Ansible is a great orchestration tool. Ansible Tower is the enterprise version of Ansible adding features like a WebUI, RestAPI and others. Tower has also some features like role-based access control allowing to control which user is allowed to run which playbooks on which infrastructure, servers and so on. In larger environments, this is not ….Read More
Year: 2016
FreeIPA and Selective 2FA with Kerberos Authentication Indicators
One of the major new features in FreeIPA 4.4 is the introduction of Authentication Indicators in Kerberos tickets. This allows you to selectively enforce 2FA. Usecases Usually a Linux environment consists on a lot of different services. Some of them are security sensitive such as payroll systems while others are more relaxed such as simple ….Read More
Migrating from CentOS7 to RHEL7
There are various reasons why to migrate from CentOS to RHEL. Quicker access to bugfixes and new minor releases as well as having a fully commercially supported system. There are different tutorial on the net how to migrate from RHEL to CentOS but almost no information about the other way round. It is quite simple ….Read More
Using (Free)IPA ID-Views with LDAP for your legacy servers
Having pain with user authentication on your old legacy Unix servers? Here comes the solution: ID-Views via LDAP. If you need to preserve UID/GID or other stuff like shell on some legacy servers but want to have the benefits of a centrally managed identity management, then ID-Views is the answer. Since legacy servers usually do ….Read More
Integrate IPA in your Web application i.e. WordPress
Tired of log in to your favorite Web application? Integrate it with IPA, kerberize it! This blog post will guide you trough the kerberization of WordPress running on RHEL7 or Fedora. The magic is done by mod_intercept_form_submit and mod_auth_gssapi Assumptions You have a running IPA or FreeIPA infrastructure Your Kerberos REALM is EXAMPLE.COM The hostname ….Read More