Course Content
This new 2 day course covers covers the System Security Service Daemon (SSSD) as deployed on the SLES 12 platform. The SSSD, designed for and available for nearly all Linux distributions, is fast becoming the Linux server authentication framework of choice. Comprehensive documentation and technical instruction on the concepts, use cases and deployment techniques for system administrators is still difficult to obtain. This course attempts to do just that.
Who should attend
The course is ideal for system administrators and consultants who need to:
- Better understand the use case of the SSSD and it’s features
- Deploy new systems using the SSSD
- Migrate from legacy PAM LDAP or PAM LDAP/Kerberos configurations
- More tightly integrate Linux systems into Active Directory environments
- Assess environment design choices, SSSD best practices and administration
Prerequisites
Attendees should have familiarity with the Command Line, Linux System Administration skills and attention to details. SUSE Certified Administrator (SCA) in Enterprise Linux or SUSE Certified Linux Engineer (SCE) in Enterprise Linux certification or level of experience recommended.
Course Objectives
During this course you will learn to :
- Understand the architecture and functionality of the SSSD
- Implement the SSSD with common identity providers
- Secure and optimize the SSSD
Outline: Administering SSSD on SUSE Linux Enterprise Server 12 (SLE342)
SECTION 1: The features, architecture and requirements of the SSSD
SECTION 2: Testing time synchronisation and DNS services
SECTION 3: Implement and test the openLDAP client
SECTION 4: Install required software (SSSD LDAP/LOCAL providers)
SECTION 5: Implement and test the SSSD LDAP providers
SECTION 6: Implement and test the SSSD LOCAL providers
SECTION 7: Tuning the SSSD configurations and security
SECTION 8: Install required software (SSSD Kerberos providers)
SECTION 9: Implement and test the SSSD LDAP/Kerberos providers
SECTION 10: Joining the Active Directory domain
SECTION 11: Implement and test the Linux Kerberos client
SECTION 12: Implement and test the openLDAP client (GSSAPI)
SECTION 13: Implement and test the SSSD LDAP/Kerberos providers
SECTION 14: Tuning the SSSD configurations and security
SECTION 15: Using the SSSD tools and utilities
SECTION 16: Review the SSSD cache files and records (optional)
SECTION 17: Install required software (SSSD AD providers)
SECTION 18: Implement and test the SSSD AD providers
SECTION 19: Changing between mapped and non-mapped configs
SECTION 20: Tuning the SSSD configurations and security
SECTION 21: Implement and test autofs maps and caching
SECTION 22: Implement and test sudo rules and caching