Red Hat Enterprise Linux 7 System-Level Authentication Guide About System-Level Services for Authentication and Identity Management Tomáš Čapek Aneta Petrová Ella Deon Ballard Red Hat Enterprise Linux 7 System-Level Authentication Guide About System-Level Services for Authentication and Identity Management Tomáš Čapek Red Hat Customer Content Services [email protected] Aneta Petrová Red Hat Customer Content Services [email protected] Ella Deon Ballard Red Hat Customer Content Services Legal Notice Copyright © 2015 Red Hat, Inc. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project. The OpenStack ® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community. All other trademarks are the property of their respective owners. Abstract This guide covers different applications and services available to configure authentication on local systems. T able of Cont ent s Table of Contents .C .h .a .p . t.e .r . 1. .. I.n .t .r o. .d .u .c .t .i o. n. t.o . .S .y .s .t .e .m . .A .u .t .h .e .n . t.i c. a. t. i.o .n . 2. 1.1. Co nfirming User Id entities 2 1.2. As Part o f Planning Sing le Sig n-On 3 1.3. Availab le Services 3 .P .a .r t. .I .. S. y. s. t. e. m. L. o. g. .i n. s. 5. .C .h .a .p . t.e .r . 2. .. C. o. .n .f i.g . u. r.i n. .g . S. y. s. t. e. m. A. u. .t h. .e .n .t .i c. a. t.i o. .n . 6. 2.1. Using the authco nfig Utilities 6 2.2. Selecting the Id entity Sto re fo r Authenticatio n 11 2.3. Co nfig uring Authenticatio n Mechanisms 21 2.4. Manag ing Kickstart and Co nfig uratio n Files 45 2.5. Enab ling Custo m Ho me Directo ries 45 2.6 . Saving and Resto ring Co nfig uratio n 48 .P .a .r t. .I I.. .I d. e. n. .t i.t .y . a. n. d. A. u. t. h. e. n. .t i.c .a .t .i o. n. S. t. o. r.e .s . 4. 9. .C .h .a .p . t.e .r . 3. .. U. s. i.n . g. .a .n .d . .C .a .c .h .i n. .g . C. r. e. d. e. n. t. i.a .l s. .w . i.t h. S. S. S. .D . 5. 0. 3.1. The Basics o f SSSD Co nfig uratio n 50 3.2. SSSD and System Services 53 3.3. SSSD and Id entity Pro vid ers (Do mains) 71 3.4. Manag ing Lo cal System Users in SSSD 116 3.5. Do wng rad ing SSSD 120 3.6 . Using NSCD with SSSD 121 3.7. Tro ub lesho o ting SSSD 121 .C .h .a .p . t.e .r . 4. .. U. .s .i n. g. .r .e .a .l m. .d . t. o. .C .o . n. n. e. c. t. .t .o . a. n. .I d. .e .n .t .i t.y . D. .o .m . a. i.n . .1 . 2. 8. .P .a .r t. .I I.I .. S. e. c. u. .r e. .A .p . p. l.i c. a. t. i.o .n .s . .1 . 2. 9. .C .h .a .p . t.e .r . 5. .. U. s. i.n . g. .P .l u. .g .g .a .b . l.e . A. u. t. h. e. n. .t i.c .a .t .i o. n. M. .o .d .u . l.e .s . (.P .A .M . ). 1. 3. 0. 5.1. Ab o ut PAM 130 5.2. Ab o ut PAM Co nfig uratio n Files 130 5.3. PAM and Ad ministrative Cred ential Caching 134 .C .h .a .p . t.e .r . 6. .. U. .s .i n. g. .K . e. r.b .e .r .o .s . 1. 3. 7. 6 .1. Ab o ut Kerb ero s 137 6 .2. Co nfig uring the Kerb ero s KDC 141 6 .3. Co nfig uring a Kerb ero s Client 146 6 .4. Setting up a Kerb ero s Client fo r Smart Card s 148 6 .5. Setting up Cro ss-Realm Kerb ero s Trusts 149 .C .h .a .p . t.e .r . 7. .. W. .o .r .k i.n . g. .w . i.t h. c. e. r.t .m . o. n. g. .e .r . 1. 5. 4. 7.1. certmo ng er and Certificate Autho rities 154 7.2. Req uesting a Certificate with certmo ng er 154 7.3. Sto ring Certificates in NSS Datab ases 155 7.4. Tracking Certificates with certmo ng er 156 .C .h .a .p . t.e .r . 8. .. C. o. .n .f i.g . u. r.i n. .g . A. p. .p .l i.c .a .t .i o. n. s. .f .o .r .S . i.n .g .l e. .S . i.g .n .- .O . n. 1. 5. 8. ..
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages171 Page
-
File Size-