Lab4 Oracle Linux 6 User Group Administration
Short Description
Download Lab4 Oracle Linux 6 User Group Administration...
Description
Oracle Linux 6 Boot Camp Oracle Linux 6 Lab Exercise
Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Oracle Training Materials – Usage Agreement Use of this Site (“Site”) or Materials constitutes agreement with the following terms and conditions: 1. Oracle Corporation (“Oracle”) is pleased to allow its business partner (“Partner”) to download and copy the information, documents, and the online training courses (collectively, “Materials") found on this Site. The use of the Materials is restricted to the non-commercial, internal training of the Partner’s employees only. The Materials may not be used for training, promotion, or sales to customers or other partners or third parties. 2. All the Materials are trademarks of Oracle and are proprietary information of Oracle. Partner or other third party at no time has any right to resell, redistribute or create derivative works from the Materials. 3. Oracle disclaims any warranties or representations as to the accuracy or completeness of any Materials. Materials are provided "as is" without warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement. 4. Under no circumstances shall Oracle or the Oracle Authorized Delivery Partner be liable for any loss, damage, liability or expense incurred or suffered which is claimed to have resulted from use of this Site of Materials. As a condition of use of the Materials, Partner agrees to indemnify Oracle from and against any and all actions, claims, losses, damages, liabilities and expenses (including reasonable attorneys' fees) arising out of Partner’s use of the Materials. 5. Reference materials including but not limited to those identified in the Boot Camp manifest cannot be redistributed in any format without Oracle written consent.
OL 6 Users & Groups Admin – Lab 4
Oracle Linux Users and Groups Administration V1.0 January 2013
1 Introduction Participants will gain example-led awareness and understanding of the Linux Users and Groups Administrative tasks. With a few basic exercises we will introduce the learner to some ways to perform Linux Users and Groups creation and administration in Oracle Linux 6. We will also introduce you to LDAP and NIS authentication options and discuss Pluggable Authentication Modules (PAM). Upon completion of this lab, participants will have learned how to do Users and Groups Administration on Oracle Linux 6.
2 Overview In this lab we’ll be practicing User and Group Administration on Oracle Linux 6. We’ll briefly review some of the advanced concepts like LDAP and NIS Authentication and PAM configuration. Some of the commands and concepts we’ll review are listed below.
Creating Users and Groups using User Manager GUI Tool Users and Groups Administration using Command-Line Utilities Configure Password Aging Describe LDAP and NIS authentication options (no lab) Introduction to Pluggable Authentication Modules (PAM) (no lab)
This practice can be accomplished with a single VirtualBox Oracle Linux 6.3 instance. You must have a working instance of Oracle Linux 6.3 running in your VirtualBox environment to perform this lab.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 2 of 59
OL 6 Users & Groups Admin – Lab 4 3 Pre-requisites This lab requires the use of the following elements:
A current 64 bit laptop with at least 2GB RAM and 20GB free disk space Operating system: A 64-bit version of Microsoft Windows, Mac OS X, Linux or Solaris. Alternatively, a 32-bit host OS installed on a 64-bit CPU with VTx/AMD-V enabled in the BIOS. Oracle VirtualBox Software 4.2.10 or later (with Extension Pack installed) Oracle Linux 6.3 instance running inside VirtualBox: o VM Image Provided by instructor or downloaded on your own o Installed in Lab 1 of Oracle Linux 6 Boot camp
The following assumptions have been made regarding the environment where this lab is being performed: 1. Network connectivity to the Internet is available 2. Your Oracle Linux 6.3 VirtualBox instance has been installed and you’ve assigned a normal user/password and a ‘root’ user password. a. The recommended user name is ‘student1’ b. The recommended password is ‘oracle’ c. The recommended root password is ‘oracle’
4 VirtualBox lab setup If you already have an instance of Oracle Linux 6.3 installed in VirtualBox or have already imported the Oracle Linux 6.3 image, you can skip this section and proceed to the Labs in Section 5. If you need to import the Oracle Linux 6.3 appliance (image in ova file provided for this training) then complete the steps in this section before you start with the Labs. 1 - In the VirtualBox main window choose File > Import Appliance …
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 3 of 59
OL 6 Users & Groups Admin – Lab 4 2 - From the Appliance Import Wizard click the Open appliance.. button and navigate to the Oracle_Linux_6_Bootca mp.ova file which is the pre-built Oracle Linux 6.3 VM image you downloaded or obtained from the instructor
3 - Navigate to the folder where you downloaded or copied the Oracle Linux 6.3 Prebuilt image and click Open. The file is named Oracle_Linux_6_Bootca mp.ova.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 4 of 59
OL 6 Users & Groups Admin – Lab 4 4 - Choose ‘Next’ on the Appliance to import screen
5 - Confirm the default settings and choose “Import” to begin importing the virtual image. If you see a License Agreement window, read and accept the license.
6 - The progress bar will show the import progress. Usually looks slow in the beginning but this shouldn’t take more than a few minutes.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 5 of 59
OL 6 Users & Groups Admin – Lab 4 7 - Your new image has been imported and is ready for use. Select the Oracle Linux 6 Bootcamp image.
8 - After your image has finished importing select it in the VB application and choose “Settings” and review settings.
Once you have reviewed the settings, you can select the image and click the Start button to boot Oracle Linux 6. After booting, login as ‘root’ user and activate your network connection to start using the image. The following video demonstrates how to import an appliance: Importing Oracle Linux VM Appliance Video
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 6 of 59
OL 6 Users & Groups Admin – Lab 4 5 Lab Exercises 5.1 Creating Users and Groups using User Manager GUI Tool In this lab, we will learn how to create Users and Groups in Oracle Linux 6 using the User Manager Tool. The User Manager GUI tool is a simple application that allows you to view, modify, add, and delete local users and groups. To start User Manager tool from the command line, you can use ‘system-configusers’ command: [root@examplehost /]# system-config-users
Alternatively, you can start this application by selecting the System>Administration->Users and Groups option from the Desktop menu panel. The screenshot below shows how to start the start the User Tool Manager using the Desktop panel.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 7 of 59
OL 6 Users & Groups Admin – Lab 4
Note that if you run the application as a regular Linux user, the application will prompt you to authenticate as ‘root’ user.
Once the User Manager Tool has launched, you should see the following GUI window. You should be able to see ‘student1’ user listed under the ‘Users’ tab. This is the user that was created during installation of Oracle Linux 6 along with the ‘root’ user.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 8 of 59
OL 6 Users & Groups Admin – Lab 4
By default, the Users and Groups listed in the User Manager Application do not include the system users and groups. If you want to see the system users and groups, you can click Edit->Preferences and then uncheck the ‘Hide system users and groups’ option.
Create a new user by clicking the ‘Add User’ button in the User Manager Tool. In the ‘Add New User’ window, create a user with username as ‘student2’ as shown in the screenshot below. Notice, you can define the login shell for the user in this window. We will use the default bash shell for this ‘student2’ user from the choice list.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 9 of 59
OL 6 Users & Groups Admin – Lab 4
In the lower section of the ‘Add New User’ window, you can decide whether you want to create a home directory for the user and also the location of the home directory. Oracle Linux 6 uses a User Private Group (UPG) scheme by default. A User Private Group is created whenever a new user is added to the system. It has the same name as the user for which it was created and that user is the only member of the user private group. User private groups make it safe to set default permissions for a newly created file or directory, allowing both the user and the group of that user to make modifications to the file or directory. This helps to make Linux groups easier to use and manage. Notice, you can also specify the Group ID (GID) and User ID (UID) manually by entering a value. By default Oracle Linux and RHEL reserve UIDs and GIDs below 500 for system users and groups. We will assign ‘/home/student2’ as the home directory for ‘student2’ user and let the system pick the UID and GID values. Click the OK button to create the user.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 10 of 59
OL 6 Users & Groups Admin – Lab 4
Once the user ‘student2’ has been created, you should see it listed under the ‘Users’ tab of the application window. Select the ‘student2’
Select the ‘student2’ user and click the ‘Properties’ button.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 11 of 59
OL 6 Users & Groups Admin – Lab 4
Notice that under Account Info, you can enable account expiration and also lock the password. Do not make any changes, just review the tabs and get familiarized.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 12 of 59
OL 6 Users & Groups Admin – Lab 4 Under Password Info, you can enable password expiration and then set the parameters/criteria for password expiration.
And under the Groups tab, you will notice that by default ‘student2’ is a member of the ‘student2’ group. This is as per the UPG scheme. Click ‘Cancel’ to close this window.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 13 of 59
OL 6 Users & Groups Admin – Lab 4
Now that we have created a ‘student2’, let us understand the file changes that occur when you create a user on Linux. When you created the user ‘student2’, an entry for that user was created in the ‘/etc/passwd’, ‘/etc/shadow’ and ‘/etc/group’ files on the system. Examine the entry for the user ‘student2’ in the ‘/etc/passwd’ file and the ‘/etc/group’ file. You can use the ‘cat /etc/passwd | grep -i student2’ command or the ‘grep -i student2 /etc/passwd’ command to examine the entry. [root@examplehost /]# cat /etc/passwd | grep -i student2 student2:x:502:502:student2 user2:/home/student2:/bin/bash [root@examplehost /]# [root@examplehost /]# cat /etc/group | grep -i student2 student2:x:502: [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 14 of 59
OL 6 Users & Groups Admin – Lab 4 Here’s how you can read the line entry for ‘student2’ user in the ‘/etc/passwd’ file. Each field is separated by a “:” delimiter. Username: student2 Shadow passwd: indicated by ‘x’ UID: 502 GID: 502 GECOS information (name etc): student2 user2 Home directory: /home/student2 Default Shell: /bin/bash Here’s how you can read the line entry for ‘student2’ user in the ‘/etc/group’ file. Each field is separated by a “:” delimiter. Group name: student2 Shadow passwd: indicated by ‘x’ GID: 502 is the GID
The ‘/etc/shadow’ file is used for user shadow passwords. The user passwords are hashed and stored in the ‘/etc/shadow’ file. This file also contains information about password aging and security policies defined in the ‘/etc/login.defs’ file. [root@examplehost /]# cat /etc/shadow | grep student2 student2:$6$1cLhy/ZiwTsQkEJX$.Ho7T0WFlO3B.E.b0nGs52LENLyTiC ZkNvj1Da8xABBcvVxRHcuPRjBfVRQQL7fEeIwER6kKvmvNwlXpfnlQg0:15 756:0:99999:7::: [root@examplehost /]#
