User:Tom/RHCE EX300-2: Difference between revisions
< User:Tom
Jump to navigation
Jump to search
(→Files) |
|||
| Line 19: | Line 19: | ||
====== Files ====== | ====== Files ====== | ||
/etc/nslcd.conf | /etc/krb5.keytab Needed by a server hosting Kerberized services. Contains names of all service principals on that server. | ||
/etc/nslcd.conf Alternative for sssd. | |||
/etc/nsswitch.conf | /etc/nsswitch.conf | ||
/etc/openldap/cacerts | /etc/openldap/cacerts Stores root certificate authorities | ||
/etc/openldap/ldap.conf | /etc/openldap/ldap.conf LDAP client configuration | ||
/etc/pamd.d/ | /etc/pamd.d/ | ||
/etc/sssd/sssd.conf | /etc/sssd/sssd.conf Daemon used for retrieving and caching user and authentication information. | ||
Install sssd service before using the authcong utilities (yum install group "Directory Client". | |||
/etc/sysconfig/authconfig | /etc/sysconfig/authconfig | ||
Revision as of 20:34, 6 June 2017
25 Configuring Kerberos
KDC Key Distribution Center. A central key server. Issues tickets. Realm All hosts taht use the same KDC to get tickets. TGT Ticket Granting Ticket
Principal name nfs/server.example.com@EXAMPLE.COM User name tom@EXAMPLE.COM
Commands
authconfig Configure LDAP authentication with Kerberos authorization. authconfig --test Get an overview of the current configuration and see what services are used. authconfig-tui authconfig-gtk
klist Lists cached Kerberos tickets.
Files
/etc/krb5.keytab Needed by a server hosting Kerberized services. Contains names of all service principals on that server.
/etc/nslcd.conf Alternative for sssd.
/etc/nsswitch.conf
/etc/openldap/cacerts Stores root certificate authorities
/etc/openldap/ldap.conf LDAP client configuration
/etc/pamd.d/
/etc/sssd/sssd.conf Daemon used for retrieving and caching user and authentication information.
Install sssd service before using the authcong utilities (yum install group "Directory Client".
/etc/sysconfig/authconfig
...
34 DNS
Unbound is the preferred package.
Install, enable and start unbound.
/etc/unbound/unbound.conf
35 MariaDB
install mariadb mariadb-server mariadb test systemctl start mariadb systemctl enable mariadb
Italic text
firewall-cmd --add-service mysql --permanent
mysql_secure_installation
/usr/libexec/mysqld --help --verbose Information about all the settings
show databases;
use databases;
create database dbname;
create tsble tablename (name varchar(40),place varchar(40));
describe tablename;
delete from tablename where field = ' value ';
update tablename set field = value where field2 = ' value ';
insert into tablename (field1,field2) values(' value1 ',' value2 ');
where clause = <> > >= < >= BETWEEN LIKE IN
create user username@'localhost' identified by password; drop user 'username'@'localhost'; grant select,update,delete,insert on *.* to username@'localhost'; grant all priviliges on ...
mysqldump -u root =p -p database --databases >dumpfileItalic text drop database databasename; create database databasename; mysql -u root -p -p databasename <dumpfile;
36 NFS
37 Samba
man mount.cifs credentials= option
38 SMTP Server
39 Configure SSH
semanage port, man sshd_config, ssh-agent, ssh-add, ssh tunnel.
40 Time synchronisation
Chronyd daemon, chronyc command. ntp port 123. start, enable, firewall-cmd --add-service
List commands
getsebool -a List all selinux booleans
seinfo SELinux policy query tool
--all
-r List all roles
-t List all types (*-t)
-u List all users
semanage boolean --list List SELinux booleans with comments
semanage fcontext -l List all current rules