RH362 - ch02s04

Preface A: Introduction

Section A.1: Red Hat Security: Identity Management and Authentication

Section A.2: Orientation to the Classroom Environment

Section A.3: Performing Lab Exercises

Chapter 1: Identity Management in Red Hat Enterprise Linux

Section 1.1: The IdM Ecosystem

Section 1.2: Quiz: The IdM Ecosystem

Section 1.3: The IdM Infrastructure Topology

Section 1.4: Guided Exercise: The IdM Infrastructure Topology

Section 1.5: The IdM Administrative Interfaces

Section 1.6: Guided Exercise: The IdM Administrative Interfaces

Section 1.7: Quiz: Identity Management in Red Hat Enterprise Linux

Section 1.8: Summary

Chapter 2: Identity Management Core Technologies

Section 2.1: The System Security Services Framework

Section 2.2: Guided Exercise: The System Security Services Framework

Section 2.3: The Kerberos Authentication Protocol

SectionSection 2.4: Guided Exercise: The Kerberos Authentication Protocol

Section 2.5: The Public Key Infrastructure

Section 2.6: Guided Exercise: Managing Certificates

Section 2.7: Lab: Working with Identity Management Core Technologies

Section 2.8: Summary

Chapter 3: Installing Identity Management in Red Hat Enterprise Linux

Section 3.1: Installing an Identity Management Server

Section 3.2: Guided Exercise: Installing an Identity Management Server

Section 3.3: Installing an Identity Management Client

Section 3.4: Guided Exercise: Installing an Identity Management Client

Section 3.5: Installing an Identity Management Replica

Section 3.6: Guided Exercise: Installing an Identity Management Replica

Section 3.7: Automating an Identity Management Installation

Section 3.8: Guided Exercise: Automating an Identity Management Installation

Section 3.9: Lab: Installing Identity Management in Red Hat Enterprise Linux

Section 3.10: Summary

Chapter 4: Implementing an Identity Management Topology

Section 4.1: Establishing Replication Agreements

Section 4.2: Guided Exercise: Establishing Replication Agreements

Section 4.3: Managing the Essential IdM Server Roles

Section 4.4: Guided Exercise: Managing the Essential IdM Server Roles

Section 4.5: Lab: Implementing an Identity Management Topology

Section 4.6: Summary

Chapter 5: Managing the CA and DNS Integrated Services

Section 5.1: Managing the Integrated Certificate Authority

Section 5.2: Guided Exercise: Managing the Integrated Certificate Authority

Section 5.3: Managing the Integrated DNS Service

Section 5.4: Guided Exercise: Managing the Integrated DNS Service

Section 5.5: Lab: Managing the CA and DNS Integrated Services

Section 5.6: Summary

Chapter 6: Managing Users and Configuring User Access

Section 6.1: Managing IdM Users and Hosts

Section 6.2: Guided Exercise: Managing IdM Users and Hosts

Section 6.3: Implementing IdM User Access Control

Section 6.4: Guided Exercise: Managing IdM User Access Control

Section 6.5: Managing Kerberos Principals, Policies, and External Authentication

Section 6.6: Guided Exercise: Managing Kerberos Principals, Policies, and External Authentication

Section 6.7: Configuring Network-shared Home Directories

Section 6.8: Guided Exercise: Configuring Network-shared Home Directories

Section 6.9: Lab: Managing Users and Configuring User Access

Section 6.10: Summary

Chapter 7: Configuring Alternative Authentication Services

Section 7.1: Managing Smart Card Authentication

Section 7.2: Guided Exercise: Managing Smart Card Authentication

Section 7.3: Working with Vaults in Identity Management

Section 7.4: Guided Exercise: Working with Vaults in Identity Management

Section 7.5: Implementing Two-factor Authentication

Section 7.6: Guided Exercise: Implementing Two-factor Authentication

Section 7.7: Lab: Configuring Alternative Authentication Services

Section 7.8: Summary

Chapter 8: Integrating Identity Management with Active Directory

Section 8.1: Establishing a Trust Relationship between IdM and AD

Section 8.2: Guided Exercise: Establishing a Trust Relationship between IdM and AD

Section 8.3: Managing AD User Integration with ID Views

Section 8.4: Guided Exercise: Managing AD User Integration with ID Views

Section 8.5: Quiz: Integrating Identity Management with Active Directory

Section 8.6: Summary

Chapter 9: Integrating Identity Management with Red Hat Utilities

Section 9.1: Implementing Single Sign-on

Section 9.2: Guided Exercise: Implementing Single Sign-on

Section 9.3: Integrating IdM with Red Hat Satellite

Section 9.4: Guided Exercise: Integrating IdM with Red Hat Satellite

Section 9.5: Configuring Automation Controller with IdM Authentication

Section 9.6: Guided Exercise: Configuring Automation Controller with IdM Authentication

