The Java bindings for the Network Security Services (NSS) Library is called JSS. NSS provides a key management scheme that is different enough from both standard Java and OpenSSL that trying to do standard Java Socket operations using the Apache HttpClient requires a little bit of extra work.
The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA
version 2.0.
FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
and command-line administration tools.
I’ve posted this before, buyt now that I have better source code formatting, I’ll repost. This converts a mac address to a link only IPv6 address.
Continue readingFreeIPA makes Kerberos a lot less painful.
The below is my notes on how DNS is used. This document is neither accurate nor authoritative, just meandering. You’ve been warned.
From what we are seeing and what I’ve read, the browser seems to send a JSON request with no Auth info, and then the whole SPEGNO handshake takes place, turning what should be a single request response into (at a minimum) two. It seems to me that we should be able to avoid that after the initial auth has taken place.
Is there any way to cache SPEGNO information such that successive JSON RPC calls provide the needed information automatically, instead of requiring multiple round trips per request?
Any Fedora people worked with this stuff and know how to optimize it? Do I need to revert to a Cookie based approach?
With the release of Fedora 13, I have a new target OS for software. In order to deal with the vagaries of installs, I have come to the pattern of creating one VM per target OS, which I get to the starting point, and then clone that for any actual work.
Say you want to set up postgres for use with a web application. If you are running on the same server here’s what you need to do:
This little script will give you the ipv4 address for a given network interface, or list all of them if you leave the parameter blank:
#!/bin/bash
INTERFACE=$1
/sbin/ifconfig $INTERFACE | grep “inet addr” | cut -d\: -f 2 | cut -d” ” -f 1
Call it like this:
~/bin/interface2addr eth0
I’ve been porting our Active Directory based LDAP scripts to OpenLDAP.
Here’s what I have so far: