Simple SSSD Configuration with eDirectory on SUSE

SUSE Linux, Tech, Uncategorized
Two Factor Authentication is a lofty goal for any linux administrator. ┬áIf you're lucky enough to have access to an NetIQ eDirectory server, hardware based two factor authentication is closer than you think. Tutorial on how to use SSSD (pronounced Triple "S" D) as a cross Linux platform (RHEL, SLES, Ubuntu, et. al) authentication agent instead of painful and often times disparate pam_ldap and sudoers configurations. Centralized user and group management using existing directory infrastructure. Learn how centrally store SSH key and sudoer configurations in LDAP. No more having to copy your SSH key to each new server. Create a SSH Key based single sign on solution. Your sudo commands are authenticated against your Directory. Expand the configuration of SSSD clients for 2 factor authentication using a HOTP configured YubiKey…
Read More

Difference Between DER and PEM Certificate Encoding

There are two main methods for encoding certificate data. DER = Binary encoding for certificate data PEM = The base64 encoding of the DER encoded certificate, with a header and footer lines added. DER DER: (Distinguished Encoding Rules) is a subset of BER encoding providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in cryptography, and ensures that a data structure that needs to be digitally signed produces a unique serialized representation. PEM PEM: (Privacy-enhanced Electronic Mail) Simply a US-ASCII by base64 encoded DER certificate, certificate request, or PKCS#7, enclosed between typical PEM delimiters. ie "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". PEM is an abbreviation for Privacy Enhanced Mail (RFC 1421 - RFC 1424), an early standard…
Read More