kerberos

Bookmarks for 22 ott 2014 from 11:21 to 11:34

These are my links for 22 ott 2014 from 11:21 to 11:34:

  • F*EX – File EXchange – F*EX (Frams' Fast File EXchange) is a service to send big (large, huge, giant, …) files from a user A to a user B. The sender uploads the file to the F*EX server using a WWW upload form and the recipient automatically gets a notification e-mail with a download-URL.
  • KandanApp – An Open Source Alternative to HipChat and so much more. Get your own private Chat server in minutes, plus additional features. No credit card required. A fast, secure and stable solution based on Rails. Free and open-source Distributed under the AGPL License.
  • Get MogoChat – Beautiful team chat app written in Elixir & Ember.js
  • Ind.ie — Pulse – Pulse Freedom in sync Pulse (previously Syncthing) replaces proprietary sync and cloud services with something open, trustworthy and distributed. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party, and how it's transmitted over the Internet. Free and Open Software. All source code is available on GitHub. What you see is what you get, there is no hidden funny business. Pulse Source Code For Mac, Windows, Linux, BSD, and Solaris Secure & Private, Free & Open, Easy to Use
  • Enterprise/Authentication/sssd – Ubuntu Wiki – The sssd authentication in Ubuntu works pretty decently. You can use it basically with any directory-style backend, including OpenLDAP, Kerberos, RedHat's FreeIPA and Microsoft's Active Directory. The good part about sssd is that it can be used to log into multiple directory services, so if you have some users in one directory, and the the rest in a different place, this works pretty decently in sssd. You can use it for single-server deployments with plain LDAP with servers or workstations (where you could as well go with pam-ldap and nss-ldap), but also, or especially for more sophisticated setups.

Bookmarks for 22 ott 2014 from 11:37 to 15:55

These are my links for 22 ott 2014 from 11:37 to 15:55:

  • S3QL – nikratio – S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3, or OpenStack. S3QL effectively provides a hard disk of dynamic, infinite capacity that can be accessed from any computer with internet access running Linux, FreeBSD or OS-X. S3QL is a standard conforming, full featured UNIX file system that is conceptually indistinguishable from any local file system. Furthermore, S3QL has additional features like compression, encryption, data de-duplication, immutable trees and snapshotting which make it especially suitable for online backup and archival. S3QL is designed to favor simplicity and elegance over performance and feature-creep. Care has been taken to make the source code as readable and serviceable as possible. Solid error detection and error handling have been included from the very first line, and S3QL comes with extensive automated test cases for all its components.
  • Using Foreman, an Opensource Frontend for Puppet – – The recent vulnerability in bash, got me running to update bash. It’s easy when you have maybe one or two Linux servers, but what do you do if you have 100’s or even thousands or servers? You need to use a server configuration and management tool like puppet. However, instead of using the command line, I wanted a GUI tool where I could select the servers or server group and select an action. That is where I found Foreman, A opensource tool which not only handles configuration of your servers but also does provisioning. Foreman is easy to install, opensource, has community based support and a good deal of documentation.
  • Power Up Your Authentication with Open LDAP and Puppet | DataCentred – When you’re busy automating your infrastructure, a recurring theme that causes questions and problems is this: how do you reliably integrate your data (which changes all the time) into your configuration? As a hosting company, we find ourselves needing to tend to an ever-increasing number of devices: servers, switches, routers, hypervisors, you name it. A staple mechanism for centralised authentication is the use of an LDAP server to manage a directory of users and groups and to perform authentication of credentials and privileges on behalf of other devices on the network.
  • Enterprise/Authentication/KerberosServices – Ubuntu Wiki – This article explains a little bit about the Kerberos protocol and how it can be used in Ubuntu. It's not a thorough manual, use more authoritative sources to get more accurate information and update if you see obvious mistakes.