Log out of the Desktop GUI and log back in as ‘student2’ user to confirm that the user that we created can login properly.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 15 of 59
OL 6 Users & Groups Admin – Lab 4
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 16 of 59
OL 6 Users & Groups Admin – Lab 4
After logging in as ‘student2’ user, open a terminal window and see that a home directory ‘/home/student2’ was created for this user. It already has a predefined directory structure that you can check using the ‘ls’ command. [student2@examplehost ~]$ pwd /home/student2 [student2@examplehost ~]$ ls -l total 32 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 drwxr-xr-x. 2 student2 student2 [student2@examplehost ~]$
4096 4096 4096 4096 4096 4096 4096 4096
Feb Feb Feb Feb Feb Feb Feb Feb
20 20 20 20 20 20 20 20
14:14 14:14 14:14 14:14 14:14 14:14 14:14 14:14
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
Desktop Documents Downloads Music Pictures Public Templates Videos
OL 6 - Lab 04
Page 17 of 59
OL 6 Users & Groups Admin – Lab 4
You may verify the directory is usable by the ‘student2’ user by creating a file using the ‘touch’ command in this directory. [student2@examplehost ~]$ pwd /home/student2 [student2@examplehost ~]$ touch student2file2 [student2@examplehost ~]$ ls -l student2file2 -rw-rw-r--. 1 student2 student2 0 Feb 20 14:17 student2file2 [student2@examplehost ~]$
The ‘id’ command is a good tool to print the user and group information for the specified user. Read the man page of the ‘id’ command then run the ‘id’ command with options shown below. The ‘id’ command output below tells you that ‘student2’ user has a UID of 502 and a GID of 502. The ‘student2’ user belongs to only one group and that is the ‘student2’ group. Using the –g flag, you can print only the effective group ID of the user and using the –ng option will give you the name of the effective group that the user belongs to. The –G option prints all group IDs of a user.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 18 of 59
OL 6 Users & Groups Admin – Lab 4 [student2@examplehost ~]$ id uid=502(student2) gid=502(student2) groups=502(student2) context=unconfined_u:unconfined_r:unconfined_t:s0s0:c0.c1023 [student2@examplehost ~]$ [student2@examplehost ~]$ id -g 502 [student2@examplehost ~]$ [student2@examplehost ~]$ id -gn student2 [student2@examplehost ~]$ [student2@examplehost ~]$ id -G 502 [student2@examplehost ~]$
Log out from the system as ‘student2’ user and log back in as ‘root’ user. We will now look at the User Manager Tool for the Groups administration. As root user, start the User Manager Tool and click on the Groups tab. Notice the groups that are there on this system. Select the ‘student2’ group and then click the ‘Properties’ button.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 19 of 59
OL 6 Users & Groups Admin – Lab 4 In the Group properties window, click the ‘Group Users’ tab and verify that this group has ‘student2’ as a member. Remember this ‘student2’ user was added to this group because of the UPG scheme. Click the ‘Cancel’ button to close this window.
We will now create a new group. Click the ‘Add Group’ button to create a new group.
In the “Add New Group” window, create a new ‘students’ group as shown below. Specify the GID to be “550” and click the ‘OK’ button.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 20 of 59
OL 6 Users & Groups Admin – Lab 4
You should now see the ‘students’ group. Select this ‘student’ group and click the ‘Properties’ button.
In the “Group Properties” window, select the ‘student2’ user to add this user to this group and then click the ‘OK’ button.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 21 of 59
OL 6 Users & Groups Admin – Lab 4 If you now see the ‘Properties’ of ‘student2’ user under the ‘Users’ tab, you will notice that the ‘student2’ user is now a member of 2 groups (student2, students). Select ‘student2’ user and then click the ‘Properties’ button.
Under the ‘Groups’ tab of the ‘User Properties’ window, you will now see that ‘student2’ is a member of two groups. Click the ‘Cancel’ button to close the window.
You can also run the ‘id’ command again as ‘student2’ user and see the results. See examples below. You can see that the –G option of the ‘id’ command lists the 2 groups that the user ‘student2’ belongs to.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 22 of 59
OL 6 Users & Groups Admin – Lab 4 [root@examplehost Desktop]# su - student2 [student2@examplehost ~]$ [student2@examplehost ~]$ whoami student2 [student2@examplehost ~]$ [student2@examplehost ~]$ id uid=502(student2) gid=502(student2) groups=502(student2),550(students) context=unconfined_u:unconfined_r:unconfined_t:s0s0:c0.c1023 [student2@examplehost ~]$ [student2@examplehost ~]$ id -G 502 550 [student2@examplehost ~]$ id -Gn student2 students [student2@examplehost ~]$
This concludes the simple lab of creating users and groups using the User Manager GUI Tool.
5.2 Users and Groups Administration using Command-Line Utilities In this lab exercise, we will learn how to create/modify/delete users and groups using command line utilities. We will also look at some of the files associated with user/group administration. Before we learn how to create/modify/delete users and groups we will look at some of the important files related to user/group administration. We will start by looking at the ‘/etc/default/useradd’ file on our Oracle Linux 6 systems.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 23 of 59
OL 6 Users & Groups Admin – Lab 4 [root@examplehost ~]# cd /etc/default [root@examplehost default]# [root@examplehost default]# pwd /etc/default [root@examplehost default]# ls -l useradd -rw-------. 1 root root 119 Oct 12 2011 useradd [root@examplehost default]#
Examine the ‘/etc/default/useradd’ file on your system using the ‘cat’ command. [root@examplehost /]# cat /etc/default/useradd # useradd defaults file GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 24 of 59
OL 6 Users & Groups Admin – Lab 4 Or you can run the ‘useradd –D’ command to see the default values. We will look at the ‘useradd’ command in more details later in this lab.
