Identity Management

Authenticating Apache Virtual Hosts with Kerberos

Below is a quick walk through on setting up an Apache virtual host with kerberos authentication.

If you use or are looking to integrate single sign on into your websites or web based applications in your environment, this will be for you.

Example Details

In this article I will be setting up a new website called mysite.example.com, using the below details.

Web Server Name: web01.example.com
Web Server Operating System: Red Hat Enterprise Linux 6.3
Kerberos Realm: EXAMPLE.COM
Kerberos Username: testuser

Continue reading “Authenticating Apache Virtual Hosts with Kerberos” »

Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6

I am really very pleased to be writing this article as I’ve been wanting to see this functionality ever since I first started getting into FreeIPA and using Yubikeys.

If you are are Yubikey user/admin, chances are you are a little, if not very, frustrated that there is no simple way to centrally manage your users and key tokens.

The way most One Time Password(OTP) solutions work is based on a central server which maps a token to a user. Yubico however, use a local text file on each individual system, which map a username to a specific key token. This is a very clunky method, especially if you are managing very large numbers of servers.

Well, with a bit of work, and with huge thanks to Michal Ludvig, we now have a way of integrating Yubikey’s directly into an LDAP based directory server.

I came across his article on a Google+ post detailing how he has provided a way for this to become reality. I am still unbelievably impressed.
You can read his original article here. http://www.logix.cz/michal/devel/yubikey-ldap/

 

I have absolutely no intention of trying to steal any thunder away from what Michal has done here. It is truly fantastic.
In this article, I am simply providing a very quick and easy way of storing Yubikey token ID’s inside of FreeIPA 3.0 on Red Hat Enterprise Linux 6.4 (Beta)

I would also like to thank Gavin Spurgeon for his help in clarifying the inner workings of how the integration happens, specifically with FreeIPA as it was not as straight forward as I anticipated.

Continue reading “Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6” »

How to backup / restore FreeIPA 2.2.0 on Red Hat Enterprise Linux 6

FreeIPA is a new technology which gives you many features in the areas of Identity management, host based security control as well as user based security control over your Linux infrastructure.

FreeIPA is designed to give centralised management capabilities over Linux, in a way similar to Microsoft Active Directory has over a Windows estate.

If you would like to find out more about FreeIPA, head across to the project wiki which you can find here.

For those of you who are already running FreeIPA, and looking for information about backing up and restoring your environment. Please read on.

Continue reading “How to backup / restore FreeIPA 2.2.0 on Red Hat Enterprise Linux 6” »

Managing FreeIPA replication agreements

Over the last few days I’ve done a couple of articles specific for setting up FreeIPA for a centralized Identify Management solution.

You can find articles on setting up FreeIPA from scratch here, and setting up multi-master replication here.

One thing that FreeIPA does differently to Microsoft Active Directory domain controllers, is by default, a new domain replica will not automatically replicate with every other directory server within the domain.
Tonight’s article is all about setting up your FreeIPA directory servers to replicate with the server or servers of your choosing.

Continue reading “Managing FreeIPA replication agreements” »

Setting up Multi-Master replication of FreeIPA Directory servers

Last night I published an article on how to set up a FreeIPA Identity Management server. You can find the article here

Today, lets take things one step further by adding redundancy into the equation. If you are familiar with Microsoft Active Directory and how Windows Domain Controllers replicate between each other, this article will show you how to set up FreeIPA to achieve the same goal.

Continue reading “Setting up Multi-Master replication of FreeIPA Directory servers” »