Bookmarks for 17 ott 2014 through 20 ott 2014

These are my links for 17 ott 2014 through 20 ott 2014:

  • microHOWTO: Configure Apache to use Kerberos authentication – To configure Apache to use Kerberos authentication Kerberos is an authentication protocol that supports the concept of Single Sign-On (SSO). Having authenticated once at the start of a session, users can access network services throughout a Kerberos realm without authenticating again. For this to work it is necessary to use network protocols that are Kerberos-aware. In the case of HTTP, support for Kerberos is usually provided using the SPNEGO authentication mechanism (Simple and Protected GSS-API Negotiation). This is also known as ‘integrated authentication’ or ‘negotiate authentication’. Apache does not itself support SPNEGO, but support can be added by means of the mod_auth_kerb authentication module.
  • How to create a bootable USB stick on OS X | Ubuntu – […] Note: this procedure requires that you create an .img file from the .iso file you download. It will also change the filesystem that is on the USB stick to make it bootable, so backup all data before continuing […]
  • thomastk/kunjumon – Kunjumon is a framework that can be used to create plugins for Nagios monitoring system, without writing any new code. The plugins thus created are robust, and, can monitor complex scenarios by querying data from multiple databases. While efforts to build such plugins would require considerable scripting work, using Kunjumon framework, a a plugin that pulls input data from databases can be implemented by defining it in XML format, and, there is no need to write any code to support it. The Kunjumon framework has been tested on all the Linux platforms, and against MySQL, Postgres, Oracle and Microsoft SQL Server. However, in general, it would work with any ODBC interface configured on the Nagios host to access a data repository.

Bookmarks for 5 ago 2014 through 6 ago 2014

These are my links for 5 ago 2014 through 6 ago 2014:

  • Welcome to the NOC Project – Site – Confluence – NOC is the scalable, high-performance and open-source OSS system for ISP, service and content providers.
  • GestióIP – IP address management (IPAM) software – GestióIP is an automated, Web based IPv4/IPv6 address management (IPAM) software. It features powerful network discovery functions and offers search and filter functions for both networks and host, permitting Internet Search Engine equivalent expressions. This lets you find the information that administrators frequently need easily and quickly. GestióIP also incorporates an automated VLAN management system.
  • phpIPAM IP address management | Open-source IP address management – phpipam is an open-source web IP address management application. Its goal is to provide light and simple |P address management application. It is ajax-based using jQuery libraries, it uses php scripts and javascript and some HTML5/CSS3 features, so some modern browser is preferred to be able to display javascript quickly and correctly…
  • LemonLDAP::NG » start – LemonLDAP::NG is an open source Web Single Sign On product (WebSSO) written in Perl, plugged into Apache Web Server. LemonLDAP::NG is a free software, released under GPL license. LemonLDAP::NG is the first SSO software deployed in French administrations. It can handle more than 200 000 users. Many private firms use it too.
  • CoreOS is Linux for Massive Server Deployments – CoreOS is a new Linux distribution that has been rearchitected to provide features needed to run modern infrastructure stacks. The strategies and architectures that influence CoreOS allow companies like Google, Facebook and Twitter to run their services at scale with high resilience.

Bookmarks for 18 giu 2013 through 19 giu 2013

These are my links for 18 giu 2013 through 19 giu 2013:

  • CommuniGate Pro: Cluster Load Balancers – The DSR/DR is the preferred Load-Balancing method for larger installations. When this method is used, each Server is configured to have the VIP (Virtual IP) shared addresses as its local IP addresses. This allows each Server to receive all packets directed to the VIP addresses, and to send responses directly to the clients using the VIP as the "source" address. The servers should not respond to the arp requests for these VIP addresses. Instead the load balancer responds to these requests, and thus all incoming packets directed to the VIP addresses are delivered to the load balancer, which redirects them to Servers. When redirecting these incoming packets, the load balancer sends them directly to the Server MAC address, without changing the packet destination address, that remains the VIP address.
  • Using arp announce/arp ignore to disable ARP – LVSKB
  • Configuring DSR on the Alteon load balancers | Remsys – As per Wikipedia, load balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, and minimize response time. Usage of multiple components with load balancing, instead of a single component, may increase reliability through redundancy. DSR is a way for outbound traffic to bypass the load balancer, sending traffic directly to the default router of that network.
  • FreeIPA – FreeIPA is a Red Hat sponsored open source project which aims to provide an easily managed Identity, Policy and Audit (IPA) suite primarily targeted towards networks of Linux and Unix computers. FreeIPA can be compared to Novell's Identity Manager or Microsoft's Active Directory in that the goals and mechanisms used are similar.

Bookmarks for 8 nov 2011 through 14 nov 2011

These are my links for 8 nov 2011 through 14 nov 2011:

  • using mod_auth_kerb and Windows 2000/2003/2008R2 as KDC – This tutorial contains my knowledge about using Apache/mod_auh_kerb and Windows 2000/2003/2008R2 as KDC.
  • Squid kerberos authentication and ldap authorization in Active Directory « Klaubert’s Blog – The squid web cache include a authenticator for kerberos, it is simple to use, but the documentation is not very clear about how to make it work. Below some steps use by me to make Squid 3.0 Stable1 and Squid 2.6 Stable17 authenticate against Active Directory (Windows 2003 Directory Service) and also to make it make the authorization using Ldap. This setup was not used in production environment yet, so its possible to had some problems not seen by me or scalabilities issues.
  • active directory – Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP – Server Fault – This is setup with Squid 3.0, has also been tested with Squid 3.1 and should work with Squid 2.7. Your Windows user must be a member of the SQUID_USERS group in Active Directory (for this case anyway).

    On the Windows side, Windows XP and Windows 2007 have been tested against Windows 2008, and Windows XP against Windows 2003.

  • Open vSwitch – What is Open vSwitch?

    Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.

  • 21 Ruby Tricks You Should Be Using In Your Own Code – 2009 Update: This post was written in early 2008 and looking back on it, there are a couple of tricks that I wouldn't recommend anymore – or to which extra warnings need to be added. I've added paragraphs like this where necessary. Enjoy! 🙂