User:Tom/RHCE EX300-2: Difference between revisions
< User:Tom
Jump to navigation
Jump to search
| Line 2: | Line 2: | ||
==== 25 Configuring Kerberos ==== | ==== 25 Configuring Kerberos ==== | ||
KDC Key Distribution Center. A central key server. | KDC Key Distribution Center. A central key server. Issues tickets. | ||
Realm All hosts taht use the same KDC to get tickets. | Realm All hosts taht use the same KDC to get tickets. | ||
TGT Ticket Granting Ticket | TGT Ticket Granting Ticket | ||
Commands | Principal name nfs/server.example.com@EXAMPLE.COM | ||
User name tom@EXAMPLE.COM | |||
====== Commands ====== | |||
authconfig Configure LDAP authentication with Kerberos authorization. | authconfig Configure LDAP authentication with Kerberos authorization. | ||
| Line 13: | Line 16: | ||
authconfig-gtk | authconfig-gtk | ||
Files | klist Lists cached Kerberos tickets. | ||
/etc/krb5.keytab | |||
====== Files ====== | |||
/etc/krb5.keytab Needed by a server hosting Kerberized services. Contains names of all service principals on that server. | |||
/etc/nslcd.conf | /etc/nslcd.conf | ||
Revision as of 20:29, 6 June 2017
25 Configuring Kerberos
KDC Key Distribution Center. A central key server. Issues tickets. Realm All hosts taht use the same KDC to get tickets. TGT Ticket Granting Ticket
Principal name nfs/server.example.com@EXAMPLE.COM User name tom@EXAMPLE.COM
Commands
authconfig Configure LDAP authentication with Kerberos authorization. authconfig --test Get an overview of the current configuration and see what services are used. authconfig-tui authconfig-gtk
klist Lists cached Kerberos tickets.
Files
/etc/krb5.keytab Needed by a server hosting Kerberized services. Contains names of all service principals on that server.
/etc/nslcd.conf /etc/nsswitch.conf /etc/openldap/cacerts /etc/openldap/ldap.conf /etc/pamd.d/ /etc/sssd/sssd.conf Install sssd service before using the authcong utilities (yum install group "Directory Client" /etc/sysconfig/authconfig
...
34 DNS
Unbound is the preferred package.
Install, enable and start unbound.
/etc/unbound/unbound.conf
35 MariaDB
install mariadb mariadb-server mariadb test systemctl start mariadb systemctl enable mariadb
Italic text
firewall-cmd --add-service mysql --permanent
mysql_secure_installation
/usr/libexec/mysqld --help --verbose Information about all the settings
show databases;
use databases;
create database dbname;
create tsble tablename (name varchar(40),place varchar(40));
describe tablename;
delete from tablename where field = ' value ';
update tablename set field = value where field2 = ' value ';
insert into tablename (field1,field2) values(' value1 ',' value2 ');
where clause = <> > >= < >= BETWEEN LIKE IN
create user username@'localhost' identified by password; drop user 'username'@'localhost'; grant select,update,delete,insert on *.* to username@'localhost'; grant all priviliges on ...
mysqldump -u root =p -p database --databases >dumpfileItalic text drop database databasename; create database databasename; mysql -u root -p -p databasename <dumpfile;
36 NFS
37 Samba
man mount.cifs credentials= option
38 SMTP Server
39 Configure SSH
semanage port, man sshd_config, ssh-agent, ssh-add, ssh tunnel.
40 Time synchronisation
Chronyd daemon, chronyc command. ntp port 123. start, enable, firewall-cmd --add-service
List commands
getsebool -a List all selinux booleans
seinfo SELinux policy query tool
--all
-r List all roles
-t List all types (*-t)
-u List all users
semanage boolean --list List SELinux booleans with comments
semanage fcontext -l List all current rules