Ansible is a great orchestration tool. Ansible Tower is the enterprise version of Ansible adding features like a WebUI, RestAPI and others. Tower has also some features like role-based access control allowing to control which user is allowed to run which playbooks on which infrastructure, servers and so on. In larger environments, this is not ….Read More
Author: Luc de Louw
FreeIPA and Selective 2FA with Kerberos Authentication Indicators
One of the major new features in FreeIPA 4.4 is the introduction of Authentication Indicators in Kerberos tickets. This allows you to selectively enforce 2FA. Usecases Usually a Linux environment consists on a lot of different services. Some of them are security sensitive such as payroll systems while others are more relaxed such as simple ….Read More
Migrating from CentOS7 to RHEL7
There are various reasons why to migrate from CentOS to RHEL. Quicker access to bugfixes and new minor releases as well as having a fully commercially supported system. There are different tutorial on the net how to migrate from RHEL to CentOS but almost no information about the other way round. It is quite simple ….Read More
Using (Free)IPA ID-Views with LDAP for your legacy servers
Having pain with user authentication on your old legacy Unix servers? Here comes the solution: ID-Views via LDAP. If you need to preserve UID/GID or other stuff like shell on some legacy servers but want to have the benefits of a centrally managed identity management, then ID-Views is the answer. Since legacy servers usually do ….Read More
Integrate IPA in your Web application i.e. WordPress
Tired of log in to your favorite Web application? Integrate it with IPA, kerberize it! This blog post will guide you trough the kerberization of WordPress running on RHEL7 or Fedora. The magic is done by mod_intercept_form_submit and mod_auth_gssapi Assumptions You have a running IPA or FreeIPA infrastructure Your Kerberos REALM is EXAMPLE.COM The hostname ….Read More
Setting up IPA with a specific CA cert subject
If you are doing experiments with IPA where you install and reinstall IPA servers, you may notice SSL certificate errors when connecting to an IPA server using Firefox. The reason is that always the same Organization and serial is used when the CA cert is created. Normal users are usually only affected when using the ….Read More
Updating Fedora to version 23 – how to workaround some issues
After upgrading two machines from Fedora 22 to 23 I stumbled upon some severe issues. Most of them are easy to solve. This weekend I’ve found some time to upgrade my headless router and one of my workstations. Unfortunately is did not went that smooth like the past few upgrades. No initrd created and grub ….Read More
Identity Management und 2FA mit (Free)IPA @Chemnitzer Linuxtage 2015
My first post in German, publishing the Slide Deck (in German) for my presentation about IPA and 2FA held at Chemnitzer Linux days 2015. Mein erster Post in Deutsch. Hier die Slides von meinem Vortrag an den Chemnitzer Linux Tagen 2015. Abstract: IPA ist ein Identity Management System für Linux und Unix, das stetig an ….Read More