Authentication Server
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello Cybrarians and welcome back to
00:00
the Linux Plus Course here at Cybrary,
00:00
I'm your instructor Rob Goelz and in today's lesson
00:00
we're going to be discussing
00:00
>> authentication server role.
00:00
>> Upon completion of this lesson,
00:00
you are going to be able to explain the importance of
00:00
authentication services in Linux,
00:00
and you'll also understand the different types of
00:00
authentication services and their various purposes.
00:00
Up until now, we've largely
00:00
covered creating local user accounts,
00:00
and that's fine when you've got just a handful of
00:00
servers or a handful of users on those systems.
00:00
It works out well, but it
00:00
doesn't scale well once you get into
00:00
a hundreds or thousands of
00:00
systems and a hundreds and thousands of users,
00:00
and this is where authentication services come in.
00:00
Now, authentication services generally create a source,
00:00
most of the time as single source for
00:00
authentication of user accounts,
00:00
and the authentication server is tasked with
00:00
maintaining a database of user accounts,
00:00
and then the clients authenticate against
00:00
this server to get access rather than locally.
00:00
There are several authentication
00:00
services offered in Linux,
00:00
we will touch on NIS,
00:00
Kerberos, LDAP, and RADIUS today.
00:00
Network Information Systems, or NIS,
00:00
was created by Sun Microsystems
00:00
>> as Yellow Pages in 1985,
00:00
>> and then they ran into a little problem
00:00
with copyright infringement
00:00
because Yellow Pages is owned by
00:00
a UK telephone directory company,
00:00
so even though it's NIS,
00:00
you'll still see commands and functions used
00:00
in YP because originally it was Yellow Pages.
00:00
Now NIS holds username, host name,
00:00
and other local network information,
00:00
and it uses several ports;
00:00
port 111, port 714, and port 711.
00:00
NIS 711, 714, and 111.
00:00
Now Kerberos was developed at MIT and it was set
00:00
to be an encrypted authentication service
00:00
starting in the 1980s,
00:00
finally got releases open-source in 1987.
00:00
With Kerberos, users are authenticated
00:00
against a centralized server database
00:00
and symmetric key encryption handles
00:00
all the authentication encryption
00:00
for the authentication traffic.
00:00
Today, Kerberos is still used as
00:00
the underpinning of Microsoft's Active Directory,
00:00
and the main thing to remember with
00:00
Kerberos is that it uses port 88.
00:00
Now, NIS lacked a lot of things,
00:00
primarily security and scalability
00:00
so solutions like LDAP,
00:00
which is the Lightweight Directory
00:00
Access Protocol replaced it,
00:00
and what you see most commonly uses
00:00
the OpenLDAP package today.
00:00
Now LDAP was created at
00:00
the University of Michigan in 1993,
00:00
and what it does is it allows
00:00
for distributed directory system
00:00
using a hierarchical database to store directory info.
00:00
What does that mean?
00:00
Hierarchical database means that if you
00:00
look at the actual layout of the database and
00:00
the users and groups in a graphical format,
00:00
it looks like a tree and it's distributed,
00:00
which means they're replicates.
00:00
Data is replicated or synced between many LDAP servers,
00:00
and generally they'll have to stay in
00:00
sync and you have to keep timekeeping
00:00
really well in sync you
00:00
get broken replication, which is never fun.
00:00
In terms of LDAP, remember this LDAP uses two ports,
00:00
port 389 and port 636.
00:00
636 is used for TLS secure LDAP,
00:00
which is sometimes referred to as LDAPS.
00:00
Then finally, the last bit of
00:00
>> authentication services or
00:00
>> authentication server role we'll talk
00:00
about today is the RADIUS server.
00:00
Remote Authentication Dial-In User Service or RADIUS,
00:00
which is much easier to say,
00:00
was created in 1991,
00:00
and it allows remote users to
00:00
dial in and access network information.
00:00
Back in the old days,
00:00
we had to dial in to get our network connectivity
00:00
using this thing called a Modem [LAUGHTER],
00:00
and RADIUS is known for authentication,
00:00
authorization and accounting, or AAA.
00:00
It provides AAA to
00:00
network traffic and requests from public clients.
00:00
Again, people who are connecting
00:00
just over Modem for middle of nowhere,
00:00
and this is still sometimes used in
00:00
wireless networks and by internet service providers.
00:00
A lot of wireless connection still uses RADIUS,
00:00
the RADIUS protocol for AAA.
00:00
Now RADIUS uses a lot of ports.
00:00
Unfortunately, you're going to have to remember
00:00
these ports and memorize these ports for the exam.
00:00
I don't have any helpful mnemonics
00:00
for you so just remember for
00:00
radius 1645 and 1646,
00:00
1812 and 1813, and port 7082.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson, we covered the importance
00:00
of authentication services,
00:00
and the different types of
00:00
authentication services and their purpose.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
