Monday , 12 April 2021
Breaking News
Home » WWW (page 260)

WWW

Each line of the preceding sample code represents a rule for PAM

PAM Rules Each line of the preceding sample code represents a rule for PAM to follow when authenticating a user for this service. The contents of each line are broken down into the following fields: – Type is the management group to which a rule corresponds. It is used to specify with which of the management groups the module is to be associated. Valid entries are account, auth, password, and session, as described in the earlier section, “PAM Management Groups.” – Control specifies the behavior of the PAM API if the module fails to authenticate. Valid control values are as ... Read More »

The first time you connect to a remote computer using SSH

Updating SSH Key Fingerprints The first time you connect to a remote computer using SSH, the local computer prompts for permission to add the remote computer’s fingerprint to the user’s ~/.ssh/known_hosts file. A message like this appears: The authenticity of host “server1.pretendco.com” can’t be established. RSA key fingerprint is f8:0e:37:53:74:f1:dd:cd:5a:a4:1d:b3:57:a9:a6. Are you sure you want to continue connecting (yes/no)? Read More »

Using Network Time Protocol

Network Time Protocol (NTP) provides a time server that all clients on a network can query to keep their system clocks in sync. It is critical to keep each computer on a network referencing the same time, for several reasons. Several subsystems rely on having correct time, such as Kerberos, which uses synchronized time to prevent replay attacks and synchronize authentication services. A standard time reference also helps preserve the sanity of system administrators with the integrity of all timestamps ensured (including those for mail headers, database transactions, and file system metadata), correlating log files and events is easier. It ... Read More »

Restricting Zone Transfers

Another way to keep a primary or secondary DNS server secure is to restrict zone transfers to authorized sources only. By default, the “Allows zone transfer” checkbox is enabled for each zone created, which means that anyone who can issue queries against a server can also request a copy of the entire zone file. This is an especially bad security risk when a server is world-accessible. You should configure named to allow zone transfers only to authorized secondary DNS servers. Locking down zone transfers also prevents denial of service (DoS) by zone transfer to unexpected hosts. There are two ways ... Read More »

About the Domain Name System

Originally, computers performed name-to-address mapping via a simple text file, the hosts file, which contained a list of every machine that needed to be referenced by name. Using the hosts file, a computer could resolve a lookup. Every computer had a copy of the hosts file. If an IP address changed for any machine in that file, the reference would need to be changed in the hosts file and every computer’s hosts file would need to be updated to reflect the change. Clearly, the number of machines on the Internet today makes this an impossible task. The Domain Name System ... Read More »