This recipe is for tunneling NFS traffic over SSH. This adds encryption and Public Key authentication to otherwise insecure NFS traffic. For this recipe to work, requires NFSv4. Earlier versions were not tested, but I expect not all the functionality to work. server configuration ...
This recipe is to authenticate users using a web server providing Basic HTTP authentication for it users. This is useful if you want to consolidate users/passwords in a single system. So instead of managing users on Home Assistant you can have all users managed from a central location. ...
photoprism is a web based photo management application. From its website: PhotoPrism® is an AI-Powered Photos App for the Decentralized Web. It makes use of the latest technologies to tag and find pictures automatically without getting in your way. You can run it at home, ...
This article tries to supplement the nginx documentations regarding the auth_request module and how to configure it. In my opinion, that documentation is a bit incomplete. What is the nginx's auth_request module The documentation for this module says, it implements client ...
IDEA: Client connects > < server sends version string (Use 3.3 only) Client replies with actual verison string > < server sends security type; NONE Client send ClientInit (shared flag) > ...
This article goes over how to implement Single-Sign-On on Linux. It goes over the integration around the Kerberos service and the applications, like for example FireFox. Pre-requisites ...
This simple mini how-to goes over the configuration of a linux system so it can use a Kerberos Realm server for authentication. Make sure you have the pam_krb5 rpm files installed. You can check this by running the rpm -qa | grep pam command and seeing whether the pam_krb5 rpm files are listed. If they aren't, you can typically download them in an update of the Linux or Unix operating system that you are running. ...
To config chrome to use kerberos authentication you need to start the application the following parameter: auth-server-whitelist - Allowed FQDN - Set the FQDN of the IdP Server. Example: chrome --auth-server-whitelist="*aai-logon.domain-a.com" auth-negotiate-delegate-whitelist - For which FQDN credential delegation will be allowed. ...
Some useful tidbits to use when using the OpenWRT embedded web server (uHTTPD). Embedded Lua uHTTPd supports running Lua in-process, which can speed up Lua CGI scripts. It is unclear whether LuCI supports running in this embedded interpreter. LuCI seems to work fine (if not better) with the embedded ...
This article is about integrating OpenSSH in a kerberos environment. Allthough OpenSSH can provide passwordless logins (through Public/Private keys), it is not a true SSO set-up. This article makes use of Kerberos TGT service to implement a true SSO configuration for OpenSSH. Pre-requisites First off, you'll need to make sure that the OpenSSH server's Kerberos configuration (in /etc/krb5.conf) is correct and works, and that the server's keytab (typically /etc/krb5.keytab) contains an entry for host/fqdn@REALM (case-sensitive). I won't go into details on how this is done again; instead, I'll refer you to any one of the recent Kerberos-related articles (like this one, this one, or even this one). Just be sure that you can issue a kinit -k host/fqdn@REALM and get back a Kerberos ticket without having specify a password. (This tells you that the keytab is working as expected.) ...
Kerberos is a network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. (Source Kerberos_(protocol) ) Backups Create backup: ...
A collection of small useful recipes for using with Git. Rewriting history Rolling back the last commit if nobody has pulled your remote repo yet, you can change your branch HEAD and force push it to said remote repo: git reset --hard HEAD^ git push -f ...