This ‘/etc/default/useradd’ file is used to specify default settings when creating a user account. As you can see, by default the user home directories are created under the ‘/home’ directory, the default user shell is ‘/bin/bash’ and a mail spool directory will be created for every user that is created. The ‘SKEL’ variable points to ‘/etc/skel/ directory by default. The contents of the directory specified by the ‘SKEL’ variable are copied to a user’s home directory when the user is created. [root@examplehost /]# ls -al /etc/skel total 36 drwxr-xr-x. 4 root root 4096 Dec 10 14:06 . drwxr-xr-x. 113 root root 12288 Feb 20 14:24 .. -rw-r--r--. 1 root root 18 May 10 2012 .bash_logout -rw-r--r--. 1 root root 176 May 10 2012 .bash_profile -rw-r--r--. 1 root root 124 May 10 2012 .bashrc drwxr-xr-x. 2 root root 4096 Nov 20 2010 .gnome2 drwxr-xr-x. 4 root root 4096 Dec 10 14:01 .mozilla [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 25 of 59
OL 6 Users & Groups Admin – Lab 4
Create a file using an editor (eg. ‘vi’ editor) in the ‘/etc/skel’ directory and call this file ‘Readme.txt’. [root@examplehost /]# vi /etc/skel/Readme.txt
Enter some text into the ‘Readmefile.txt’ file and save and quit the editor. Later in this lab, we will later create a Linux user ‘student3’. When that user is created, we will notice that the home directory contains this ‘Readme.txt’ file automatically. This is because this file is created in the ‘/etc/skel’ directory whose contents automatically get copied into a user’s home directory upon creation. [root@examplehost /]# cat /etc/skel/Readme.txt Read this file first. [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 26 of 59
OL 6 Users & Groups Admin – Lab 4 Another file that we will now look at is the ‘/etc/login.defs’ file. [root@examplehost /]# ls -l /etc/login.defs -rw-r--r--. 1 root root 1816 Oct 12 2011 /etc/login.defs [root@examplehost /]#
The ‘/etc/login.defs’ file defines the configuration for the shadow password suite. It is a readable text file that describes the various configuration parameters associated with shadow password. It contains information about things like password aging, option to remove user groups if no user exists, encryption method for the password etc. You can read the man pages of ‘login.defs’ to understand the various parameters. Enclosed below is sample output of this file. [root@examplehost /]# more /etc/login.defs
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 27 of 59
OL 6 Users & Groups Admin – Lab 4
This file also defines the min/max values for automatic GID selection for the ‘groupadd’ command. [root@examplehost /]# cat /etc/login.defs | grep GID GID_MIN 500 GID_MAX 60000 [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 28 of 59
OL 6 Users & Groups Admin – Lab 4 Enclosed below is a table with some of the common command line utilities related to user/group administration in Oracle Linux 6. We will use some of these commands below in our lab exercise and you can explore the remaining commands on your own. Command/Utility
Purpose
useradd
Add user accounts
usermod
Modify user accounts
userdel
Delete user accounts
users
Print the user names of users logged in on the host
sudo
Execute a command as another user
groupadd
Add groups
groupmod
Modify groups
groupdel
Delete groups
groups gpasswd pwck, grpck
Print the groups a user is in Administer /etc/gshadow and /etc/group files Verification of the password, group, and associated shadow files
Start by reading the man page of ‘useradd’ command. [root@examplehost /]# man useradd
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 29 of 59
OL 6 Users & Groups Admin – Lab 4
We will now create a user with username ‘student3’ using the ‘useradd’ command line utility. The –c option in the command below is used to provide the GECOS information (name etc). This command will create a ‘student3’ user using the default settings specified in the ‘/etc/default/useradd’ file. [root@examplehost /]# useradd -c "student3 user3" student3 [root@examplehost /]#
Once the ‘student3’ user has been created on the system, you can check the entries added in the ‘/etc/passwd’ and the ‘/etc/group’ files for this user. See example screenshot below.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 30 of 59
OL 6 Users & Groups Admin – Lab 4 [root@examplehost /]# cat /etc/passwd | grep -i student3 student3:x:503:503:student3 user3:/home/student3:/bin/bash [root@examplehost /]# [root@examplehost /]# cat /etc/group | grep student3 student3:x:503: [root@examplehost /]#
You can also login as ‘student3’ using the ‘su – student3’ command. After logging in, you will find a ‘Readme.txt’ file was created for this user. This is the file we created in the ‘/etc/skell’ directory earlier in the lab. [root@examplehost /]# [student3@examplehost [student3@examplehost student3 [student3@examplehost
su - student3 ~]$ ~]$ whoami ~]$
[student3@examplehost ~]$ pwd /home/student3 [student3@examplehost ~]$ ls -l total 4 -rw-r--r--. 1 student3 student3 22 Feb 20 14:57 Readme.txt [student3@examplehost ~]$ [student3@examplehost ~]$ cat Readme.txt Read this file first. [student3@examplehost ~]$
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 31 of 59
OL 6 Users & Groups Admin – Lab 4
If you want, you can set the password for this ‘student3’ user using the ‘passwd’ command as shown below. In the example below, we run the ‘passwd’ command as ‘root’ user to set the password of ‘student3’ user to ‘oracle’. [root@examplehost /]# passwd student3 Changing password for user student3. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@examplehost /]#
