Red Hat

Host based access control with Red Hat Enterprise Linux 6

I was working on some more Yubikey token implementations last night and I was asked “How can I only let people in a specific user group login to my server?”

This is the perfect example of what “host based access control” is designed to address.

Every operating system will use host based access control at some point.

If you take Microsoft Windows for example, you will be unable to login to a server unless your user is a member of a specific security group.
With Microsoft Windows, the host based access control, or HBAC as it is commonly referred to, is managed by Active Directory.

With Red Hat Enterprise Linux, HBAC can be managed in a similar way if you are using the FreeIPA identity management solution.

Of course, not everyone has a straight forward homogeneous infrastructure.
For example, many of you may have your Linux infrastructure directly connected to Microsoft Active Directory as your identity management solution.
Continue reading “Host based access control with Red Hat Enterprise Linux 6” »

Authenticating Apache Virtual Hosts with Kerberos

Below is a quick walk through on setting up an Apache virtual host with kerberos authentication.

If you use or are looking to integrate single sign on into your websites or web based applications in your environment, this will be for you.

Example Details

In this article I will be setting up a new website called mysite.example.com, using the below details.

Web Server Name: web01.example.com
Web Server Operating System: Red Hat Enterprise Linux 6.3
Kerberos Realm: EXAMPLE.COM
Kerberos Username: testuser

Continue reading “Authenticating Apache Virtual Hosts with Kerberos” »

Deploying a software based Load Balancer using IPVS with Red Hat Enterprise Linux 6

From time to time, you may have a requirement for looking into or even deploying a Load Balancing solution which will allow you to scale your platform to a larger implementation than what an individual server could give you.

You may have or be looking into deploying a farm of web servers, proxy servers or any other type of platform. All of which may be stand alone installations however you wish to achieve a single point of communication for your users.

If we take a web server environment for an example,
Lets say we would like to have www.example.com always present yet scalable and redundant for future growth. If we have this website running on a single web server, we have not only have a single point of failure, but we also have a limitation on capacity as we only have the local resources of that one server to scale with.

Continue reading “Deploying a software based Load Balancer using IPVS with Red Hat Enterprise Linux 6” »

Deploying a replicated NAS solution using Red Hat Storage Server 2.0

Before I begin, I’d like to thank Gavin Spurgeon for his assistance in verifying my work and assisting in my understanding of the technologies used here. Up until recently this technology was a new topic for me. Thanks Gav.

All customers who have any sized infrastructure, be it large or small, will require a storage solution of some form. The solution of choice will always be subject to finding the right solution for the job. This could be a standard file server for small customers, a NAS (Network Attached Storage) or in the case of medium to large sized infrastructures, even a Fibre Channel or iSCSI SAN (Storage Area Network).

This article will focus specifically on NAS type solutions, however will reference in comparison to file servers and SAN solutions in parts.
Continue reading “Deploying a replicated NAS solution using Red Hat Storage Server 2.0” »

How to backup / restore FreeIPA 2.2.0 on Red Hat Enterprise Linux 6

FreeIPA is a new technology which gives you many features in the areas of Identity management, host based security control as well as user based security control over your Linux infrastructure.

FreeIPA is designed to give centralised management capabilities over Linux, in a way similar to Microsoft Active Directory has over a Windows estate.

If you would like to find out more about FreeIPA, head across to the project wiki which you can find here.

For those of you who are already running FreeIPA, and looking for information about backing up and restoring your environment. Please read on.

Continue reading “How to backup / restore FreeIPA 2.2.0 on Red Hat Enterprise Linux 6” »