Challenge Response Authentication Cryptographic Public Key Cryptography PublicKey
( )ﺍﺩﺍﻣﻪ ﺭﻭﺷﻬﺎی ﺗﺸﺨیﺺ ﻫﻮیﺖ Challenge Response Authentication Ø (Cryptographic) ﺭﻭﺷﻬﺎی پﻨﻬﺎﻥ Public Key Cryptography • ﺍﻣﻀﺎی ﺩیﺠیﺘﺎﻝ Public-Key Encryption l l l
Challenge Response Authentication ( )ﺗﺸﺨیﺺ ﻫﻮیﺖ ﺳﻮﺍﻝ ﻭ ﺟﻮﺍﺏ (No Internet) Cryptographic ﺗکﻨیک ﻫﺎی ﻏیﺮ Ø Password (completely automated public Turing test to tell computers humans apart) Captcha l l
Directory Services ( )ﺍﺩﺍﻣﻪ ﺑﺮﺍی ﺷﺒکﻪ namespace ﺗﻌﺮیﻒ Ø DN (Distinguished Names) ﺑﻪ LDAP ﺩﺭ Ø. ﻣیگﻮییﻢ
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) Directory ﺩﺭﺧﺘی ﺍﺯ ﻭﺭﻭﺩی ﻫﺎی : Directory ﻣﺠﻤﻮﻋﻪ ﺍی ﺍﺯ ﺻﻔﺎﺕ : (Entry) ﻭﺭﻭﺩی . ( یک ﺍﺳﻢ ﺩﺍﺭﺩ Attribute) ﻫﺮ ﺻﻔﺖ DN (Distinguished Name) : ﻫﺮ ﻭﺭﻭﺩی یک ﺍﺳﻢ ﺩﺍﺭﺩ : LDIF ﺷکﻞ یک ﻭﺭﻭﺩی ﺩﺭ ﻓﺮﻣﺖ dn: cn=John Doe, ou=people, dc=example, dc=com cn: John Doe given. Name: John sn: Doe telephone. Number: +1 555 6789 telephone. Number: +1 555 1234 mail: john@example. com object. Class: inet. Org. Person object. Class: organizational. Person object. Class: person object. Class: top Ø Ø Ø
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) C: /program files/putty/Putty. exe Ø Mousavi@ce. sharif. edu Ø
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) Ldapp + 2 tabs Ø
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) cn=common name Ø dn: uid=mousavi, ou=people, dc=ce, dc=sharif, dc=edu Ø Ldapp tools Ø Ldappsearch Ldappadd Ldappmodify Ldappdelete ldappasswd Ldapwhoami Ldapcompare l l l l
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) Ldapserach Ø ﺑﺮﺧی ﺍﺯ آﺮگﻮﻣﺎﻥ ﻫﺎ DN Scope-base (-b) Filter ldapsearch -x. LLL -b 'ou=groups, dc=ce, dc=sharif, dc=edu' 'gid. Number‘ ldapsearch -x. LLL -b 'ou=people, dc=ce, dc=sharif, dc=edu' 'gid. Number=1006' 'uid. Number' l l l • • • l
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) Lpadd Ø ldapadd -x -D 'uid=mousavi, ou=people, dc=ce, dc=sharif, dc=edu' -W -f a. ldif l LDIF FILE (add. ldif): l dn: uid=mousavi, ou=People, dc=ce, dc=sharif, dc=edu uid: mousavi cn: Agh Vahid object. Class: account object. Class: posix. Account object. Class: top object. Class: shadow. Account object. Class: samba. Sam. Account shadow. Last. Change: 12347
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) shadow. Max: 99999 shadow. Warning: 7 login. Shell: /bin/bash home. Directory: /home/bs 81/mousavi gecos: Agh Vahid samba. Logon. Time: 0 samba. Logoff. Time: 2147483647 samba. Kickoff. Time: 2147483647 samba. Pwd. Must. Change: 2147483647 samba. SID: S-1 -5 -21 -2004343368 -28313679673069035597 -2400 gid. Number: 1006 samba. Pwd. Can. Change: 1122807645
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) samba. Password. History: 0000000000000000000000000 samba. Pwd. Last. Set: 1122807645 samba. Acct. Flags: [U ] samba. LMPassword: 5 E 8 EEAF 5 F 54658 CCAAD 3 B 435 B 51404 EE samba. NTPassword: 40 AA 64594587 A 99 EA 91519 B 1 A 477 F 618 user. Password: : e 2 Nye. XB 0 f. SQx. JHh 1 e. GJ 5 a. S 42 JFd 5 N 2 Vx. Sl. U 4 b. EVv. OWx 4 a. H RHUWNNTj. E= display. Name: 81174903 - Mousavi. Vahid Reza uid. Number: 81174903
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) ]mousavi@shell ~]$ ldapadd -x -n -W -f add. ldif Enter LDAP Password: ******* mousavi@shell ~]$ !adding new entry "uid=mousavi, ou=People, dc=ce, dc=sharif, dc=edu"
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) Ldapmodify Ø ldapmodify -x -D ‘ …. ' -W -f modify. ldif l LDIF FILE (modify. ldif) : dn: cn=Modify Me, dc=example, dc=com changetype: modify replace: mail: modme@example. com add: title: Grand Poobah add: jpeg. Photo: < file: ///tmp/modme. jpeg delete: description -
LDAP( )ﺍﺩﺍﻣﻪ (Lightweight Directory Access Protocol) Ldapwhoami Ø. ﺷﺪﻩ ﺍیﻢ Bind ﻣﺸﺨﺺ کﺮﺩﻥ کﺴی کﻪ ﺑﺎ آﻦ l : ﻣﺸﺨﺼﺎﺕ ﻣﻦ ldapwhoami -x –D 'uid=mousavi, ou=people, dc=ce, dc=sharif, dc=edu' –W : ﻣﺸﺨﺼﺎﺕ ﺑﻪ ﻃﻮﺭ ﻧﺎﺷﻨﺎﺱ Ldapwhoami –x=Anonymous
Kerberos Protocol : ﺧﺪﻣﺘگﺰﺍﺭ 2 ﻣﺒﺘﻨی ﺑﺮ Ø (TGS)Ticket-Granting Server (AS) Authentication Server l l
ﻣﻨﺎﺑﻊ http: //www. microsoft. com Ø http: //www. wikipedia. com Ø http: //www. cs. fsu. edu Ø http: //www. redhat. com Ø /http: //www. bind 9. net/ldap Ø (Linux Os Manual (man command Ø
- Slides: 44