[lpi-discuss] WAS: LPIC-1/2 training

Bryan J. Smith b.j.smith at ieee.org
Sat Jul 24 21:40:53 EDT 2004


On Sat, 2004-07-24 at 21:31, Bryan J. Smith wrote:
> There is an LPIC-3 Samba exam in development.  You can be sure that
> there will be a LPIC-3 Network Authentication exam eventually.
> Eventually, by late next year, I'd like to introduce what I call a GL392
> "Network Authentication and Directory" class in what I call our
> "Pre-Level 4" track.  In other words, it would be an independent prep
> for both the CDE/CLE and RHCA, as well as "real world" usable.
> Because I'm big on "technologies," not on "products."  E.g., if you
> learn how technologies work, then you can understand eDirectory,
> ActiveDirctory, One Directory, etc... with relative ease.

BTW, for more of a "buzzword intro" on what options you have in
heterogenous networks for network name, authentication and directory
services, check out this post over at LEAP:  
  http://lists.leap-cf.org/pipermail/leaplist/2004-February/037989.html 

There is also a corresponding one on "collaboration servers" (e.g.,
Exchange and standards) here:  
  http://lists.leap-cf.org/pipermail/leaplist/2004-March/038122.html  

Understand technologies (and processes), not products (and their
assumptions how something should be done).  From there, everything
becomes easy to understand.

One thing I really think is missing in the Freedomware world is an
"universal OSI level 2+3 name server."  We need to get away from the
Internet DNS server approach and introduce a 100% LAN DNS + DHCP +
legacy nameserver.  That can solve a bunch of issues.

E.g., Force system naming nomenclatures for key network resources and
reserve portions of  subnets for "static" IPs right in the integrated
level 2+3 nameserver.  That would solve dynamic DNS security issues with
ease.  Also introduce peer nameserver replication, etc...  as well as
remote subnet resource announcements, reducing various strains on
routers that should be on nameservers, etc...  At the same time, you
could make it 100% BIND v9 compatible, offer DNS secondary servers,
etc...  I am in the middle of a whitepaper.

Furthermore, you'd protect it just like you would your KDC (Kerberos
Distribution Center aka "key server") and timeserver.  My #1 complaint
with the integrated ActiveDirectory DC model is that the KDC is easily
hackable, because it's on a DC offering RPC services.  The AD DC model
also only offers "Windows-only ActiveDirectory-integrated" to resolve
security issues.  Not good for heterogenous networks.


-- 
     Linux Enthusiasts call me anti-Linux.
   Windows Enthusisats call me anti-Microsoft.
 They both must be correct because I have over a
decade of experience with both in mission critical
environments, resulting in a bigotry dedicated to
 mitigating risk and focusing on technologies ...
           not products or vendors
--------------------------------------------------
Bryan J. Smith, E.I.            b.j.smith at ieee.org





More information about the lpi-discuss mailing list