1 Linux Networking and Security Chapter 3
2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand client services such as DHCP and LDAP Use remote graphical applications and remote dial-up authentication Use common client tools such as Linux Web browsers and clients
3 Setting Up Name Resolution The domain name service (DNS) is implemented by a domain name server The term domain name refers to the name of multiple hosts on the Internet that are collectively referred to The most widely known top-level domain is.com Within a top-level domain, an organization has its own domain or domains Network hosts are given names called hostnames A fully qualified domain name (FQDN) combines a hostname with the name of its domain
4 Setting Up Name Resolution
5 Configuring the DNS Resolver Manually The resolver is the client part of DNS It makes requests to a DNS server so that other workstation programs can use the IP address of a given server to make a network connection The resolver is configured by a single file in Linux: /etc/resolv.conf Configure the resolver by storing the IP address of one or more DNS servers in the resolv.conf file, proceeded by the keyword nameserver
6 The hosts File Another way to convert an IP address to a domain name is store the IP address and corresponding domain names in a text file called /etc/hosts on your host The /etc/hosts.conf or /etc/nsswitch.conf files determine the order in which the resolver looks to various sources to resolve IP addresses
7 Configuring the DNS Resolver Graphically
8
9
10 Configuring the DNS Resolver Graphically
11 Dial-up Network Access Using PPP PPP is widely used to connect to the Internet via modem PPP includes feature that make it more secure, flexible, and dependable than terminal emulation In reality, PPP was not very secure and was challenging to configure and manage Two advances improve PPP security: Password Authentication Protocol (PAP) stores user data in a file that only the root user accesses Challenge Handshake Authentication Protocol (CHAP) is the most secure PPP option
12 PPP Connections Text-mode utility wvdial is designed to ease the difficulty of working with PPP Used from a command line on a server Red Hat Linux uses a utility called rp3 This is a wizard-driven graphical utility The Linux KDE graphical environment uses a utility called KPPP diald automates PPP difficult to use and challenging to set up
13 PPP Connections
14 PPP Connections
15 Using DHCP Dynamic Host Configuration Protocol (DHCP) allows the configuration of a service that hands out IP addresses to network clients DHCP can drastically reduce the administration needs of a network The DHCP server is installed by default on many Linux systems Configuration of DHCP involves creating an /etc/dhcpd.conf file
16 Using DHCP
17 Understanding LDAP The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a database of network resource information LDAP directories are organized as inverted trees of information To use a directory, client software allows traversal of the tree, looking for the needed data Objects in the tree are referred to using a formalized set of identifiers
18 Understanding LDAP
19 Understanding LDAP
20 Running Applications Remotely
21 Running Applications Remotely Before an X client can display its windows on a remote host, the remote host must be configured to allow others to use its X server To use xhost Authentication, include the hostname of the computer that will be allowed to display xauth Authentication is more secure than xhost since it employs the use of a cookie XDMCP for Remote Graphical Terminals lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux
22 Running Applications Remotely Using r-Utilities for Remote Execution Allow a user to learn about or execute a program on another host The r-utilities are not secure Using UUCP for Remote Access Provides transfer of over modem between multiple servers
23 Running Applications Remotely
24 Web and Mail Clients Popular Linux Browsers Lynx is a text-based browser that is installed by default on many popular Linux distributions Netscape Communicator on Linux is similar to Netscape on Windows Mozilla is included as the default on Red Hat Linux on the Gnome desktop Other browsers: Opera, dillo, Galeon, SkipStone
25 Popular Linux Browsers
26 Understanding is transferred on the Internet via the Simple Mail Transport Protocol (SMTP) -related programs are divided into three categories: Mail Transfer Agent (MTA) - moves messages from one server to another Mail Delivery Agent (MDA) - places in a user’s mailbox Mail User Agent (MUA) - displays and manages messages for a user
27 Understanding On every Linux system, user accounts have associated accounts and is placed in the /var/spool/mail directory is typically retrieved using a MUA in one of three ways: Post Office Protocol (POP3) - via a POP3 server downloads messages to the computer Internet Mail Access Protocol (IMAP) - views messages on the remote server Web browser
28 Understanding Using an Filter: Procmail Procmail is a special MDA acts as a filter and processes based on user-defined criteria Difficult to configure, but worth the effort if a large number of incoming messages are regularly received Is installed by default on many Linux systems Checks for both a system-wide configuration file /etc/procmailrc and per-user.procmailrc These files can contain recipes, or formulas for examining messages and taking an action
29 Linux Clients
30 Linux Clients
31 Chapter Summary The client portion of the domain name service is called a resolver A fully qualified domain name (FQDN) consists of a hostname plus the domain of which the host is part PPP is a popular method of making network connections via modem PPP security is provided by the Password Authentication (PAP) and Challenge Handshake Authentication (CHAP) protocols The wvdial utility can configure and manage a PPP connection from the command line
32 Chapter Summary The diald program automates use of a dial-up connection via PPP, automatically connecting and disconnecting based on traffic The Dynamic Host Configuration Protocol (DHCP) allows clients to configure IP networking automatically by receiving network address information from a DHCP server Most versions of Linux include the dhcpd server and at least one of the three common DHCP clients The Lightweight Directory Access Protocol (LDAP) provides a directory service that lets users query a worldwide database for information on resources
33 Chapter Summary The OpenLDAP server is provided with most Linux distributions X can execute graphical programs remotely by referring to the DISPLAY variable or the --display command line option XDMCP lets users on remote X servers obtain a graphical login screen and begin using X clients on Linux without first logging into Linux via Telnet The r-utilities provide a convenient way to execute commands on, or copy files between, remote hosts when working in a trusted network environment
34 Chapter Summary The Unix to Unix Copy (UUCP) protocol was designed to facilitate inexpensive transfers of messages between servers in the days before Internet connectivity was widespread Many Web browsers are available for Linux, with the most popular being the text-mode browser Lynx and graphical browsers Mozilla and Netscape Internet relies on a Mail Transfer Agent (MTA) to move messages between hosts; a Mail Delivery Agent (MDA) may process mail as it is delivered to a user’s mailbox; and a Mail User Agent MUA is relied upon in order for a user to read and send messages
35 Chapter Summary MUAs can either read local mail files, or can use the POP3 or IMAP protocols to retrieve messages from a central server The Procmail program processes messages using recipes which provide automatic message management Many other Linux clients are popular: elm and pine, fetchmail, Kmail and Balsa