Today we started with Kerberos Services. We covered kerberos solutions in a variety of scenarios including stand alone KDCs (Key Distribution Center), 3rd party KDCs, and multiple KDCs with multiple service providing servers. It gets complicated.
We spent a lot of time covering kerberos stuff, too much to get into here in fact, so moving on. One note though. I’m attending a very early test, and not all of the training documents are final. We had no exercises for this chapter, which involved pulling authentication data from an active directory server. I for one really needed hands on activities in this area, but unfortunately the excercises that were planned were broken by changes in 10.3.4, so no longer worked. This was a biiig bummer as my kerberos knowledge needs a lot of work.
Next we moved on to Open Directory replication. This is a pretty seamless process for the most part in 10.3 server. It’s very easy to make duplicate servers to relieve traffic on a busy network and provide fail over services. We also got familiar with slurpd which server admin uses to perform the replication. Students paired up to make master and replica servers, and had our clients attach to the servers for authentication. This also worked seamlessly. Apple’s OpenLDAP implementation is very solid. There were some small snafu’s here and there, but mostly caused by not following directions.
Then we were on to disk quotas. OS X offers pretty much what you would expect from disk quotas. You can limit users by size, or number of files, and have separate rules for each volume. You can provide quotas for both users and groups, although group quotas can be an issue as one user can fill the quota for all the users in the group. The only real deficiency with quotas in mac os x is that there is no way for a user to check his quota and current usage data from the finder. It can be done in terminal, but only while ssh’ed in to the server. There are ways around this, like providing quota data on a web page, but it would be nice to have this data available for users from the finder. Commandline utilities at work here include: du, df, edqouta, quota, repquota, quotacheck and a couple others.
Another solid day. One of the guys who is currently taking the Client class commented that we all looked depressed. I found that funny. Really we’re all just concentrating, and trying not to break our servers during the clients. It doesn’t take a lot in the command line to pretty seriously break a server. NeST can do some really fun things to your directory server.