Troubleshooting Authentication

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there Cybrarians.
00:00
Welcome back to the Linux+ course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson we're going
00:00
to be Troubleshooting Authentication.
00:00
Upon completion of this lesson,
00:00
you're going to be able to understand
00:00
the authentication issues that
00:00
a user is likely to experience,
00:00
as well as differentiate local authentication issues
00:00
versus those that are external issues
00:00
or policy violations.
00:00
Then finally, we're going to locate
00:00
configuration files that
00:00
we can use to troubleshoot authentication issues.
00:00
Really authentication is just the process of
00:00
determining whether a user is
00:00
allowed to access the system.
00:00
The user can run afoul of a few issues.
00:00
For example, they can have login issues such as
00:00
incorrect passwords or incorrect username.
00:00
There could be time of day restrictions
00:00
on when that user is allowed to login,
00:00
and the user could have attempted logins so many
00:00
times that they finally lock
00:00
themselves out of their account.
00:00
A user might have these type
00:00
of local authentication issues if they
00:00
forgot the account password
00:00
or an account is passed the expiration date,
00:00
maybe the account is just locked due to password aging.
00:00
Finally, an administrator might have
00:00
locked the user account for bad behavior.
00:00
Local user authentication uses
00:00
the information that's in the /etc/shadow file,
00:00
we've already talked about that a little
00:00
bit during this module.
00:00
We can troubleshoot these issues by
00:00
checking these security log files, for example,
00:00
/var/log/secure on CentOS,
00:00
and /var/log/auth.log on Ubuntu.
00:00
External authentication issues are often related to
00:00
authentication products such as LDAP or Kerberos.
00:00
When we need to troubleshoot these issues,
00:00
we need to check the configuration files
00:00
for these authentication products.
00:00
LDAP configuration can be found in etc ldap.com,
00:00
we can go to etc krb5.configuration
00:00
to find Kerberos configuration.
00:00
Also PAM configuration files need to be
00:00
modified when we're working with external authentication.
00:00
For example, if we're on a CentOS system,
00:00
we may have to go in and modify
00:00
etsypam.dsystem-off, and if we're in a Ubuntu,
00:00
we can run the PAM off update command to update
00:00
the NCPm.dcommon files directory,
00:00
and set that up for external authentication.
00:00
Now speaking of Pam,
00:00
[LAUGHTER] the Pam configuration files that are under
00:00
etc/ Pam.d may also need to
00:00
be checked for a specific authentication services.
00:00
We can recall from Module 16 that faillock and pam_tally
00:00
2 can identify failed login attempts
00:00
related to Pam issues,
00:00
so we may want to do that and see what's going on there.
00:00
Then finally, SELinux or AppArmor can be to blame
00:00
when users inadvertently run into policy violations,
00:00
they try and access things they
00:00
don't have permissions to their
00:00
restricted from touching those things due to policies.
00:00
We can see if there had been policy violations
00:00
using sealert,
00:00
this will give us SELinux policy violations,
00:00
and we can use ausearch to look
00:00
for AppArmor policy violations.
00:00
With that, in this lesson,
00:00
we covered the authentication issues
00:00
a user is likely to experience.
00:00
We talked about differentiating between
00:00
local authentication
00:00
>> and external authentication issues,
00:00
>> as well as policy violations.
00:00
Then we talked about locating
00:00
configuration files that we could
00:00
use to troubleshoot authentication issues.
00:00
Thanks so much for being here,
00:00
and I look forward to seeing you in the next lesson.
Up Next