Post tagged: authentication

nginx's auth_request_module howto

This article tries to supplement the nginx documentations regarding the auth_request module and how to configure it. In my opinion, that documentation is a bit incomplete.

What is the nginx's auth_request module

The documentation for this module says, it implements client authorization based on the result of a subrequest.

This …

VNC desktop

IDEA:

Client connects >
        < server sends version string (Use 3.3 only)
Client replies with actual verison string >
        < server sends security type; NONE
Client send ClientInit (shared flag) > 
        < sever sens ServerInit (server details) WxHxD Name
=== standard stuff ===

2 VERSIONS

  • kiosk
  • unmodified vncviewer connects to a multiplexer screen
  • server (in inetd mode …

Deploying Kerberos based SSO

This article goes over how to implement Single-Sign-On on Linux. It goes over the integration around the Kerberos service and the applications, like for example FireFox.

Pre-requisites

  • Kerberos Domain Controller (KDC)
  • User accounts in the KDC
  • KDC based logins

To make sure that this is working, login to your workstation …

Kerberos Client

This simple mini how-to goes over the configuration of a linux system so it can use a Kerberos Realm server for authentication.

  1. Make sure you have the pam_krb5 rpm files installed. You can check this by running the rpm -qa | grep pam command and seeing whether the pam_krb5 rpm files …

Chrome Kerberos Authentication

To config chrome to use kerberos authentication you need to start the application the following parameter:

  • auth-server-whitelist - Allowed FQDN - Set the FQDN of the IdP Server. Example: chrome --auth-server-whitelist="*aai-logon.domain-a.com"

  • auth-negotiate-delegate-whitelist - For which FQDN credential delegation will be allowed.

References:

Kerberos howtos

Kerberos is a network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. (Source Kerberos_(protocol) )

Backups

Create backup:

kdb5_util dump _dump_file_

Restore from dump file:

kdb5_util load _dump_file_

Master/Slave …

Native Kerberos Authentication with SSH

This article is about integrating OpenSSH in a kerberos environment. Allthough OpenSSH can provide passwordless logins (through Public/Private keys), it is not a true SSO set-up. This article makes use of Kerberos TGT service to implement a true SSO configuration for OpenSSH.

Pre-requisites

First off, you'll need to make …