authentication

Bookmarks for 18 giu 2013 through 19 giu 2013

These are my links for 18 giu 2013 through 19 giu 2013:

  • CommuniGate Pro: Cluster Load Balancers – The DSR/DR is the preferred Load-Balancing method for larger installations. When this method is used, each Server is configured to have the VIP (Virtual IP) shared addresses as its local IP addresses. This allows each Server to receive all packets directed to the VIP addresses, and to send responses directly to the clients using the VIP as the "source" address. The servers should not respond to the arp requests for these VIP addresses. Instead the load balancer responds to these requests, and thus all incoming packets directed to the VIP addresses are delivered to the load balancer, which redirects them to Servers. When redirecting these incoming packets, the load balancer sends them directly to the Server MAC address, without changing the packet destination address, that remains the VIP address.
  • Using arp announce/arp ignore to disable ARP – LVSKB
  • Configuring DSR on the Alteon load balancers | Remsys – As per Wikipedia, load balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, and minimize response time. Usage of multiple components with load balancing, instead of a single component, may increase reliability through redundancy. DSR is a way for outbound traffic to bypass the load balancer, sending traffic directly to the default router of that network.
  • FreeIPA – FreeIPA is a Red Hat sponsored open source project which aims to provide an easily managed Identity, Policy and Audit (IPA) suite primarily targeted towards networks of Linux and Unix computers. FreeIPA can be compared to Novell's Identity Manager or Microsoft's Active Directory in that the goals and mechanisms used are similar.

Bookmarks for 17 mag 2012 through 18 mag 2012

These are my links for 17 mag 2012 through 18 mag 2012:

  • vikjon’s Linux and Media Center Howto: NSClient++ external vbs script to check MSSQL jobs – This script for NSClient++ checks if there is any failed jobs in MS SQL server. The database connection data is stored in a UDL file.
  • Mobile-OTP: Strong Two-Factor Authentication with Mobile Phones – Mobile One Time Passwords (Mobile-OTP)
    strong, two-factor authentication with mobile phones

    Using static passwords for authentication, as it is commonly done, has quite a few security drawbacks: passwords can be guessed, forgotten, written down and stolen, eavesdropped or deliberately being told to other people.
    A better, more secure way of authentication is the so called "two-factor" or "strong authentication" based on one time passwords. Instead of authenticating with a simple password, each user carries a device ("token") to generate passwords that are valid only one time.

    client for: Standard phone and BlackBerry (J2ME) iPhone Google Android Windows Phone 7 PalmOS webOS Maemo Openmoko Universal Web App Windows Linux MacOS

    Server-Side:
    Mobile-OTP Authentication Server (MOTP-AS)
    Full blown RADIUS server specifically for Mobile-OTP. include:
    – authenticating users by RADIUS (and optionally PAM or Apache)
    – SQL database for user/device configuration
    – Administration Web Interface

  • Open Monitoring Distribution – Wiki – OMD – Welcome to OMD – the Open Monitoring Distribution. OMD implements a completely new concept of how to install, maintain and update a monitoring system built on Nagios.

    OMD avoids the tedious work of manually compiling and integrating Nagios addons while at the same time avoiding the problems of pre-packaged installations coming with your Linux distribution, which are most times outdated and provide no regular updates.

    OMD bundles Nagios together with many important addons and can easily be installed on every major Linux distribution. We provide prebuilt packages for all enterprise Linux distributions and also for some other, such as Ubuntu 11.04.

Bookmarks for 8 nov 2011 through 14 nov 2011

These are my links for 8 nov 2011 through 14 nov 2011:

  • using mod_auth_kerb and Windows 2000/2003/2008R2 as KDC – This tutorial contains my knowledge about using Apache/mod_auh_kerb and Windows 2000/2003/2008R2 as KDC.
  • Squid kerberos authentication and ldap authorization in Active Directory « Klaubert’s Blog – The squid web cache include a authenticator for kerberos, it is simple to use, but the documentation is not very clear about how to make it work. Below some steps use by me to make Squid 3.0 Stable1 and Squid 2.6 Stable17 authenticate against Active Directory (Windows 2003 Directory Service) and also to make it make the authorization using Ldap. This setup was not used in production environment yet, so its possible to had some problems not seen by me or scalabilities issues.
  • active directory – Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP – Server Fault – This is setup with Squid 3.0, has also been tested with Squid 3.1 and should work with Squid 2.7. Your Windows user must be a member of the SQUID_USERS group in Active Directory (for this case anyway).

    On the Windows side, Windows XP and Windows 2007 have been tested against Windows 2008, and Windows XP against Windows 2003.

  • Open vSwitch – What is Open vSwitch?

    Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.

  • 21 Ruby Tricks You Should Be Using In Your Own Code – 2009 Update: This post was written in early 2008 and looking back on it, there are a couple of tricks that I wouldn't recommend anymore – or to which extra warnings need to be added. I've added paragraphs like this where necessary. Enjoy! 🙂

Bookmarks for 4 nov 2011 from 16:39 to 16:41

These are my links for 4 nov 2011 from 16:39 to 16:41:

  • What is FreeIPA? – FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 (formerly known as Fedora Directory Server), MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools.
    In IPA v2 we added DNS and Dogtag Certificate Server, enhanced administrative framework, added support for host identities, netgroups, automount per location and more.
  • FreeIPA and Samba 3 Integration – techslaves.org – FreeIPA makes a pretty excellent backend for Samba 3. While all the information one needs to set this up is available online, I wasn’t able to find it all  in one location so I’ve decided to try my best at filling that gap here on techslaves.org. Hopefully this short guide will aid those trying to piece together the various parts necessary to integrate FreeIPA v2 and Samba 3, at least until FreeIPA v3 where there is talk of enabling Samba integration with a simple command line argument to the “ipa-server-install” script.
  • Time Navigator HA Cluster Agent Configuration – techslaves.org – I’ve been wanting to post about a configuration that allows for seamless file-level backup of storage attached to an active/passive high availability cluster in an uninterrupted fashion using Atempo’s Time Navigator and I’m finally going to do it.

Bookmarks for 18 gen 2010 from 17:06 to 23:41

These are my links for 18 gen 2010 from 17:06 to 23:41:

  • Samba e Active Directory .:. PippoFante.it – Unire una macchina Linux (*BSD, Solaris, …) a un dominio (Active Directory) Windows talvolta è comodo, talvolta è utile, talvolta è necessario. Per ottenere questo risultato si usa Samba.
  • Squid e autenticazione su Active Directory .:. PippoFante.it – È giunto il momento di rifare il proxy aziendale – ovviamente Squid – e con l'occasione cambio il metodo di autenticazione appoggiandomi al dominio: una password in meno per gli utenti e controllo più centralizzato. Le condizioni al contorno sono sempre quelle: Debian come guest su VMware ESX così aumentiamo la percentuale di virtualizzazione con tutti i pro (ma anche i contro).
  • IBM Quicklinks | Main