book

Linux in a Windows World

by Roderick W Smith

February 2005

Beginner

496 pages

16h 10m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Audience

Where Linux Fits in a Network
Linux Server CapabilitiesTypical Linux Server HardwareTypical Linux Server SoftwarePicking a distribution for server usePicking individual server programs
Linux Server OptionsLinux File and Print ServersLinux Authentication ServersRemote Login ServersMail ServersMiscellaneous Linux Servers
Installing Samba
Configuration File SectionsParameters, Values, and CommentsVariables and Their UsesThe include Parameter
NetBIOS Name OptionsWorkgroup Name OptionsMiscellaneous Identification Options
Password IssuesUsing Cleartext PasswordsUsing Encrypted PasswordsUsing a Password ServerSetting the security modeUsing server-level securityUsing domain-level security
Common File Share OptionsDefining a File ShareSetting Write AccessSetting Filename OptionsSetting Access Control FeaturesSetting Linux ownershipSetting Linux permissionsMapping DOS-style flagsUsing ACLsEnabling Unix extensions
Installing CUPSAdding Printers to CUPSAdjusting CUPS Browsing and Security
File Shares Versus Printer SharesSharing PostScript PrintersSharing Non-PostScript Printers
Picking a DriverDefining Necessary SharesInstalling the Driver on the ServerInstalling drivers from LinuxInstalling drivers from Windows NT/200x/XPInstalling Drivers on Clients
The [homes] ShareA Windows Program ShareFile-Exchange SharesThe [printers] ShareA PDF-Generation Printer Share
Enabling Domain Controller FunctionsThe Role of a Domain ControllerDomain Controller ParametersMaintaining the Password DatabaseConfiguring Machine Trust AccountsCommon Domain Controller File SharesConfiguring domain logon sharesConfiguring roaming profilesConfiguring Windows Clients and Servers as Domain MembersActivating Windows 9x/Me domain membershipActivating Windows NT/200x/XP domain membership
The Role of the NBNS SystemDefining Samba NBNS FunctionsDelivering NBNS Information via DHCPDHCP server configurationWindows client configuration
The Role of the Master BrowserWinning (or Not Winning) Local Master Browser ElectionsConfiguring Samba Domain Master Browser Features
Using NetBIOS Name ResolutionSetting Name Resolution Options in smb.confUsing NetBIOS Name Resolution in Non-Samba Programs
Using smbclientMounting Shares Using smbmountMounting Shares Using mountUsing the smbfs driverUsing the cifs driverEditing /etc/fstabFile Share Access Limitations
Printing Using smbclientDefining SMB/CIFS Printers Using CUPSDefining SMB/CIFS Printers Using LPRng or BSD LPD
A Rundown of GUI Network BrowsersUsing LinNeighborhoodUsing Konqueror
The Principles Behind WinbindThe Problem: Linux Users on an NT DomainLinux’s PAM and NSS SystemsWinbind: Linking PAM and NSS to an NT Domain
Winbind Options in smb.confRunning the Winbind Daemon
NSS and PAM Winbind ModulesConfiguring NSSConfiguring PAM
Testing Winbind OperationWinbind Logins
The Principles Behind LDAPThe Problem: Providing a Network-Accessible DirectoryLDAP Terminology and FeaturesLDAP Software
Obtaining and Installing OpenLDAPBasic OpenLDAP ConfigurationPreparing Keys and CertificatesRunning the Server
Distinguished NamesUnderstanding LDIFCreating the DirectoryAccount Maintenance
LDAP, PAM, and NSSBasic LDAP Client ConfigurationConfiguring the LDAP NSS ModulesConfiguring the LDAP PAM ModulesVerifying Proper Functioning
Obtaining and Installing pGinaRegistering Your CertificateConfiguring pGina for LDAP Client Use
Kerberos FundamentalsThe Problem: Centralized Single-Authentication LoginsAn Overview of Kerberos OperationKerberos Tools for LinuxWindows and Kerberos
Kerberos Realm ConfigurationEditing krb5.confEditing kdc.confCreating a Master KeyRealm AdministrationCreating principalsACL definitionsRunning the KDC
Setting Up KerberosPreparing Application Server PrincipalsRunning the Servers
Preparing Kerberos ClientsInstalling Kerberized ClientsUsing Kerberized ClientsUsing Kerberos for Network LoginsKerberized login toolsKerberos and PAMKerberized account maintenance
Windows Kerberos ImplementationsWindows Kerberized ServersWindows Kerberized ClientsUsing Windows’ KerberosUsing Kerberos Telnet
What Can Text-Mode Logins Do?Remote Text-Mode User AccessRemote Text-Mode AdministrationTools for Remote Text-Mode Access
SSH Server Options for LinuxConfiguring an SSH ServerLaunching an SSH Server
Launching a Telnet ServerTelnet Server Security ConcernsEncryptionControlling access by IP address
Locating Client SoftwareWindows Telnet and SSH Servers
What Can GUI Logins Do?
The X Client/Server ModelX Server OptionsInitiating a Connection from a Text-Mode LoginWindows X Server ConcernsSimplifying Remote X Logins with XDMCPXDMCP basicsConfiguring XDMConfiguring KDMConfiguring GDMConfiguring an XDMCP client
Advantages and Disadvantages of X SSH TunnelingSSH Server OptionsSSH Client Options and Use
VNC VersionsConfiguring a Linux VNC ServerX and VNC interactionsTraditional user VNC server sessionsLinking VNC to an XDMCP serverKDE’s VNC featuresConfiguring a Windows VNC ServerUsing a VNC ClientEncrypting VNC Connections
The Role of Thin Client ComputingTypes of Thin Client ComputingWhen to Use Thin Client Computing
Server RequirementsClient RequirementsNetwork Hardware Requirements
Linux Distribution Selection and ConfigurationXDMCP and VNC OptionsDHCP ConfigurationTFTP Configuration
Distribution Selection and InstallationConfiguring PXESTesting Your PXES ImageBooting a Thin Client from the Network
Linux Mail Server OptionsPush Mail Versus Pull Mail ProtocolsLinux SMTP Server OptionsLinux POP and IMAP Server OptionsMail Security Concerns
Sendmail Configuration FilesSendmail Address OptionsSendmail Relay OptionsConfiguring sendmail to relay mailConfiguring sendmail to use a relayConfiguring sendmail to forward mail
Postfix Configuration FilesPostfix Address OptionsPostfix Relay OptionsConfiguring Postfix to relay mailConfiguring Postfix to use a relayConfiguring Postfix to forward mail
Launching POP and IMAP ServersSetting Authentication OptionsAdditional Options on Advanced Servers
An Antispam and Antivirus Tool RundownSendmail Antispam OptionsPostfix Antispam OptionsUsing ProcmailCalling ProcmailThe Procmail configuration fileCreating Procmail recipesExamples of Procmail recipesUsing SpamAssassinSpamAssassin basicsCalling SpamAssassin from ProcmailCalling SpamAssassin from sendmailUsing BogofilterDiscarding or Quarantining Suspicious Attachments
The Role of FetchmailConfiguring FetchmailRunning Fetchmail
Backup StrategiesBackup HardwareComplete Versus Incremental BackupsLocal Versus Network BackupsClient- Versus Server-Initiated BackupsBackup Pitfalls
A Rundown of Linux Backup PackagesUsing tar for Tape and Disk BackupsBacking Up to Optical MediaRestoring Data Locally
Pluses and Minuses of Samba BackupsUsing a Samba Backup ShareCreating a backup shareUsing a backup shareUsing smbtar for BackupsConfiguring Windows clients to share filesBacking up with smbtarRestoring Data with Samba
AMANDA PrinciplesConfiguring an AMANDA ServerAMANDA server programsSetting AMANDA optionsPreparing tapesDefining dump types and backup setsLinux AMANDA Client ConfigurationWindows AMANDA Client ConfigurationBacking Up and Restoring Data with AMANDA
Delivering IP Addresses with DHCPThe Role of DHCPKernel and Routing Requirements for DHCPDHCP Configuration FilesAssigning AddressesDynamic address assignmentFixed address assignmentTelling Clients to Use DHCP
Principles of DNSBasic Name Server ConfigurationSetting Up a DomainConfiguring forward zone filesConfiguring reverse zone filesRunning the serverPointing Clients at the Name Server
Principles of NTPNTP Server ConfigurationConfiguring Windows ClientsUsing NET SETWindows NTP clients
PAM Principles
PAM Configuration Files and FieldsModule Stacks
Standard PAM ModulesAdditional PAM Modules
Typical Login ServicesPassword ServicesAn Authentication Stack
Linux Desktop Applications for All Occasions
Global Versus User Configuration FilesLocating Configuration FilesCreating Default Desktop ConfigurationsCreating a template configurationCopying the template to be a global configurationAdding an Environment as a Login OptionRunning a GUI login toolPresenting desktop environment options
Why Run Windows Programs in Linux?Options for Running Windows Programs from Linux
Accessing Windows Disks and FilesystemsOffice File Format CompatibilityCreating and Reading PDF FilesManaging Cross-Platform Archive FilesTips for a Smooth Migration
Linux Font-Handling SystemsInstalling X Core FontsPreparing font directoriesSetting the X font pathConfiguring a font serverUsing the fontsInstalling Xft FontsInstalling Fonts in OpenOffice.org