You can also check the entry created for this ‘student3’ user in the ‘/etc/shadow’ file. [root@examplehost /]# cat /etc/shadow | grep student3 student3:$6$tlj4yP0T$09INZnAkSqNuf4c/dCE0KSWEq3NbWQbwdV6Aa5 gB3pW/vK1l8.7wSVcAVcRbUBGZjhKl2Ok/dP/ojg7tGsc.a/:15756:0:99 999:7:::
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 32 of 59
OL 6 Users & Groups Admin – Lab 4
Looking at the ‘/etc/passwd’ file, we see that ‘student3’ has ‘/bin/bash’ as the default shell. The default shell is specified in the ‘/etc/default/useradd’ file. [root@examplehost /]# cat /etc/passwd | grep -i student3 student3:x:503:503:student3 user3:/home/student3:/bin/bash [root@examplehost /]#
If you want to create a Linux user but prevent that user from logging in to the system, then you can set the user shell to ‘/sbin/nologin’. For example, to create a user named ‘reports_user’, you can run the following command: [root@examplehost ~]# useradd -s /sbin/nologin reports_user
Now if you try to login as ‘reports_user’ it will log a message saying - “This account is currently not available.” This means that although the user exists on the system but it is not allowed to login because the user does not have a shell. [root@examplehost ~]# su - reports_user This account is currently not available. [root@examplehost ~]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 33 of 59
OL 6 Users & Groups Admin – Lab 4
We will now look at the ‘usermod’ command which can be used to modify an existing Linux user. Simply typing the ‘usermod’ command will list out the options available for this command. [root@examplehost ~]# usermod Usage: usermod [options] LOGIN Options: -c, --comment COMMENT new value of the GECOS field -d, --home HOME_DIR new home directory for the user account -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -f, --inactive INACTIVE set password inactive after expiration to INACTIVE -g, --gid GROUP force use GROUP as new primary group -G, --groups GROUPS new list of supplementary GROUPS -a, --append append the user to the supplemental GROUPS mentioned by the -G option without removing him/her from other groups -h, --help display this help message ..... .....
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 34 of 59
OL 6 Users & Groups Admin – Lab 4
The list of shells available on the system is specified in the ‘/etc/shells’ file. Examine the ‘/etc/shells’ file on your Oracle Linux 6 system. [root@examplehost /]# cat /etc/shells /bin/sh /bin/bash /sbin/nologin /bin/tcsh /bin/csh [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 35 of 59
OL 6 Users & Groups Admin – Lab 4 We will now run the ‘usermod’ command to change the default shell of the ‘student3’ user from ‘/bin/bash’ shell to ‘/bin/csh’ shell. The shell can be changed using the –s flag of the ‘usermod’ command. [root@examplehost /]# usermod -s /bin/csh student3 [root@examplehost /]# [root@examplehost /]# cat /etc/passwd | grep student3 student3:x:503:503:student3 user3:/home/student3:/bin/csh [root@examplehost /]#
You can verify by both checking the ‘/etc/passwd’ file and by logging in as ‘student3’ to confirm the shell has been changed to ‘/bin/csh’. [root@examplehost /]# su - student3 [student3@examplehost ~]$ [student3@examplehost ~]$ ps PID TTY TIME CMD 7243 pts/4 00:00:00 csh 7258 pts/4 00:00:00 ps [student3@examplehost ~]$
The next command we will look at is the ‘groupadd’ command to create groups on the system. Again, simply typing the ‘groupadd’ command will show the options available for this command.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 36 of 59
OL 6 Users & Groups Admin – Lab 4
Let us check the group information for ‘student3’ using the ‘id’ command as shown below. Notice that the ‘student3’ user belongs to one group called ‘student3’ with a GID of 503. [root@examplehost /]# [student3@examplehost [student3@examplehost student3 [student3@examplehost 503 [student3@examplehost
su - student3 ~]$ ~]$ id -Gn ~]$ id -G ~]$
As ‘root’ user, run the ‘groupadd’ command to create a new ‘support’ group.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 37 of 59
OL 6 Users & Groups Admin – Lab 4 [root@examplehost /]# whoami root [root@examplehost /]# groupadd support [root@examplehost /]#
Verify that the new group ‘support’ has been created by examining the ‘/etc/group’ file. Also, note the GID of the ‘support’ group. In the example below, the GID is 551. [root@examplehost /]# cat /etc/group | grep support support:x:551: [root@examplehost /]#
Modify the ‘student3’ group membership. We will make ‘student3’ a member of this new ‘support’ group. Run the ‘usermod’ command to append (-a) and add ‘support’ group (-G) as shown below. [root@examplehost /]# usermod -a -G support student3 [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 38 of 59
OL 6 Users & Groups Admin – Lab 4 Login (su) as ‘student3’ user and confirm that the ‘student3’ user is now a member of two groups – student3 and support. Note the GIDs of the two groups. [root@examplehost /]# su - student3 [student3@examplehost ~]$ [student3@examplehost ~]$ id uid=503(student3) gid=503(student3) groups=503(student3),551(support) context=unconfined_u:unconfined_r:unconfined_t:s0s0:c0.c1023 [student3@examplehost ~]$ [student3@examplehost ~]$ id -Gn student3 support [student3@examplehost ~]$ id -G 503 551 [student3@examplehost ~]$
The ‘groupmod’ command can be used to modify a group. Typing the ‘groupmod’ command will list out the options available for this command. [root@examplehost /]# groupmod Usage: groupmod [options] GROUP Options: -g, --gid GID -h, --help ……..
change the group ID to GID display this help message
…….. …….
