Back to Search Results

Training Course Summary:

The Enterprise Security Using Kerberos course provides students with the knowledge and skills necessary to deploy Kerberos in the enterprise and to secure enterprise deployments of Lightweight Directory Access Protocol (LDAP).

Pre-Requisites:

To succeed in this course, students must fully understand the material in the following courses: SA-299: Advanced System Administration for the Solaris 9 Operating System and SA-399: Network Administration for the Solaris 9 Operating System.

Who Should Attend:

Students who can benefit from this course are individuals who want to deploy the Kerberos security, who want to deploy a secure single-sign-on solutions, and those who need secure authentication and encryption for NFS.

Training Course Overview/Content:

Module 1 - Introducing Cryptography


Describe common terms and techniques used in cryptography
Understand the role and usage of cryptography in securing computer networks
Discuss the architecture of the Secured Sockets Layer (SSH) protocol

Module 2 - Reviewing NTP


Discuss the need for time synchronization in a networked environment
Configure client system to synchronize time with a network server
Deploy a Network Time Protocol (NTP) server which client systems can query
Configure access restrictions on NTP clients and servers

Module 3 - Introducing Kerberos


Discuss typical security and convenience limitations
Describe the benefits afforded by the use of Kerberos in the enterprise
Explain the conceptual operation of Kerberos

Module 4 - Examining Kerberos


Describe the configuration files and applications that comprise Kerberos
Discuss the Kerberos daemons needed on Kerberos server systems
Describe the Kerberos applications used on Kerberos client systems
Discuss the differences between master and slave Key Distribution Center (KDC)

Module 5 - Implementing Kerberos


Deploy Kerberos master KDCs
Configure slave Kerberos KDCs to provide redundancy and load-balancing
Configure client systems to authenticate using Kerberos

Module 6 - Using Kerberos


Describe the process which users authenticate as Kerberos principals
Discuss the tools available to change passwords for Kerberos principals
Explain how Kerberos principals can grant password-less accounts

Module 7 - Administering Kerberos


Configure Kerberos keytabs
Establish Kerberos principal password policies
Configure PAM to provide Solaris users with single sign-on access

Module 8 - Implementing Cross-Realm Authentication


Discuss reasons for using one Kerberos realm, or multiple Kerberos realms
Describe the cross-realm authentication trust arrangements
Configure direct and hierarchical cross-realm authentication relationships

Module 9 - Integrating Kerberos Implementations


Discuss interoperability concerns between standards-compliant and nonstandard Kerberos implementations
Describe Kerberos topologies used when integrating Microsoft Kerberos
Configure Microsoft Kerberos as a hierarchical sub-realm

Module 10 - Reviewing LDAP


Describe the structure of a Lightweight Directory Access Protocol
Discuss common uses of LDAP
Understand common LDAP terminology

Module 11 - Configuring LDAP Security


Discuss methods of authenticating access to LDAP directories
Describe tools used to secure LDAP transactions
Describe tools used to secure access to specific entries within the LDAP directory

Module 12 - Integrating Kerberos and LDAP


Contrast the benefits afforded by use of Kerberos with those of LDAP
Describe methods in which Kerberos and LDAP can be used simultaneously
Detail the security advantages and disadvantages of using LDAP with Kerberos
Detail the security advantages and disadvantages using Kerberos on top of LDAP