Section 9.7: Lab: Integrating Identity Management with Red Hat Utilities

Section 9.8: Summary

Chapter 10: Troubleshooting and Disaster Recovery Planning for IdM

Section 10.1: Recovering IdM with Backups and Replication

Section 10.2: Guided Exercise: Recovering IdM with Backups and Replication

Section 10.3: Troubleshooting IdM

Section 10.4: Guided Exercise: Troubleshooting IdM

Section 10.5: Lab: Troubleshooting and Disaster Recovery Planning for IdM

Section 10.6: Summary

Chapter 11: Comprehensive Review

Section 11.1: Comprehensive Review

Section 11.2: Lab: Building a Multiple Server IdM Topology

Section 11.3: Lab: Working with Identity Management

Section 11.4: Lab: Working with Single Sign-on Technology

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11

Guided Exercise: The Kerberos Authentication Protocol

Log in to a Kerberos realm, list and review Kerberos principals and attributes, and add and delete principals to and from the default Kerberos realm.

Outcomes

Create Kerberos principals.

As the student user on the workstation machine, use the lab command to prepare your environment for this exercise.

[student@workstation ~]$ lab start technology-kerberos

Instructions

[student@workstation ~]$ ssh student@idm
[student@idm ~]$ sudo -i
[sudo] password for student: student
[root@idm ~]#

[root@idm ~]# kinit admin@LAB.EXAMPLE.COM
Password for admin@LAB.EXAMPLE.COM: RedHat123^

List the Kerberos principals in the IdM database.

[root@idm ~]# kadmin.local list_principals
admin@LAB.EXAMPLE.COM
K/M@LAB.EXAMPLE.COM
krbtgt/LAB.EXAMPLE.COM@LAB.EXAMPLE.COM
kadmin/admin@LAB.EXAMPLE.COM
kadmin/changepw@LAB.EXAMPLE.COM
ldap/idm.lab.example.com@LAB.EXAMPLE.COM
host/idm.lab.example.com@LAB.EXAMPLE.COM
WELLKNOWN/ANONYMOUS@LAB.EXAMPLE.COM
dogtag/idm.lab.example.com@LAB.EXAMPLE.COM
HTTP/idm.lab.example.com@LAB.EXAMPLE.COM
DNS/idm.lab.example.com@LAB.EXAMPLE.COM
ipa-dnskeysyncd/idm.lab.example.com@LAB.EXAMPLE.COM

Review the attributes of the admin principal.

[root@idm ~]# kadmin.local get_principal admin
Principal: admin@LAB.EXAMPLE.COMipa-setup-override-restrictions
Expiration date: [never]
Last password change: Fri Jan 27 05:25:31 EST 2023
Password expiration date: Thu Apr 27 06:25:31 EDT 2023
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Jan 27 05:25:31 EST 2023 (root/admin@LAB.EXAMPLE.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 4
Key: vno 1, aes256-cts-hmac-sha384-192:special
Key: vno 1, aes128-cts-hmac-sha256-128:special
Key: vno 1, aes256-cts-hmac-sha1-96:special
Key: vno 1, aes128-cts-hmac-sha1-96:special
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: [none]

Add a principal to the default Kerberos realm. View and then delete the principal.

Add the test principal to the current realm with testprincipal123 as the password. You must include the -x ipa-setup-override-restrictions option to override the strict local IdM security restrictions.
```
[root@idm ~]# kadmin.local -x ipa-setup-override-restrictions add_principal \
  -pw testprincipal123  test@LAB.EXAMPLE.COM
```

Verify that the test principal was created.

[root@idm ~]# kadmin.local get_principal test
Principal: test@LAB.EXAMPLE.COM
Expiration date: [never]
Last password change: Fri Feb 03 04:07:06 EST 2023
Password expiration date: [never]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Feb 03 04:07:06 EST 2023 (admin/admin@LAB.EXAMPLE.COM)
...output omitted...

Remove the test principal.

[root@idm ~]# kadmin.local -x ipa-setup-override-restrictions \
  delete_principal test
...output omitted...

Return to the workstation machine as the student user.

[root@idm ~]# exit
logout
[student@idm ~]$ exit
logout
[student@workstation ~]$

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish technology-kerberos

Discuss Red Hat Security: Identity Management and Authentication

Go to community

Welcome to the Red Hat Security: Identity Management and Active Directory Integration group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Identity Management and Active Directory Integration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH362.Read more about Red Hat Security: Identity Management and Active Directory Integration here.

215

Revision: rh362-9.1-4c6fdb8