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 39 of 59
OL 6 Users & Groups Admin – Lab 4
Use the ‘groupmod’ command to change the group name. Running the ‘groupmod’ command with –n option, as shown below, will change the group name to ‘staff’ from the old name ‘support’. You can check the ‘/etc/group’ file to confirm that the name has been changed. Note the GID remains same as the old name. [root@examplehost /]# groupmod -n staff support
[root@examplehost /]# [root@examplehost /]# cat /etc/group | grep staff staff:x:551:student3 [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 40 of 59
OL 6 Users & Groups Admin – Lab 4 The ‘userdel’ command can be used to delete users from the system. As with other commands, typing the ‘userdel’ command will show the available options.
We will now remove the ‘student3’ user from the system and also make sure the home directory of this user is removed. Run the ‘userdel’ command with the –r option as shown below to delete ‘student3’ user. You can verify by examining the ‘/etc/passwd’ file that the user has been deleted. [root@examplehost /]# userdel -r student3 [root@examplehost /]# [root@examplehost /]# cat /etc/passwd | grep student3 [root@examplehost /]# [root@examplehost /]# ls /home/ student1 student2 [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 41 of 59
OL 6 Users & Groups Admin – Lab 4 If you have a use case where you want the users creating files in a directory such that the files created by those users are owned by group which owns the directory then you would use the setgid bit. The setgid bit makes managing group projects that share a common directory very simple because any files a user creates within the directory are owned by the group which owns the directory. Let’s say a group of people (‘john’ and ‘jack’ in ‘development’ group) need to work on files in the ‘/home/development’ directory. Some people (‘john’, ‘jack’) are trusted to modify this directory, but not everyone. To achieve this requirement, you would run the following commands: # # # # # #
groupadd development mkdir /home/development chown –R root.development /home/development gpasswd –a john development gpasswd –a jack development chmod 2775 /home/development
Once you run the above commands, files created by users ‘john’ or ‘jack’ in the ‘/home/development’ directory will get the same group permission as that directory itself. In the above example, the ‘chmod’ command sets the setgid bit, which assigns everything created in the directory the same group permission as the directory itself.
5.3 Configure Password Aging In this lab, we will learn how to configure password aging. Password aging is another technique used by system administrators to defend against bad passwords within an organization. Password aging means that after a set amount of time the user is prompted to create a new password. There are two ways used to specify password aging in Oracle Linux 6. The first way is the ‘chage’ command and the second way is using the User Manager Tool (‘system-config-users’ command) application. We will look at the ‘chage’ command in this small lab. Type the ‘chage’ command to list out the available options. You may also read the man pages of this command.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 42 of 59
OL 6 Users & Groups Admin – Lab 4
Examine the ‘/etc/shadow’ file and look at the entry for any one user. In the example below, we look at the ‘student2’ user. The fields towards the end of this file are the password aging related parameters. [root@examplehost /]# cat /etc/shadow | grep student2 student2:$6$1cLhy/ZiwTsQkEJX$.Ho7T0WFlO3B.E.b0nGs52LENLyTiC ZkNvj1Da8xABBcvVxRHcuPRjBfVRQQL7fEeIwER6kKvmvNwlXpfnlQg0:15 756:0:99999:7::: [root@examplehost /]#
You can read the values of the password aging parameter using the ‘chage –l’ command as shown below. It is easier to understand it using this listing than by examining the entry in the ‘/etc/shadow’ file but that file is where the values are updated.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 43 of 59
OL 6 Users & Groups Admin – Lab 4
[root@examplehost /]# chage -l student2 Last password change : Feb 20, 2013 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 [root@examplehost /]#
Let us change the minimum password age to 10, maximum password age to 30, and the password expiration warning to 10 days. This can be done using the ‘chage’ command as shown below. [root@examplehost /]# chage student2 Changing the aging information for student2 Enter the new value, or press ENTER for the default Minimum Password Age [0]: 10 Maximum Password Age [99999]: 30 Last Password Change (YYYY-MM-DD) [2013-02-20]: Password Expiration Warning [7]: 10 Password Inactive [-1]: Account Expiration Date (YYYY-MM-DD) [1969-12-31]: [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 44 of 59
OL 6 Users & Groups Admin – Lab 4
You can verify using the –l option that the password aging parameters have been changed as shown below. [root@examplehost /]# chage -l student2 Last password change : Feb 20, Password expires : Mar 22, Password inactive : never Account expires : never Minimum number of days between password change Maximum number of days between password change Number of days of warning before password expires [root@examplehost /]#
2013 2013 : 10 : 30 : 10
Also, observe the ‘/etc/shadow’ file password aging related fields have been updated. [root@examplehost /]# cat /etc/shadow | grep student2 student2:$6$1cLhy/ZiwTsQkEJX$.Ho7T0WFlO3B.E.b0nGs52LENLyTiC ZkNvj1Da8xABBcvVxRHcuPRjBfVRQQL7fEeIwER6kKvmvNwlXpfnlQg0:15 756:10:30:10::: [root@examplehost /]#
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 45 of 59
OL 6 Users & Groups Admin – Lab 4
To force a user to change his/her password immediately upon the next login, you can run the ‘chage’ command with the –d option. [root@examplehost /]# chage –d 0 student2
Log out as ‘root’ user and use the switch user option to log back in as ‘student2’ user.
