1
00:00:00,000 --> 00:00:01,090
[No audio]

2
00:00:01,090 --> 00:00:01,938
Now here we will look

3
00:00:01,964 --> 00:00:04,350
at the Linux account authentication.

4
00:00:04,790 --> 00:00:07,734
What does it really mean is that you

5
00:00:07,772 --> 00:00:11,166
create local accounts right on your local computer.

6
00:00:11,348 --> 00:00:13,054
In this case we have our Linux

7
00:00:13,102 --> 00:00:14,974
machine, we created our local accounts.

8
00:00:15,022 --> 00:00:16,698
So we just learned that, right?

9
00:00:16,844 --> 00:00:21,750
So what if you have thousands of users?

10
00:00:21,750 --> 00:00:23,810
[No audio]

11
00:00:23,810 --> 00:00:25,918
How can you manage all those users?

12
00:00:25,954 --> 00:00:27,778
How can you change your password?

13
00:00:27,934 --> 00:00:30,918
So then that's the problem comes in when

14
00:00:30,944 --> 00:00:33,630
you have to actually add multiple users to

15
00:00:33,740 --> 00:00:36,030
of course multiple servers as well.

16
00:00:36,140 --> 00:00:38,802
So what will happen if a user joins a

17
00:00:38,816 --> 00:00:43,138
company or a system administrator or new user joins

18
00:00:43,174 --> 00:00:45,438
a company and you have to create his or

19
00:00:45,464 --> 00:00:47,926
her account to let's say 1000 servers.

20
00:00:47,998 --> 00:00:49,458
Now are you going to log into

21
00:00:49,544 --> 00:00:52,100
every server and create a user account?

22
00:00:52,610 --> 00:00:53,830
Well, that's not efficient.

23
00:00:53,890 --> 00:00:56,574
And usually the companies don't work that

24
00:00:56,612 --> 00:00:58,942
way and they don't actually create user

25
00:00:58,966 --> 00:01:01,342
accounts individually to each server.

26
00:01:01,366 --> 00:01:03,610
So what they do is in Windows environment

27
00:01:03,670 --> 00:01:06,294
they add some kind of directory service or

28
00:01:06,331 --> 00:01:10,110
directory server where user could log in having

29
00:01:10,160 --> 00:01:13,798
the authentication through a different server.

30
00:01:13,954 --> 00:01:16,002
So how it works, let's see

31
00:01:16,076 --> 00:01:18,642
what type of accounts there are.

32
00:01:18,776 --> 00:01:21,438
So there are basically two types of accounts that you

33
00:01:21,464 --> 00:01:26,290
have, one account that is sitting local to your machine.

34
00:01:26,410 --> 00:01:29,074
Meaning, that you create a user account in Linux machine

35
00:01:29,122 --> 00:01:32,958
by running a command useradd and then you add

36
00:01:32,984 --> 00:01:36,150
it to the group or give permissions and so on.

37
00:01:36,260 --> 00:01:39,918
So most of the Linux accounts we create it locally and

38
00:01:39,944 --> 00:01:42,618
the reason we create most of the Linux accounts is

39
00:01:42,644 --> 00:01:48,322
because Linux is not like a user environment where user

40
00:01:48,346 --> 00:01:50,218
will log in and perform different tasks.

41
00:01:50,314 --> 00:01:53,062
It is basically used for system administration

42
00:01:53,146 --> 00:01:57,762
purposes or to run major applications anyway.

43
00:01:57,836 --> 00:01:58,962
So if you need to create a

44
00:01:58,976 --> 00:02:00,714
local user account, we already learned that.

45
00:02:00,752 --> 00:02:04,398
Now the question comes in what if you have to create

46
00:02:04,544 --> 00:02:08,274
a user account to 10000 different servers? Then you have to

47
00:02:08,312 --> 00:02:13,090
have a domain or directory accounts on a server.

48
00:02:13,210 --> 00:02:14,946
So how it works is, you have

49
00:02:15,008 --> 00:02:17,542
all your user accounts under one database.

50
00:02:17,686 --> 00:02:19,414
So look at this picture.

51
00:02:19,462 --> 00:02:22,482
So you have a client which is a server which

52
00:02:22,496 --> 00:02:25,254
is your Linux machine, any Linux machine that you have

53
00:02:25,292 --> 00:02:28,722
installed, and then you have another server which is, in

54
00:02:28,736 --> 00:02:31,438
our case we call it a directory server.

55
00:02:31,594 --> 00:02:33,558
So a directory server, a user tried

56
00:02:33,584 --> 00:02:35,934
to log into the client and if the

57
00:02:35,972 --> 00:02:39,334
account authentication goes against the server.

58
00:02:39,502 --> 00:02:42,438
So the server checks to see if that account

59
00:02:42,524 --> 00:02:46,750
exists and if the account exists it will reply

60
00:02:46,810 --> 00:02:50,374
back saying the user has been authenticated and it's

61
00:02:50,422 --> 00:02:53,178
okay for user to go ahead and log in.

