Reading Time: 2 minutes
The Identity Stack: From LDAP to Zero Trust
A 13-episode series on enterprise authentication — from the protocol that replaced /etc/passwd in the 1980s to Zero Trust identity and workload certificates in the 2020s.
Who it’s for: Linux administrators, DevOps engineers, and infrastructure security practitioners who have configured SSSD, joined machines to Active Directory, or debugged PAM — and want to understand why the stack is built the way it is.
# Query your enterprise directory
ldapsearch -x -H ldap://your-dc -b "dc=corp,dc=com" "(uid=you)" cn mail
# Get a Kerberos ticket, inspect it
kinit [email protected] && klist -e
# Trace an SSH login through PAM + SSSD
journalctl -u sssd -f # then SSH in from another terminal
By EP12, you’ll enable SSH login to a Linux VM with Entra ID credentials and read every step in the auth log.
Episodes
| EP |
Title |
| EP01 |
What Is LDAP — and Why It Was Invented to Replace Something Worse |
| EP02 |
LDAP Internals: The Directory Tree, Schema, and What Travels on the Wire |
| EP03 |
How LDAP Authentication Works on Linux: PAM, NSS, and the Login Stack |
| EP04 |
SSSD: The Caching Daemon That Powers Every Enterprise Linux Login |
| EP05 |
How Kerberos Works: Tickets, KDC, and Why Enterprises Use It With LDAP |
| EP06 |
OpenLDAP Setup and Replication: Running Your Own Directory |
| EP07 |
LDAP High Availability: Load Balancing and Production Architecture |
| EP08 |
FreeIPA: LDAP + Kerberos + PKI in a Single Linux Identity Stack |
| EP09 |
How Active Directory Works: LDAP, Kerberos, and Group Policy Under the Hood |
| EP10 |
SAML vs OIDC vs OAuth2: Which Protocol Handles Which Identity Problem |
| EP11 |
Identity Providers Explained: On-Prem, Cloud, SCIM, and Federation |
| EP12 |
Entra ID Linux Login: SSH Authentication with Azure AD Credentials |
| EP13 |
Zero Trust Identity: SPIFFE, SPIRE, mTLS, and Continuous Verification |
Start with EP01: What Is LDAP? →
Get new episodes in your inbox → linuxcent.com/subscribe