Bookmarks for 17 ott 2014 through 20 ott 2014

These are my links for 17 ott 2014 through 20 ott 2014:

  • microHOWTO: Configure Apache to use Kerberos authentication – To configure Apache to use Kerberos authentication Kerberos is an authentication protocol that supports the concept of Single Sign-On (SSO). Having authenticated once at the start of a session, users can access network services throughout a Kerberos realm without authenticating again. For this to work it is necessary to use network protocols that are Kerberos-aware. In the case of HTTP, support for Kerberos is usually provided using the SPNEGO authentication mechanism (Simple and Protected GSS-API Negotiation). This is also known as ‘integrated authentication’ or ‘negotiate authentication’. Apache does not itself support SPNEGO, but support can be added by means of the mod_auth_kerb authentication module.
  • How to create a bootable USB stick on OS X | Ubuntu – […] Note: this procedure requires that you create an .img file from the .iso file you download. It will also change the filesystem that is on the USB stick to make it bootable, so backup all data before continuing […]
  • thomastk/kunjumon – Kunjumon is a framework that can be used to create plugins for Nagios monitoring system, without writing any new code. The plugins thus created are robust, and, can monitor complex scenarios by querying data from multiple databases. While efforts to build such plugins would require considerable scripting work, using Kunjumon framework, a a plugin that pulls input data from databases can be implemented by defining it in XML format, and, there is no need to write any code to support it. The Kunjumon framework has been tested on all the Linux platforms, and against MySQL, Postgres, Oracle and Microsoft SQL Server. However, in general, it would work with any ODBC interface configured on the Nagios host to access a data repository.

Bookmarks for 1 apr 2014 from 13:31 to 14:21

These are my links for 1 apr 2014 from 13:31 to 14:21:

Bookmarks for 18 giu 2013 through 19 giu 2013

These are my links for 18 giu 2013 through 19 giu 2013:

  • CommuniGate Pro: Cluster Load Balancers – The DSR/DR is the preferred Load-Balancing method for larger installations. When this method is used, each Server is configured to have the VIP (Virtual IP) shared addresses as its local IP addresses. This allows each Server to receive all packets directed to the VIP addresses, and to send responses directly to the clients using the VIP as the "source" address. The servers should not respond to the arp requests for these VIP addresses. Instead the load balancer responds to these requests, and thus all incoming packets directed to the VIP addresses are delivered to the load balancer, which redirects them to Servers. When redirecting these incoming packets, the load balancer sends them directly to the Server MAC address, without changing the packet destination address, that remains the VIP address.
  • Using arp announce/arp ignore to disable ARP – LVSKB
  • Configuring DSR on the Alteon load balancers | Remsys – As per Wikipedia, load balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, and minimize response time. Usage of multiple components with load balancing, instead of a single component, may increase reliability through redundancy. DSR is a way for outbound traffic to bypass the load balancer, sending traffic directly to the default router of that network.
  • FreeIPA – FreeIPA is a Red Hat sponsored open source project which aims to provide an easily managed Identity, Policy and Audit (IPA) suite primarily targeted towards networks of Linux and Unix computers. FreeIPA can be compared to Novell's Identity Manager or Microsoft's Active Directory in that the goals and mechanisms used are similar.

Bookmarks for 3 set 2012 through 5 set 2012

These are my links for 3 set 2012 through 5 set 2012:

  • OneLook Reverse Dictionary – How do I use OneLook's reverse dictionary feature?

    OneLook's reverse dictionary lets you describe a concept and get back a list of words and phrases related to that concept. Your description can be a few words, a sentence, a question, or even just a single word. Just type it into the box above and hit the "Find words" button. Keep it short to get the best results. In most cases you'll get back a list of related terms with the best matches shown first.

    [ via http://blog.terminologiaetc.it/2012/09/04/onelook-reverse-dictionary/ ]

  • missing disks, dump devices, mirroring, etc. – Waldemar Mark Duszyk – Since, we are pretty much always learning …. Some of us on a more elementary, intermediate, or advanced level but regardless of the level we all always learn or re-learn (because what we have mastered we had an ample time to forget – not doing it for a while), here it is a reminder of how to deal with a volume group (in this case it is rootvg which for some reasons lost one of it disks. The loss could be a function of SAN, VIO or other event. It could be a permanent loss – a disk is dead, broken, no longer functioning or the loss was/is temporary in nature; AIX kernel detected a timeout (without any disk errors associated with device failure) long enough for the kernel to mark the disks missing.
  • Authenticating RedHat with ActiveDirectory and Kerberos – Waldemar Mark Duszyk – One of my previous posts deals with authentication of RedHat LINUX using Tivoli Directory Server (TDS LDAP). As I was working on this project, my colleague Igor was busy configuring RedHat authentication with Active Directory and Kerberos (already configured on AD).