62
00:02:53,264 --> 00:02:56,314
And that's how, a user that is created

63
00:02:56,362 --> 00:02:58,626
on the directory structure will log in.

64
00:02:58,688 --> 00:03:01,194
Now remember, this is not for

65
00:03:01,292 --> 00:03:04,110
those users that are created locally.

66
00:03:04,610 --> 00:03:07,638
This authentication process only works with

67
00:03:07,664 --> 00:03:09,130
the client and the server.

68
00:03:09,190 --> 00:03:11,170
So there is a server out there in Windows,

69
00:03:11,230 --> 00:03:13,890
that is Active Directory. So it gets authenticated, it comes

70
00:03:13,940 --> 00:03:16,530
back, and that's how you get it authenticated.

71
00:03:16,970 --> 00:03:21,474
So in Windows, now Windows has this product

72
00:03:21,572 --> 00:03:24,154
Active Directory, which is called Microsoft Active Directory,

73
00:03:24,202 --> 00:03:27,966
which is awesome product, it works so good,

74
00:03:28,028 --> 00:03:30,022
it works so efficiently for the users.

75
00:03:30,046 --> 00:03:33,258
So how? How it works is, you go into the

76
00:03:33,284 --> 00:03:37,698
Windows Active Directory server, you create an account on

77
00:03:37,724 --> 00:03:42,498
the Active Directory and then it gets authenticated and

78
00:03:42,524 --> 00:03:44,986
then you can log into the client.

79
00:03:45,178 --> 00:03:49,734
So now remember how this works. This goes into

80
00:03:49,772 --> 00:03:52,698
the server and what protocol it uses. If you need

81
00:03:52,724 --> 00:03:55,794
to log into server, what protocol you use?

82
00:03:55,892 --> 00:03:57,570
You use SSH, right?

83
00:03:57,680 --> 00:03:59,878
So if you want to log into the server

84
00:03:59,974 --> 00:04:04,198
using Active Directory or some kind of a directory

85
00:04:04,234 --> 00:04:09,990
service, you will use a protocol called LDAP.

86
00:04:10,670 --> 00:04:14,902
So the question is linux, does linux uses LDAP?

87
00:04:15,046 --> 00:04:19,630
Now, remember one thing guys LDAP, it's

88
00:04:19,690 --> 00:04:23,130
a protocol, it's not a directory that

89
00:04:23,180 --> 00:04:25,798
you get authenticated for Linux users.

90
00:04:25,834 --> 00:04:30,030
A lot of people have this misconception, so please clear

91
00:04:30,080 --> 00:04:34,462
that misconception that LDAP is not used for Linux.

92
00:04:34,546 --> 00:04:37,854
LDAP is just a protocol that is used for

93
00:04:37,892 --> 00:04:41,314
Windows, for Linux, or any server, or even Mac.

94
00:04:41,422 --> 00:04:44,466
They use this protocol to

95
00:04:44,528 --> 00:04:46,798
authenticate against a directory.

96
00:04:46,954 --> 00:04:50,802
So what does LDAP is? So why a lot

97
00:04:50,816 --> 00:04:53,650
of people say well, LDAP use LDAP for Linux.

98
00:04:53,770 --> 00:04:55,578
Well, that's not a real case.

99
00:04:55,664 --> 00:04:57,990
So in my next lesson, I will tell

100
00:04:58,040 --> 00:05:01,990
you exactly the difference between LDAP, Active Directory

101
00:05:02,170 --> 00:05:06,174
and all other different directory servers that are

102
00:05:06,212 --> 00:05:09,298
out there that you could use for Linux

103
00:05:09,334 --> 00:05:11,590
authentication, or even for Windows authentication.

104
00:05:11,650 --> 00:05:14,854
Not necessarily Windows needs to use Active Directory.

105
00:05:14,902 --> 00:05:16,602
There are other products people use.

106
00:05:16,736 --> 00:05:18,538
So Active Directory is native to Windows,

107
00:05:18,574 --> 00:05:20,674
that's what people use it and mostly

108
00:05:20,722 --> 00:05:22,342
use it in a corporate environment.

109
00:05:22,426 --> 00:05:24,834
But in Linux, I'm telling you again,

110
00:05:24,932 --> 00:05:26,974
there is no such thing called LDAP.

111
00:05:27,022 --> 00:05:29,050
And people says hey, go ahead and use LDAP.

112
00:05:29,110 --> 00:05:32,139
No. LDAP, again, it's a protocol.

113
00:05:32,139 --> 00:05:37,619
You can look it up. It's called Lightweight Directory Assistant Protocol,

114
00:05:37,619 --> 00:05:40,040
or directory something protocol. You can look it up.

115
00:05:40,040 --> 00:05:42,800
So anyway, so that's a protocol that is used.

116
00:05:43,190 --> 00:05:45,442
So I'll go over to the next lesson, and I'll

117
00:05:45,466 --> 00:05:48,662
explain you the difference between every directory services.

118
00:05:48,662 --> 00:05:50,315
[No audio]