The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Published by an77ar.prs, 2019-06-14 19:02:08

Apress.Pro.Ubuntu.Server.Administration

Apress.Pro.Ubuntu.Server.Administration

Keywords: Ubuntu,server

CHAPTER 11 N

290 CHAPTER 11 N

CHAPTER 11 N

292 CHAPTER 11 N

CHAPTER 11 N

294 CHAPTER 11 N

CHAPTER 11 N

296 CHAPTER 11 N

CHAPTER 11 N

298 CHAPTER 11 N

CHAPTER 11 N

300 CHAPTER 11 N

CHAPTER 11 N

302 CHAPTER 11 N

CHAPTER 12

Configuring Ubuntu Server
As a VPN Server

Networking Securely over
the Internet

If you need to connect securely to a server that is not on your site, one option is to

purchase a dedicated line. Unfortunately, dedicated lines are expensive. A cheap and
very common alternative is to configure a Virtual Private Network (VPN), a connection
between two sites or two computers that goes over the Internet. VPNs are available as
hardware appliances, but it is relatively easy to configure Linux as a VPN server.

Because the Internet by nature is an unsecured network, you have to implement
security measures when setting up a VPN. These security measures are applied by using
encryption. Several solutions are available to create a VPN. You are probably already
familiar with one of them: when you establish an SSH session with your server and start
a program on your server that displays its output on the local workstation, basically you
are using a VPN. However, an SSH VPN is not the most versatile VPN solution. A very
popular and versatile Linux VPN solution is OpenVPN, which uses functionality from the
OpenSSL package to ensure its security. In this chapter you’ll learn how to set up a VPN
that is based on OpenVPN.

Installing and Configuring OpenVPN

As with most software on Ubuntu Server, installing OpenVPN is not too hard: just run
] lp)c ap ejop]hh klajrlj to download and install the software. The installation process
installs all software and also starts the klajrlj daemon. You can manipulate the process
from its ejep scripts as well. For example, you can start it with +ap_+ejep*`+klajrlj op]np

303

304 CHAPTER 12 N

CHAPTER 12 N

306 CHAPTER 12 N

CHAPTER 12 N

308 CHAPTER 12 N

CHAPTER 12 N

310 CHAPTER 12 N

CHAPTER 12 N

312 CHAPTER 12 N

CHAPTER 12 N

314 CHAPTER 12 N

CHAPTER 12 N

316 CHAPTER 12 N

CHAPTER 12 N

318 CHAPTER 12 N

CHAPTER 12 N

320 CHAPTER 12 N

C H A P T E R 13

Configuring Kerberos and NTP
on Ubuntu Server

Using an Alternative Method
to Handle Authentication

The preceding two chapters explained how to use a public key infrastructure (PKI) to

secure services. A PKI protects network traffic very well and can also be used for authen-
tication. Kerberos was developed purely as an authentication service and not to protect
network traffic. Kerberos has become an increasingly popular choice for authentica-
tion, particularly because Microsoft uses it in Active Directory environments, including
in Linux implementations of Active Directory. In this chapter, you’ll read how to set up
Kerberos version 5 on Ubuntu Server. Because Kerberos heavily depends on proper time
synchronization, I’ll first explain how to set up an NTP time server.

Configuring an NTP Time Server

To use Kerberos for authentication, the nodes involved must agree on the time that is
used. If there is too much time difference between the Kerberos server and the Kerberos
client, authentication will be refused. Therefore, it is a good idea to set up an NTP time
server first. Once you have done that, you need to choose between the two Kerberos ver-
sions that are available: MIT Kerberos, which is the original Kerberos that was developed
by the Massachusetts Institute of Technology, and Heimdal Kerberos, which was meant
to be an improvement on MIT Kerberos but has never become very popular on Linux.
For that reason, this chapter covers how to set up MIT Kerberos, version 5 in particular,
which is the current version. Version 4 has some major security problems, so you should
not use that version; use version 5 only.

321

322 CHAPTER 13 N

CHAPTER 13 N

324 CHAPTER 13 N

CHAPTER 13 N

326 CHAPTER 13 N

CHAPTER 13 N

328 CHAPTER 13 N

CHAPTER 13 N

330 CHAPTER 13 N

CHAPTER 13 N

332 CHAPTER 13 N

CHAPTER 13 N

334 CHAPTER 13 N

CHAPTER 13 N

336 CHAPTER 13 N

CHAPTER 13 N

338 CHAPTER 13 N


Click to View FlipBook Version