Kerberos is an authentication protocol that can provide secure network login or SSO for various services over a non-secure network. Kerberos works with the concept of tickets which are encrypted and can help reduce the amount of times passwords need to be sent over the network.
These tickets are issued throughout the Kerberos realm by a centralised key distribution center (KDC). Here we will cover how to setup a KDC and obtain a Kerberos ticket from a client system in CentOS Linux.
The sysstat package in Linux automatically logs various system resource information, including processor, memory, disk and network.
We can process these logs with the ‘sadf’ command in order to generate basic reports which outline system resource usage over a defined period of time.
Samba is an open source implementation of the server message block (SMB) and common internet file system (CIFS) protocols, it allows us to access Windows file share resources from Linux.
With Samba we can export specific directories within a file system over the network to other Windows or Linux clients, allowing us to share various files over the network between different operating systems.
Here we’re going to cover setting up a samba file share that allows for group collaboration. Users within a particular group will be able to create content within a samba share that other users within the same group will be able to access and modify.
Samba is an open source implementation of the server message block (SMB) and common internet file system (CIFS) protocols, it allows us to access Windows file share resources from Linux.
With Samba we can export specific directories within a file system over the network to other Windows or Linux clients, allowing us to share various files over the network between different operating systems.
It is important to configure this properly and secure it as much as possible so that only the required clients and users have access to the SMB/CIFS share, otherwise it may be possible for anyone to mount and access the data.
To do this we are going to use the /etc/samba/smb.conf file on the SMB/CIFS server and lock down shares to only be accessible by specific IP addresses and user accounts.
The System Security Services Daemon (SSSD) provides access to identity and authentication providers. Basically rather than relying on locally configured authentication, SSSD is used to lookup its local cache. The entries within this cache may come from different remote identity providers, such as an LDAP directory, FreeIPA, or Active Directory for example.
SSSD caches the results of users and credentials from these remote locations so that if the identity provider goes offline, the user credentials are still available and users can still login. This helps to improve performance and facilitates scalability with a single user that can login over many systems, rather than using local accounts everywhere.
The cached results can potentially be problematic if the stored records become stale and are no longer in sync with the identity provider, so it is important to know how to flush the SSSD cache to fix various problems and update the cache.
Here we’ll cover a couple of different methods to flush out the SSSD cache.
Here we cover the RHCE exam objective “Use firewalld and associated mechanisms such as rich rules, zones and custom rules, to implement packet filtering and configure network address translation (NAT)” in Red Hat Enterprise Linux (RHEL) 7.
Here we are going to take a look at some of the options available to us when configuring OpenSSH server and discuss what they actually do, as per the RHCE objective.
By default in Linux there are a few different mechanisms in place that may rate limit logging. These are primarily the systemd journal and rsyslog rate limits that are in place by default.
Here we cover modifying or removing rate limiting for logging.
I have previously performed a benchmark on a variety of web servers in 2012 and have had some people request that I redo the tests with newer versions of the web servers as no doubt a lot has likely changed since then.
Here I’ll be performing benchmarks against the current latest versions of a number of Linux based web servers and then comparing them against each other to get an idea of which one performs the best under a static workload.
With an iSCSI target we can provide access to disk storage on a server over the network to a client iSCSI initiator. The iSCSI initiator will then be able to use the storage from the iSCSI target server as if it were a local disk.
Here we cover how you can set up both an iSCSI target and an iSCSI initiator in Linux and connect them together.