Content preview from Linux in a Windows World

Chapter 9. Kerberos Configuration and Use

The Kerberos protocol, the third network authentication tool described in this book, is named after the three-headed dog from Greek mythology, which guarded the entrance to the underworld. Like its mythological namesake, the modern Kerberos is a gatekeeper. Its principles and the problems it solves are different from those of NT domains and LDAP, though, which means that Kerberos’s best areas of application are also different. Broadly speaking, Kerberos works best as a way to manage logins to multiple systems using multiple protocols; Kerberos provides single-sign-on capabilities that aren’t well matched by competing protocols. As with NT domain configurations, Kerberos requires software on three classes of systems: the main Kerberos server; Kerberos application servers which are servers for other protocols that defer to the Kerberos server for authentication; and clients of the application servers. You can use either Linux or Windows in any of these roles, although not all combinations work equally well. Some Microsoft application servers and clients, in particular, don’t work as well with Linux Kerberos servers as with their Microsoft counterparts. This chapter presents Kerberos first from a Linux perspective and concludes with Windows-specific information.

Tip

This chapter emphasizes setting up the basic Kerberos environment, using a few Kerberized tools that come with Kerberos, and configuring basic login authentication via Kerberos. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Learn Windows Subsystem for Linux: A Practical Guide for Developers and IT Professionals

Publisher Resources

ISBN: 0596007582

Linux in a Windows World

by Roderick W Smith

Chapter 9. Kerberos Configuration and Use

Tip

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Learn Windows Subsystem for Linux: A Practical Guide for Developers and IT Professionals

Linux Networking Cookbook

Ubuntu 20.04 Essentials

Basic Linux Terminal Tips and Tricks: Learn to Work Quickly on the Command Line

Publisher Resources

Chapter 9. Kerberos Configuration and Use

Tip

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Learn Windows Subsystem for Linux: A Practical Guide for Developers and IT Professionals

Linux Networking Cookbook

Ubuntu 20.04 Essentials

Basic Linux Terminal Tips and Tricks: Learn to Work Quickly on the Command Line

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.