Chapter 7

Question 1

This line is in our /etc/nsswitch.conf file: passwd: files nis ldap. Which source is searched first for passwd records?

Answer 1

/etc/passwd

Question 2

This line is in our /etc/nsswitch.conf file: hosts: files nis dns. Which source is searched last for hosts records?

Answer 2

DNS

Question 3

Which of the following is required when using an LDAP server for account information and authentication?

Answer 3

The fully qualified domain name of the LDAP server
A base distinguished name
A CA Certificate

Question 4

What is a disadvantage of running sssd?

Answer 4

updates on the server are not seen immediately by the clients

Question 5

Why is TLS encryption required when using LDAP authentication?

Answer 5

TLS encrypts the communication before LDAP sends passwords across the network and TLS verifies that the client is connected to the correct server before placing passwords on the network.

Question 6

For most databases, which source should be searched first?

Answer 6

files

Question 7

When would you use the getent command?

Answer 7

When configuring and debugging network account information

Question 8

What are the benefits of using sssd?

Answer 8

Allows for offline authentication
Reduces the load on identification servers
Supports multiple domains
Is extensible for use with new identity sources and authentication methods

Question 9

What directory holds log messages from sssd?

Answer 9

/var/log/sssd

Question 10

What is the safest way to make changes to /etc/nsswitch.conf?

Answer 10

With the system-config-authentication command