Bookmarks for 8 nov 2011 through 14 nov 2011

These are my links for 8 nov 2011 through 14 nov 2011:

  • using mod_auth_kerb and Windows 2000/2003/2008R2 as KDC – This tutorial contains my knowledge about using Apache/mod_auh_kerb and Windows 2000/2003/2008R2 as KDC.
  • Squid kerberos authentication and ldap authorization in Active Directory « Klaubert’s Blog – The squid web cache include a authenticator for kerberos, it is simple to use, but the documentation is not very clear about how to make it work. Below some steps use by me to make Squid 3.0 Stable1 and Squid 2.6 Stable17 authenticate against Active Directory (Windows 2003 Directory Service) and also to make it make the authorization using Ldap. This setup was not used in production environment yet, so its possible to had some problems not seen by me or scalabilities issues.
  • active directory – Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP – Server Fault – This is setup with Squid 3.0, has also been tested with Squid 3.1 and should work with Squid 2.7. Your Windows user must be a member of the SQUID_USERS group in Active Directory (for this case anyway).

    On the Windows side, Windows XP and Windows 2007 have been tested against Windows 2008, and Windows XP against Windows 2003.

  • Open vSwitch – What is Open vSwitch?

    Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.

  • 21 Ruby Tricks You Should Be Using In Your Own Code – 2009 Update: This post was written in early 2008 and looking back on it, there are a couple of tricks that I wouldn't recommend anymore – or to which extra warnings need to be added. I've added paragraphs like this where necessary. Enjoy! 🙂

Bookmarks for 4 nov 2011 from 16:39 to 16:41

These are my links for 4 nov 2011 from 16:39 to 16:41:

  • What is FreeIPA? – FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 (formerly known as Fedora Directory Server), MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools.
    In IPA v2 we added DNS and Dogtag Certificate Server, enhanced administrative framework, added support for host identities, netgroups, automount per location and more.
  • FreeIPA and Samba 3 Integration – techslaves.org – FreeIPA makes a pretty excellent backend for Samba 3. While all the information one needs to set this up is available online, I wasn’t able to find it all  in one location so I’ve decided to try my best at filling that gap here on techslaves.org. Hopefully this short guide will aid those trying to piece together the various parts necessary to integrate FreeIPA v2 and Samba 3, at least until FreeIPA v3 where there is talk of enabling Samba integration with a simple command line argument to the “ipa-server-install” script.
  • Time Navigator HA Cluster Agent Configuration – techslaves.org – I’ve been wanting to post about a configuration that allows for seamless file-level backup of storage attached to an active/passive high availability cluster in an uninterrupted fashion using Atempo’s Time Navigator and I’m finally going to do it.

Bookmarks for 9 giu 2011 through 14 giu 2011

These are my links for 9 giu 2011 through 14 giu 2011:

  • Main Page – WPKG | Open Source Software Deployment and Distribution – WPKG is an automated software deployment, upgrade and removal program for Windows.<br />
    It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations.<br />
    It can run as a service to install software in the background (silent install), without user interaction.<br />
    It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.<br />
    WPKG is open source software
  • sadms.objectif-libre.com – SADMS is a free software programme. It takes care of handling configuration to achieve the integration of GNU/Linux hosts to an Active Directory domain. GNU/Linux hosts become Windows domain hosts and Windows domain users become GNU/Linux users.
  • GNS3 | Graphical Network Simulator – What is GNS3 ?<br />
    <br />
    GNS3 is a graphical network simulator that allows simulation of complex networks.<br />
    (Cisco IOS emulation)

Bookmarks for 26 apr 2011 from 02:00 to 14:52

These are my links for 26 apr 2011 from 02:00 to 14:52:

  • Putty, Active Directory and Kerberos – […] This is a short and simple tutorial about setting up Kerberos authentication with putty and Active Directory. […]
  • Checkpoint HA Nagios monitoring – […] For a number of reasons I need to be able to know which firewall is the active on in a Checkpoint cluster. I’d like to be notified when the active node switches to the secondary box […]
  • Michele’s blog " Active Directory and Apache Kerberos … – […] In this article I’ll explore how to set up an Apache web server on a Linux Debian box (squeeze testing as of 05/2009) with kerberos authentication integrated with Active Directory on Windows 2003R2 […]
  • Integrating Active Directory and Squid3 – […] Here’s my third and probably last post on a topic about AD integration and linux. This time around the goal is to have Kerberos authentication integrated with Squid, so that users do not have to be prompted for additional authentication when surfing the web[…]
  • 500 Internal Server Error – 500 Internal Server Error