diff --git a/admin-guide/deployment/rhel8/installation/grub_default.png b/admin-guide/deployment/rhel8/_static/installation_grub_default.png similarity index 100% rename from admin-guide/deployment/rhel8/installation/grub_default.png rename to admin-guide/deployment/rhel8/_static/installation_grub_default.png diff --git a/admin-guide/deployment/rhel8/installation/grub_select.png b/admin-guide/deployment/rhel8/_static/installation_grub_select.png similarity index 100% rename from admin-guide/deployment/rhel8/installation/grub_select.png rename to admin-guide/deployment/rhel8/_static/installation_grub_select.png diff --git a/admin-guide/deployment/rhel8/installation/ipxe_select_rhel8.png b/admin-guide/deployment/rhel8/_static/installation_ipxe_select_rhel8.png similarity index 100% rename from admin-guide/deployment/rhel8/installation/ipxe_select_rhel8.png rename to admin-guide/deployment/rhel8/_static/installation_ipxe_select_rhel8.png diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_desktop.png b/admin-guide/deployment/rhel8/_static/kerberos_desktop.png similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_desktop.png rename to admin-guide/deployment/rhel8/_static/kerberos_desktop.png diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_desktop.puml b/admin-guide/deployment/rhel8/_static/kerberos_desktop.puml similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_desktop.puml rename to admin-guide/deployment/rhel8/_static/kerberos_desktop.puml diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_sshd_password_only.png b/admin-guide/deployment/rhel8/_static/kerberos_sshd_password_only.png similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_sshd_password_only.png rename to admin-guide/deployment/rhel8/_static/kerberos_sshd_password_only.png diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_sshd_password_only.puml b/admin-guide/deployment/rhel8/_static/kerberos_sshd_password_only.puml similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_sshd_password_only.puml rename to admin-guide/deployment/rhel8/_static/kerberos_sshd_password_only.puml diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_sshd_tgt_delegation.png b/admin-guide/deployment/rhel8/_static/kerberos_sshd_tgt_delegation.png similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_sshd_tgt_delegation.png rename to admin-guide/deployment/rhel8/_static/kerberos_sshd_tgt_delegation.png diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_sshd_tgt_delegation.puml b/admin-guide/deployment/rhel8/_static/kerberos_sshd_tgt_delegation.puml similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_sshd_tgt_delegation.puml rename to admin-guide/deployment/rhel8/_static/kerberos_sshd_tgt_delegation.puml diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_systemd_user.png b/admin-guide/deployment/rhel8/_static/kerberos_systemd_user.png similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_systemd_user.png rename to admin-guide/deployment/rhel8/_static/kerberos_systemd_user.png diff --git a/admin-guide/deployment/rhel8/kerberos/kerberos_systemd_user.puml b/admin-guide/deployment/rhel8/_static/kerberos_systemd_user.puml similarity index 100% rename from admin-guide/deployment/rhel8/kerberos/kerberos_systemd_user.puml rename to admin-guide/deployment/rhel8/_static/kerberos_systemd_user.puml diff --git a/admin-guide/deployment/rhel8/installation.md b/admin-guide/deployment/rhel8/installation.md index 0ce8a5bb..0a88b335 100644 --- a/admin-guide/deployment/rhel8/installation.md +++ b/admin-guide/deployment/rhel8/installation.md @@ -20,10 +20,10 @@ bob node set-attr $FQDN ipxe_installer=rhel8install ### Installation with UEFI Start the machine and select network boot (if not already the default), then you get following menu: -![Grub default menu](installation/grub_default.png) +![Grub default menu](_static/installation_grub_default.png) There select "Install Red Hat Enterprise Linux 8.7" -![Grub menu selection for iPXE](installation/grub_select.png) +![Grub menu selection for iPXE](_static/installation_grub_select.png) __NOTE:__ After the installation the boot order will be changed to localboot again! So if you reinstall make sure that you re-set the bootorder via the efi menu or the commandline: https://linux.die.net/man/8/efibootmgr @@ -44,5 +44,5 @@ Boot0004* Red Hat Enterprise Linux ### Installation with Legacy BIOS Start the machine and select network boot (if not already the default), then you get following menu, where the default depends on the `sysdb` configuration, but you may override it manualy: -![select RHEL 8 installation](installation/ipxe_select_rhel8.png) +![select RHEL 8 installation](_static/installation_ipxe_select_rhel8.png) diff --git a/admin-guide/deployment/rhel8/kerberos.md b/admin-guide/deployment/rhel8/kerberos.md index 5226d7c6..fc5dfcd0 100644 --- a/admin-guide/deployment/rhel8/kerberos.md +++ b/admin-guide/deployment/rhel8/kerberos.md @@ -302,12 +302,12 @@ The code is publicly available on [Github](https://github.com/paulscherrerinstit Below diagrams show how PAM and especially `pam_single_kcm_cache.so` interact with the KCM in different use cases. ### Login with SSH using Password Authentication -![Login with SSH and Password Authentication](kerberos/kerberos_sshd_password_only.png) +![Login with SSH and Password Authentication](_static/kerberos_sshd_password_only.png) That is kind of the "common" authentication case where all important work is done in PAM. This is the same for login on the virtual console or when using `su` with password. At the end there is an shell session with a credential cache which is not used by any other session (unless the user shares it somehow manually). Like this session isolation is achieved. ### Login with SSH using Kerberos Authentication and TGT Delegation -![Login with SSH and Password Authentication](kerberos/kerberos_sshd_tgt_delegation.png) +![Login with SSH and Password Authentication](_static/kerberos_sshd_tgt_delegation.png) This is a bit simpler as all the authentication is done in `sshd` and only the session setup is done by PAM. Note that `sshd` does not use the default cache, but instead creates always a new one with the delegated TGT. @@ -315,7 +315,7 @@ This is a bit simpler as all the authentication is done in `sshd` and only the s In above diagrams we see how `systemd --user` is being started. It is also using PAM to setup its own session, but it does not do any authentication. -![Login with SSH and Password Authentication](kerberos/kerberos_systemd_user.png) +![Login with SSH and Password Authentication](_static/kerberos_systemd_user.png) Here we use a predefined name for the credential cache so it can be shared with the desktop sessions. The next diagram shows more in detail how `systemd --user` and the Gnome desktop interact. @@ -323,7 +323,7 @@ Here we use a predefined name for the credential cache so it can be shared with This is the most complex use case: -![Gnome Desktop](kerberos/kerberos_desktop.png) +![Gnome Desktop](_static/kerberos_desktop.png) At the end we have a well known shared credential cache between Gnome and `systemd --user`. This is needed `systemd --user` is used extensively by Gnome. Important is that the Kerberos setup already happens at authentication phase as there is no session setup phase for screen unlock as the user returns there to an already existing session.