • Objective 2: Cryptography Techniques
  • Objective 3: Cryptography Methods
  • Objective 4: Authentication Protocols
  • Objective 5: Authentication Mechanisms
  • Objective 6: Authentication Providers
  • Objective 7: Session Encryption Protocols
  • Objective 8: Secure Service Protocols

SECTION 2 – Configure TLS/SSL

  • Objective 1: Introduction to TLS/SSL
  • Objective 2: TLS/SSL Files and Directories
  • Objective 3: Configure a Certificate Authority
  • LAB 2-1: Configure a Certificate Authority with YaST
  • Objective 4: Generate Certificates
  • LAB 2-2: Generate a Common Server Certificate with YaST
  • LAB 2-3: Generate an SSL Server Certificate for the 2nd LDAP Server
  • Objective 5: Revoke Certificates
  • Objective 6: (Optional) OpenSSL CLI Exercises

SECTION 3 – Configure OpenLDAP Servers and Clients

  • Objective 1: Introduction to OpenLDAP
  • Objective 2: OpenLDAP Files and Directories
  • Objective 3: Configure an OpenLDAP Server
  • LAB 3-1: Configure and NTP Server on the LDAP Servers
  • LAB 3-2: Configure an OpenLDAP Master Server
  • Objective 4: LDAP CLI Utilities
  • Objective 5: OpenLDAP Replication
  • LAB 3-3: Configure an OpenLDAP Slave Server
  • LAB 3-4: Configure an OpenLDAP Multi-Master Replication
  • LAB 3-5: Create LDAP Users and Groups

SECTION 4 – Configure Kerberos Servers and Clients

  • Objective 1: Introduction to Kerberos
  • Objective 2: MIT Kerberos Files and Directories
  • Objective 3: Configure a Kerberos Server
  • LAB 4-1: Configure a Kerberos Server with a LDAP Back End
  • LAB 4-2: Configure a Kerberos Client with YaST
  • LAB 4-3: Create Kerberos Host Principals
  • LAB 4-4: Create Kerberos User Principals

SECTION 5 – Configure SSH to Use Kerberos

  • Objective 1: Configure SSH to Use Kerberos

SECTION 6 – Integrate Apache with SSL and LDAP

  • Objective 1: Introduction to Apache Configuration on SUSE Linux Enterprise
  • Objective 2: Configure Apache and SSL
  • LAB 6-1: Generate a SSL Server Certificate for a Web Server
  • LAB 6-2: Import a Common Server Certificate for the Web Server
  • LAB 6-3: Enable the Apache Daemon with LDAP and SSL
  • LAB 6-4: Configure Apache for HTTPS with SSL
  • Objective 3: Introduction to Apache Authentication and Authorization
  • LAB 6-5: Configure Apache and LDAP Auth

SECTION 7 – Integrate NFSv4 with Kerberos

  • Objective 1: Introduction to NFSv4
  • LAB 7-1: Configure an NTP Client
  • LAB 7-2: Configure and LDAP CLient with YaST
  • LAB 7-3: Configure a Kerberos Client with YaST
  • LAB 7-4: Configure PAM to Use Both Kerberos and LDAP
  • LAB 7-5: Configure SSH to Use Kerberos Authentication
  • LAB 7-6: Generate a Host Principal and Keytab for a NFS Server
  • LAB 7-7: Configure and NFSv4 Server with GSSAPI

SECTION 8 – Integrate a Samba Domain Controller with LDAP

  • Objective 1: Introduction to Samba Configuration on SUSE Linux Enterprise
  • Objective 2: Introduction to Samba Domain Control
  • LAB 8-1: Configure an LDAP Client with YaST
  • LAB 8-2: Configure a Kerberos Client with YaST
  • LAB 8-3: Configure PAM to Use Both Kerberos and LDAP
  • LAB 8-4: Generate a Host Principal and Keytab for a Server
  • LAB 8-5: Configure SSH to Use Kerberos Authentication
  • LAB 8-6: Configure a Samba Primary Domain Controller with a LDAP Back End
  • LAB 8-7: Configure a Samba Backup Domain Controller with a LDAP Back End
  • LAB 8-8: Create and Map LDAP Groups to NT Groups
  • LAB 8-9: Make LDAP Users Samba Users
  • LAB 8-10: Join a Windows 7 Computer to a Samba Domain

SECTION 9 – Integrate Samba with Active Directory and LDAP

  • Objective 1: Introduction to Samba Integration with Active Directory
  • LAB 9-1: Configure a Samba Server for a LDAP IDMap Back End
  • LAB 9-2: Join a Samba Server to an Active Directory Domain
  • LAB 9-3: Browse the LDAP Directory for IDMap objects

SECTION 10 – Libvirt with LDAP, Kerberos and SSL

  • Objective 1: Introduction to Libvirt
  • LAB 10-1: Configure an LDAP Client with YaST
  • LAB 10-2: Configure a Kerberos Client with YaST
  • LAB 10-3: Configure PAM to Use Both Kerberos and LDAP
  • LAB 10-4: Generate a Host Principal and Keytab for a Libvirt Server
  • LAB 10-5: Configure SSH to Use Kerberos Authentication
  • LAB 10-6: Create LDAP Groups and Users for Libvirt Administration
  • LAB 10-7: Delegate Libvirt Administration Based On LDAP Group Membership
  • LAB 10-8: Use Virt-Manager as a Non-root User on the Local System
  • LAB 10-9: Generate an SSL Server Certificate for a Libvirt Server
  • LAB 10-10: Generate a SSL Client Certificates for a Libvirt Clients
  • LAB 10-11: Install Client Certificates and Keys for Libvirt Clients
  • LAB 10-12: Enable Secure Remote Access to Libvirt via TLS
  • LAB 10-13: Use Virt-Manager to Connect to a Remote System via TLS
  • LAB 10-14: Enable Secure Remote Access to Libvirt via SASL/GSSAPI
  • LAB 10-15: Use Virt-Manager to Test SASL Authentication on a remote System

SECTION 11 – Integrate DNS with LDAP

  • Objective 1: Introduction to DNS Configuration on SUSE Linux Enterprise
  • LAB 11-1: Configure a DNS Server with a LDAP Back End

SECTION 12 – Integrate DHCP with LDAP

  • Objective 1: Introduction to DHCP Configuration on SUSE Linux Enterprise
  • LAB 12-1: Configure a DHCP Server with a LDAP Back End

Course Description