ITIS 3110 Lab 11 Kerberos LDAP Remaining labs

ITIS 3110 Lab 11 Kerberos & LDAP

Remaining labs �Lab 12 – Secure Mail �No lab 13 this semester �Lab 14 – Project Presentations �L 01 and L 02 only: �Week of 4/4 � No lab – SECCDC, allows L 03 to catch up �Week for presentations: � 4/25

Kerberos & LDAP Kerberos is used for. . . LDAP is used for. . . The purpose of this lab is to give you a glimpse into the world of centralized authentication and authorization As you complete the work, think of what having a working Kerberos & LDAP installation would benefit your large corporate environment

Kerberos - DNS Kerberos REQUIRES DNS to be working properly • • Use dig to determine of your subzone is functional If it isn't, you need to get this working After modifying the zone file • • • Don't forget to increment the serial number Don't forget to resign the zone READ the status of your dig to verify proper DNS configuration!!!!

Kerberos �Installation – �CANNOT install MIT Kerberos through a remote console �Need to be on the server VM console * Note: This is the only thing this semester you need to be on the server console to do �Make sure you are root for Kerberos configuration �kadmin. local is a command with prompts after the command is initiated You will come across commands that use this instead of command line flags

LDAP LDIF • • • Given 2 files in LDIF format (plain text files) • • The LDIF format: Is used to load the directory Is a report of the directory contents These are not “the directory” init. ldif - creates the top level OUs user. ldif - creates your new LDAP/Kerberos user

LDAP init. ldif dc = lab dc = hades dc = LAST_NAME ou = People ou = Group

LDAP user. ldif dc = lab dc = hades dc = LAST_NAME ou = People uid = NEWUSER dn = NEWUSER, People, LAST_NAME, hades, lab ou = Group cn = NEWUSER dn = NEWUSER, Group, LAST_NAME, hades, lab

Kerberos & LDAP - Client configuration • • Kerberos for authentication LDAP for userids and groupids

Get Started