Simple SSSD Configuration with eDirectory on SUSE

SUSE Linux, Tech, Uncategorized
Two Factor Authentication is a lofty goal for any linux administrator.  If you're lucky enough to have access to an NetIQ eDirectory server, hardware based two factor authentication is closer than you think. Tutorial on how to use SSSD (pronounced Triple "S" D) as a cross Linux platform (RHEL, SLES, Ubuntu, et. al) authentication agent instead of painful and often times disparate pam_ldap and sudoers configurations. Centralized user and group management using existing directory infrastructure. Learn how centrally store SSH key and sudoer configurations in LDAP. No more having to copy your SSH key to each new server. Create a SSH Key based single sign on solution. Your sudo commands are authenticated against your Directory. Expand the configuration of SSSD clients for 2 factor authentication using a HOTP configured YubiKey…
Read More

Developing a Windows 7 SP1 Image

Tech
Step 1 - Software Needed Get a Windows 7 SP1 installation media. For this article I'll be using a Windows 7 SP1 Enterprise 32 bit version of Windows. The Windows® Automated Installation Kit (AIK) for Windows® 7 http://www.microsoft.com/download/en/confirmation.aspx?id=5753 This file downloads as: KB3AIK_EN.iso The Windows Automated Installation Kit (AIK) Supplement for Windows 7 SP1 is an optional update to AIK for Windows 7 that helps you to install, customize, and deploy the Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 family of operating systems. http://www.microsoft.com/download/en/details.aspx?id=5188 The release I've downloaded was released on 2/21/2011 and downloads as waik_supplement_en-us.iso 7zip - used to extract files from the iso images. Step 2 Install Windows 7 using default settings. We will customize this install. I'm using a virtual machine running in VMware…
Read More

PFX (p12) Certificate Conversion

Personal, Public Key Infrastructure ( PKI ), Tech
What is a PFX CertificatePKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.Convert PFX to PEMThis command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.Export ALL: Public Certificates, Private Keys, and CA Chain as single certificateEncrypt private key with a password[crayon-5a2ffe6290cb2531079604/]Do not encrypt private key[crayon-5a2ffe6290cbb941961555/]Export Public Certificate from…
Read More

How to Extract an RPM Without Installing

Tech
To extract or "unbuild" and RPM so you can see its files you have to use two programs.  The first is rpm2cpio, the second is cpio. rpm2cpio: Extract cpio archive from RPM Package Manager (RPM) package. cpio - allows a user to copy file to and from an archive. [code lang="bash" title="Do this as root"]linux:/tmp/rpmsource# rpm2cpio <>.src.rpm | cpio -idmv [/code] Explanation: rpm2cpio takes the rpm and runs the extraction that is then piped through cpio to extract the files to a local directory.   FLAGS: -i extract, -d make directories where needed, -m preserve modification time, -v verbose mode will list the names of the files as they are extracted. I'm not sure if this will work for non-src rpms.
Read More

eDirectory Photo Attributes

Novell, Tech
** This post is pretty incomplete, I gave up on it.   But there is enough info here that may be usefull** eDirectory has several attributes for photos, here are the raw schema attributes from an eDirectory install from iMonitor.  An interesting note is that ldapPhoto and photo have the same OID.  Because the syntax is Octet String I think that the photos can be stored as either Binary Data or as a Base64 encoded representation of the image. Attribute Name Flags Syntax Lower Limit Upper Limit OID Used By Class jpegPhoto Sync. Immediate Octet String 0 4294967295 0.9.2342.19200300.100.1.60 User ldapPhoto Sync. Immediate Octet String 0 4294967295 0.9.2342.19200300.100.1.7 User photo Sync. Immediate Octet String 0 4294967295 0.9.2342.19200300.100.1.7 Person Using and populating these attributes can be tricky.  If you use Identity Manager,…
Read More

Truly Great Regex Tool

Tech
It isn't very often that you come across a tool that is truly unique in what it does and is so complete that you abandon all other tools you've accumulated over time in favor of that one tool that just works. I came across a regular expression builder that had me deleting all of my bookmarks for other builders. It is amazingly complete for everything I've ever needed in the world of regex. http://RegExr.com it is built using adobe flex and has an amazingly easy to user interface. [caption id="attachment_134" align="aligncenter" width="300" caption="Regular Expression Builder"][/caption] This tool has a real time view of what your regular expression is doing. It handles both matching and replacing.
Read More