On 2014-07-08 FreeIPA 4.0 was released. One of the most interesting new features is the support of two factor authentication (2FA). I was curious about how to set it up and get it running. Unfortunately the documentation does not tell much about the OTP setup. What is OTP and 2FA? An overview OTP stands for One Time Password and 2FA for two factor authentication. OTP is available since long time, in the beginning usually as a list of passwords printed ….Read More
Category: Infrastructure
Intercepting proxies and spacewalk-repo-sync
More and more companies are using intercepting proxies to scan for malware. Those malware scanners can be problematic due to added latency. If you using spacewalk-repo-sync to synchronize external yum repositories to your custom software channels and experience the famous message [Errno 256] No more mirrors to try in your log files, then you need to configure spacewalk-repo-sync. Unfortunately the documentation for that is a bit hidden in the man page. You need to create a directory and create a ….Read More
PAM and IPA authentication for RHN Satellite
If you have a larger installation on your site, you may wish to have a single source of credentials not only for common system services, but for your RHN Satellite too. This will show you how to configure your RHN Satellite Server to use PAM with SSSD. SSSD, the System Security Services Daemon is a common framework to provide authentication services. Needless to say that IPA is supported as well. Assumptions: You have a RHN Satellite running on RHEL6 You ….Read More
Identity Management with IPA Part II – Kerberized NFS service
In part one I was writing how to set up an IPA server for basic user authentication. One reason NFSv4 is not that widespreaded yet, is it needs Kerberos for proper operation. Of course this is now much easier thanks to IPA. Goal for the part of the guide Configure IPA to serve the NFS principle Configure NFS to use IPA Configure some IPA clients to use Kerberos for the NFS service Requirements A runing IPA service like discussed in ….Read More
Identity Management with IPA Part I
Red Hat released RHEL 6.2 on December 6th. From my point of view, the greatest news in the release is that IPA (or now called Identity Management) is now fully supported and available in the RHEL 6 base channel without additional subscription costs. Upstream project is freeIPA and is available trough the default Fedora repos. About central Identity Management IPA stands for Identification, Auditing, Policy. The focus in this article is on identification of users. In the past, there have ….Read More
Cross distribution system management with Spacewalk
In a perfect world, all systems in a data centre are running the same Linux operating system, a homogeneous system landscape. In real life things are working differently. Windows systems are out of focus in this post, lets concentrate on Linux systems. Most companies with a large Linux base are either RHEL shops or using SLES. A lot of RHEL users have some SLES systems running and so are SLES users running some RHEL systems. Some companies have additional systems ….Read More
Implement a high available Cobbler provisioning system
A not so well known feature of Cobbler is its replication facility. It allows you to create a high available system provisioning system. The whole set up is straight forward. Background Today people tend to NOT backup systems, only data is being backed up. In the case of a system failure, they just re-provisioning the system and automatically configure it with configuration management tools such as Puppet, CFengine or RHN Satellite. You not only need to have your configuration management ….Read More
SUSE Manager based on Fedora Spacewalk
SUSE announced the availability of SUSE manager. Having a closer look to it, one recognizes it is based on Fedora Spacewalk. It is a clone of the Red Hat Satellite. A few weeks ago I was puzzled to see a post on the spacewalk-devel mailing list. SUSE was contributing some code. What the heck? Now it is clear, they are using Spacewalk as there source for its own product. Spacewalk is no longer just the upstream of RHN Satellite, but ….Read More