Host based access control with Red Hat Enterprise Linux 6

I was working on some more Yubikey token implementations last night and I was asked “How can I only let people in a specific user group login to my server?”

This is the perfect example of what “host based access control” is designed to address.

Every operating system will use host based access control at some point.

If you take Microsoft Windows for example, you will be unable to login to a server unless your user is a member of a specific security group.
With Microsoft Windows, the host based access control, or HBAC as it is commonly referred to, is managed by Active Directory.

With Red Hat Enterprise Linux, HBAC can be managed in a similar way if you are using the FreeIPA identity management solution.

Of course, not everyone has a straight forward homogeneous infrastructure.
For example, many of you may have your Linux infrastructure directly connected to Microsoft Active Directory as your identity management solution.
Continue reading “Host based access control with Red Hat Enterprise Linux 6” »

Authenticating Apache Virtual Hosts with Kerberos

Below is a quick walk through on setting up an Apache virtual host with kerberos authentication.

If you use or are looking to integrate single sign on into your websites or web based applications in your environment, this will be for you.

Example Details

In this article I will be setting up a new website called mysite.example.com, using the below details.

Web Server Name: web01.example.com
Web Server Operating System: Red Hat Enterprise Linux 6.3
Kerberos Realm: EXAMPLE.COM
Kerberos Username: testuser

Continue reading “Authenticating Apache Virtual Hosts with Kerberos” »

Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6

I am really very pleased to be writing this article as I’ve been wanting to see this functionality ever since I first started getting into FreeIPA and using Yubikeys.

If you are are Yubikey user/admin, chances are you are a little, if not very, frustrated that there is no simple way to centrally manage your users and key tokens.

The way most One Time Password(OTP) solutions work is based on a central server which maps a token to a user. Yubico however, use a local text file on each individual system, which map a username to a specific key token. This is a very clunky method, especially if you are managing very large numbers of servers.

Well, with a bit of work, and with huge thanks to Michal Ludvig, we now have a way of integrating Yubikey’s directly into an LDAP based directory server.

I came across his article on a Google+ post detailing how he has provided a way for this to become reality. I am still unbelievably impressed.
You can read his original article here. http://www.logix.cz/michal/devel/yubikey-ldap/


I have absolutely no intention of trying to steal any thunder away from what Michal has done here. It is truly fantastic.
In this article, I am simply providing a very quick and easy way of storing Yubikey token ID’s inside of FreeIPA 3.0 on Red Hat Enterprise Linux 6.4 (Beta)

I would also like to thank Gavin Spurgeon for his help in clarifying the inner workings of how the integration happens, specifically with FreeIPA as it was not as straight forward as I anticipated.

Continue reading “Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6” »

Creating a PXE Deployment server with Red Hat Enterprise Linux 6

If you currently don’t have any structured means of managing deployments of Standard Operating Environments (SOE’s) in your organization, I seriously urge you to read on as learning how to deploy images over a network connection will save you a huge amount of time.

This guide will walk you through setting up a PXE boot server for you to deploy any form of network bootable operating systems.

A bit of background on this topic as to new users this will or is already a very confusing topic.
For starters, there is no such software called a “pxe server”. A PXE implementation is simply a combination of DHCP and a normal TFTP Server. The reason it is called PXE is because this is an acronym for “Preboot Execution Environment”.

Continue reading “Creating a PXE Deployment server with Red Hat Enterprise Linux 6” »

Deploying a replicated NAS solution using Red Hat Storage Server 2.0

Before I begin, I’d like to thank Gavin Spurgeon for his assistance in verifying my work and assisting in my understanding of the technologies used here. Up until recently this technology was a new topic for me. Thanks Gav.

All customers who have any sized infrastructure, be it large or small, will require a storage solution of some form. The solution of choice will always be subject to finding the right solution for the job. This could be a standard file server for small customers, a NAS (Network Attached Storage) or in the case of medium to large sized infrastructures, even a Fibre Channel or iSCSI SAN (Storage Area Network).

This article will focus specifically on NAS type solutions, however will reference in comparison to file servers and SAN solutions in parts.
Continue reading “Deploying a replicated NAS solution using Red Hat Storage Server 2.0” »