When you enter the password for the ‘student2’ user, you will be prompted to enter the current password.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 46 of 59
OL 6 Users & Groups Admin – Lab 4
After entering the current password, you will be prompted to enter a new password because we used the ‘chage’ command with –d and specified 0 to force a password change.
This concludes the short and simple lab exercise.
5.4 Describe LDAP and NIS authentication options Before we discuss LDAP and NIS, we will briefly talk about authentication. Authentication is the way that a user is identified and verified to a system. The authentication process requires presenting some sort of identity and credentials, like a username and password. The credentials are then compared to information stored in some data store on the system.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 47 of 59
OL 6 Users & Groups Admin – Lab 4 Till now, we talked about local authentication which relied on local ‘/etc/passwd’ and ‘/etc/shadow’ files for authenticating users on Oracle Linux system. We will now look at two other options available for authentication. The two authentication mechanisms we will discuss are: 1. NIS (Network Information Service) 2. LDAP (Lightweight Directory Access Protocol) NIS: Per Wikipedia – “The Network Information Service or NIS (originally called Yellow Pages or YP) is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun Microsystems developed the NIS; the technology is licensed to virtually all other Unix vendors.” A NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. There is a NIS server that is used by the NIS clients for authentication. So, Linux systems can be configured to talk to a central NIS Server for authentication. LDAP: LDAP is an Internet standard protocol used by applications to access information in a directory. LDAP is based on a client-server model. LDAP servers provide the directory service, and LDAP clients use the directory service to access entries and attributes. An LDAP client starts an LDAP session by connecting to an LDAP server that listens by default on TCP port 389. The client then sends an operation request to the server, and the server sends responses in return. We will not be configuring LDAP/NIS authentications in this lab. We will just introduce you to some basic concepts about configuring LDAP/NIS authentication on Oracle Linux 6 systems. Configuring Authentication: Oracle Linux includes a tool to select the authentication databases and configure associated authentication options. This tool is called the Authentication Configuration Tool. The Authentication Configuration Tool has both GUI and command-line options to configure any user data stores. You can launch the Authentication Configuration Tool by clicking the System -> Administration -> Authentication menu option.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 48 of 59
OL 6 Users & Groups Admin – Lab 4
Alternatively, you can run the Authentication Configuration Tool from the command line by using ‘system-config-authentication’ command as shown below.
The Authentication Configuration Tool will launch the GUI application. There are two tabs in this application window:
Identity & Authentication Advanced Options
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 49 of 59
OL 6 Users & Groups Admin – Lab 4
The ‘Identity & Authentication’ tab helps configure the resource used as the identity store. You can define how users should be authenticated. Under the ‘User Account Configuration’ section, you can select the User Account Database to be used for authentication. The choices available are:
Local accounts only: local ‘/etc/passwd’ and ‘/etc/shadow’ files LDAP – LDAP server and base DN configuration NIS - NIS Server and domain configuration Winbind - Winbind authentication requires samba-winbind package IPAv2 – IPA Domain, server, realm configuration
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 50 of 59
OL 6 Users & Groups Admin – Lab 4
We will only look at NIS and LDAP authentication in this training. The ‘Advanced Options’ tab allows authentication methods other than passwords or certificates, like smart cards and fingerprint. You can also enable local access control and that is managed by the ‘/etc/security/access.conf’ file.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 51 of 59
OL 6 Users & Groups Admin – Lab 4
Configuring NIS Authentication: NIS Authentication requires the ‘ypbind’ and ‘yp-tools’ packages on the client systems. When the ypbind service is installed and configured, the portmap and ypbind services are started and enabled to start at boot time. We will not be actually doing any NIS authentication since we do not have a NIS Server configured.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 52 of 59
OL 6 Users & Groups Admin – Lab 4 In the Authentication Configuration Tool, on the ‘Identity & Authentication’ tab, you can select NIS as the User Account database. Next you can enter your NIS domain and NIS server information. In the lower section, you can configure the Authentication method to be NIS Password or Kerberos password. See example screenshot below. Since we do not have any NIS server available for this training, we will not make any changes. Cancel and quit this tool without making any changes.
On the NIS server side, you will need to install the ‘ypserv’ package and then configure the server. That involves several things like NIS Domain, ‘/etc/ypserv.conf’ configuration, NIS maps etc. Refer to the Linux documentation for complete details.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 53 of 59
OL 6 Users & Groups Admin – Lab 4 Configuring LDAP Authentication: Launch the Authentication Configuration Tool and select LDAP as the user account database to configure LDAP Authentication. You will have to define the LDAP Search Base DN and LDAP Server. You can define LDAP or LDAPS (secure) servers. For Authentication method, you can choose LDAP Password or Kerberos password. See example screenshot below. We will not make any changes since we do not have a LDAP server available for this training. Just review and familiarize with the available configuration options.
