Red Hat Enterprise Linux

Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6

I am really very pleased to be writing this article as I’ve been wanting to see this functionality ever since I first started getting into FreeIPA and using Yubikeys.

If you are are Yubikey user/admin, chances are you are a little, if not very, frustrated that there is no simple way to centrally manage your users and key tokens.

The way most One Time Password(OTP) solutions work is based on a central server which maps a token to a user. Yubico however, use a local text file on each individual system, which map a username to a specific key token. This is a very clunky method, especially if you are managing very large numbers of servers.

Well, with a bit of work, and with huge thanks to Michal Ludvig, we now have a way of integrating Yubikey’s directly into an LDAP based directory server.

I came across his article on a Google+ post detailing how he has provided a way for this to become reality. I am still unbelievably impressed.
You can read his original article here. http://www.logix.cz/michal/devel/yubikey-ldap/

 

I have absolutely no intention of trying to steal any thunder away from what Michal has done here. It is truly fantastic.
In this article, I am simply providing a very quick and easy way of storing Yubikey token ID’s inside of FreeIPA 3.0 on Red Hat Enterprise Linux 6.4 (Beta)

I would also like to thank Gavin Spurgeon for his help in clarifying the inner workings of how the integration happens, specifically with FreeIPA as it was not as straight forward as I anticipated.

Continue reading “Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6” »

Configuring Syslog in Red Hat Enterprise Linux 6

So, I was having a discussion with a friend who has requested a few articles on systems monitoring. As many monitoring solutions utilize central logging, I thought I would start off with a good old fashioned Syslog server.

In this example, I use the below details

Syslog Server: syslog.example.com
Client Server: server01.example.com

Continue reading “Configuring Syslog in Red Hat Enterprise Linux 6” »

Adding Yubikey 2 factor authentication to your Red Hat Enterprise Linux estate

A few weeks ago I covered how to integrate the YubiRadius Virtual Appliance into FreeIPA which you can find here, or Microsoft Active Directory which you can find here.

This article is a really quick walk though on how to take your authentication one step further, and add 2 factor authentication into the same process for your Red Hat Enterprise Linux server estate.

Continue reading “Adding Yubikey 2 factor authentication to your Red Hat Enterprise Linux estate” »

Auto-creation of user home directories in Linux

Many of my viewers are seeking to find some information on “oddjob”, so I thought I might give some details that should help clear the air.

All Linux distributions that I have ever tested are subject to this situation, however please don’t see this as a problem. It is merely something that has not been configured (yet, as it is entirely optional).

If you have ever created a local user on a Linux system, you will find that the home directory for the new user is automatically created for you. As a user or an admin of the system in question, no further work needs to be performed.

However, many people in production environments integrated their Linux servers into some form of Identity Management solution.

This could be Microsoft Active Directory, Red Hat Directory Server, FreeIPA, or one of many other forms of IDM.

Continue reading “Auto-creation of user home directories in Linux” »