Post tagged: service

Let's Encrypt

This is a service that let's you get SSL certificates for HTTPS. These certificates are trusted by major browsers. See Let's Encrypt This is a barebones howto to get SSL certificates: git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt This contains the client software for let's encrypt. ./letsencrypt-auto certonly --manual This will start by updating and getting any needed dependencies and then jump to a wizard like configuration to get this done. Follow the prompts and pay special attention on the prompt used to validate your domain. (You need to create a couple of folders and a file with the right content). Afterwards your certificates will be in: ...

Enable local file caching for NFS share on Linux

In Linux, there is a caching filesystem called FS-Cache which enables file caching for network file systems such as NFS. FS-Cache is built into the Linux kernel 2.6.30 and higher. In order for FS-Cache to operate, it needs cache back-end which provides actual storage for caching. One such cache back-end is cachefiles. Therefore, once you set up cachefiles, it will automatically enable file caching for NFS shares. ...

Native Kerberos Authentication with SSH

This article is about integrating OpenSSH in a kerberos environment. Allthough OpenSSH can provide passwordless logins (through Public/Private keys), it is not a true SSO set-up. This article makes use of Kerberos TGT service to implement a true SSO configuration for OpenSSH. Pre-requisites First off, you'll need to make sure that the OpenSSH server's Kerberos configuration (in /etc/krb5.conf) is correct and works, and that the server's keytab (typically /etc/krb5.keytab) contains an entry for host/fqdn@REALM (case-sensitive). I won't go into details on how this is done again; instead, I'll refer you to any one of the recent Kerberos-related articles (like this one, this one, or even this one). Just be sure that you can issue a kinit -k host/fqdn@REALM and get back a Kerberos ticket without having specify a password. (This tells you that the keytab is working as expected.) ...

First steps...

So finally took the time to re-launch the 0ink web site. This time used more off-the shelf software. So this site is just a another plain wordpress powered site. Actually I have to thank my son for introducing me to wordpress. What happened is that my son, who is only seven wanted to have his own web site. (Due to peer pressure, kids these days...) He has an Android tablet that he uses quite often. Since I knew that wordpress can be ...