The packages needed for LDAP server/client configuration include: openldap-clients – Open LDAP Client utilities openldap-servers – server package openldap – Open LDAP support libraries nss-pam-ldapd – nsswitch module which uses directory servers
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 54 of 59
OL 6 Users & Groups Admin – Lab 4 Configuring Authentication from the Command Line: The ‘authconfig’ command-line tool updates all of the configuration files and services required for system authentication, according to the settings passed to the script. Along with allowing all the identity and authentication configuration options that can be set through the UI, the ‘authconfig’ tool can also be used to create backup and kickstart files. For a complete list of ‘authconfig’ command options, check the help output and the man page.
For the ‘authconfig’ command, you can use either the ‘--update’ or ‘--test’ option. One of those options is required for the command to run successfully. Using ‘-update’ writes the configuration changes. And, the ‘--test’ option prints the changes to stdout but does not apply the changes to the configuration. Example: To print the password hashing algorithm, you can use the ‘authconfig’ command with the ‘--test’ option as shown below.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 55 of 59
OL 6 Users & Groups Admin – Lab 4
To update the hash/crypt algorithm for new passwords, you can use the ‘authconfig’ command with the –passalgo option. # authconfig –passalgo=sha256 --update
You can also enable and configure LDAP from the command line using the ‘authconfig’ command. To use an LDAP identity store, you can use the ‘--enableldap’ option. To use LDAP as the authentication source, you can use the ‘--enableldapauth’ option and then provide information like the LDAP server name, base DN for the user suffix etc. Example screenshot is provided below. # authconfig --enableldap --enableldapauth -ldapserver=ldap://host:port --ldapbasedn=”base dn” –update
Similarly, NIS configuration can be done using the ‘authconfig’ command. The syntax is as follows: # authconfig --enablenis --nisdomain -nisserver –-update
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 56 of 59
OL 6 Users & Groups Admin – Lab 4
Well, that completes this introductory lab exercise on authentication.
5.5 Introduction to Pluggable Authentication Modules (PAM) Per Wikipedia – “Pluggable authentication modules (PAM) are a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). It allows programs that rely on authentication to be written independent of the underlying authentication scheme.” Pluggable Authentication Modules are a common framework for authentication and security. Basically, PAM authentication mechanism allows you to configure how applications can use authentication to verify the identity of users. The PAM Configuration files are in the ‘/etc/pam.d’ directory and it contains the configuration files for each PAM aware application. Each PAM-aware application has a file in the ‘/etc/pam.d/’ directory and usually has the same name as the service to which it controls access. The PAM-aware program/application is responsible for defining its service name and installing its own PAM configuration file in the ‘/etc/pam.d/’ directory. For example, the ‘login’ program defines its service name as login and installs the ‘/etc/pam.d/login’ PAM configuration file.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 57 of 59
OL 6 Users & Groups Admin – Lab 4 Each PAM configuration file contains a group of directives that define the module and any controls or arguments with it. The directives are:
module_interface – auth, account, password, session control_flag – required, requisite, sufficient, optional, include module_name – pam_unix.so, pam_wheel.so are couple of examples module_arguments – some modules need arguments
For example, in the following line, the module_interface is ‘auth’, the control_flag is ‘required’ and the module name is ‘pam_unix.so’ auth
required
pam_unix.so
Take a look at the ‘/etc/pam.d/xserver’ PAM configuration file. In this file, each line starts with the module_interface name, next is the control_flag, third field is the module name and the last field (optional) is the arguments for the module. [root@examplehost pam.d]# pwd /etc/pam.d [root@examplehost pam.d]# cat xserver #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_console.so account required pam_permit.so session optional pam_keyinit.so force revoke [root@examplehost pam.d]#
In the above example, the first line uses the ‘pam_rootok.so’ module to check whether the current user is ‘root’ by verifying that their UID is 0. If this test succeeds, no other modules are consulted and the command is executed. If this test fails, the next module line is checked. This is how the configuration files are used in PAM authentication mechanism.
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 58 of 59
OL 6 Users & Groups Admin – Lab 4 New PAM modules can be created or added at any time for use by PAM-aware applications. Documentation on writing modules is included in the ‘/usr/share/doc/pam-version#’ directory.
We will not be developing any PAM modules or doing any lab exercise on PAM in this training.
6 Lab Summary In this lab, you learned how to create/modify/delete users and groups on Oracle Linux 6 systems. You learned how to do user and group administration using both the User Manager GUI Tool and command line utilities. You also learned about password aging configuration. We introduced you to NIS and LDAP Authentication mechanisms and learned about the Authentication Configuration Tool and the command line ‘authconfig’ tool. We ended this lab with a short discussion about Pluggable Authentication Modules (PAM).
7 References For more information and next steps, please consult additional resources: Click the hyperlinks to access the resource. Deployment Guide – Chapter 3 (Users and Groups Administration) Deployment Guide – Chapter 10 (Configuring Authentication) PAM Documentation
For Oracle employees and authorized partners only. Do not distribute to third parties. © 2013 Oracle Corporation
OL 6 - Lab 04
Page 59 of 59
View more...
Comments