User:Tom/RHCE EX300-2: Difference between revisions
< User:Tom
Jump to navigation
Jump to search
No edit summary |
|||
| Line 55: | Line 55: | ||
firewall-cmd --reload | firewall-cmd --reload | ||
systemctl start target | systemctl start target | ||
systemctl enable target | systemctl enable target | ||
iscsiadm | |||
====== Files ====== | ====== Files ====== | ||
Revision as of 13:14, 9 June 2017
25 Configuring Kerberos
KDC Key Distribution Center. A central key server. Issues tickets. Realm All hosts taht use the same KDC to get tickets. TGT Ticket Granting Ticket
Principal name nfs/server.example.com@EXAMPLE.COM User name tom@EXAMPLE.COM
Using nslcd or sssd as Authentication Backend Service
Verify that sssd packges are installed before using the authconfig utilities.. Use a gui, sssd is then used by default. Use yum group install "Directory Client" to install sssd and related packages. Start sssd before using the authconfig utilities.
/etc/sysconfig/authconfig FORCELEGACY=no Switch off nslcd. USESSSD=yes USESSSDAUTH=yes
Commands
authconfig Configure LDAP authentication with Kerberos authorization. authconfig --test Get an overview of the current configuration and see what services are used. authconfig-tui authconfig-gtk
kinit Obtain and cache kerberos ticket-granting ticket. klist Lists cached Kerberos tickets.
Files
/etc/krb5.keytab Needed by a server hosting Kerberized services. Contains names of all service principals on that server.
/etc/nslcd.conf Alternative for sssd.
/etc/nsswitch.conf
/etc/openldap/cacerts Stores root certificate authorities
/etc/openldap/ldap.conf LDAP client configuration
/etc/pamd.d/
/etc/sssd/sssd.conf Daemon used for retrieving and caching user and authentication information.
Install sssd service before using the authcong utilities (yum install group "Directory Client").
/etc/sysconfig/authconfig
Packages
pam_krb5 krb5-workstation
26 iSCSI
Commands
targetcli firewall-cmd --add-service iscsi-target --permanent firewall-cmd --reload systemctl start target systemctl enable target
iscsiadm
Files
Packages
targetcli
...
34 DNS
Unbound is the preferred package.
Install, enable and start unbound.
/etc/unbound/unbound.conf
35 MariaDB
install mariadb mariadb-server mariadb test systemctl start mariadb systemctl enable mariadb
Italic text
firewall-cmd --add-service mysql --permanent
mysql_secure_installation
/usr/libexec/mysqld --help --verbose Information about all the settings
show databases;
use databases;
create database dbname;
create tsble tablename (name varchar(40),place varchar(40));
describe tablename;
delete from tablename where field = ' value ';
update tablename set field = value where field2 = ' value ';
insert into tablename (field1,field2) values(' value1 ',' value2 ');
where clause = <> > >= < >= BETWEEN LIKE IN
create user username@'localhost' identified by password; drop user 'username'@'localhost'; grant select,update,delete,insert on *.* to username@'localhost'; grant all priviliges on ...
mysqldump -u root =p -p database --databases >dumpfileItalic text drop database databasename; create database databasename; mysql -u root -p -p databasename <dumpfile;
36 NFS
37 Samba
man mount.cifs credentials= option
38 SMTP Server
39 Configure SSH
semanage port, man sshd_config, ssh-agent, ssh-add, ssh tunnel.
40 Time synchronisation
Chronyd daemon, chronyc command. ntp port 123. start, enable, firewall-cmd --add-service
List commands
getsebool -a List all selinux booleans
seinfo SELinux policy query tool
--all
-r List all roles
-t List all types (*-t)
-u List all users
semanage boolean --list List SELinux booleans with comments
semanage fcontext -l List all current rules