The primary goal of this project is to establish a robust authentication and network services infrastructure using industry-standard technologies such as OpenLDAP, SSH, Apache, OpenVPN, DNS, and Kerberos. This project aims to showcase proficiency in configuring and securing diverse services to ensure a resilient and fully functional network environment.
-
OpenLDAP: An open-source implementation of the Lightweight Directory Access Protocol (LDAP), used for centralized management of user accounts and authentication information.
-
SSH (Secure Shell): A cryptographic network protocol used for secure communication over an unsecured network, providing a secure way to access and manage remote devices.
-
Apache: The widely used open-source web server software, crucial for hosting and serving web content securely.
-
OpenVPN: An open-source VPN (Virtual Private Network) solution, facilitating secure communication over the internet by creating a private tunnel.
-
DNS (Domain Name System): A hierarchical decentralized naming system translating domain names into IP addresses, crucial for resolving web addresses to network resources.
-
Kerberos: A network authentication protocol designed to provide strong authentication for client/server applications using secret-key cryptography.
The project encompasses three main parts, each focusing on specific aspects of network services and authentication:
Establishing a robust authentication framework using OpenLDAP, SSH, Apache, and OpenVPN. OpenLDAP serves as the centralized user directory, SSH provides secure remote access, Apache is configured for web authentication, and OpenVPN is integrated for secure virtual private network connections.
Configuring and validating the Domain Name System (DNS) to efficiently manage network services. A separate DNS server (Bind) is set up for domain resolution, with added DNS records for OpenLDAP, Apache, and OpenVPN servers, ensuring seamless name-to-IP address translation.
Introducing Kerberos for enhanced authentication security. A dedicated Kerberos server is installed and configured, adding principals and password policies for users. We have chosen to integrate SSH in Kerberos , providing an additional layer of authentication.