Настройка 2-Факторной Аутентификации Для Vmware Vcloud Director Содержание 1

Total Page:16

File Type:pdf, Size:1020Kb

Настройка 2-Факторной Аутентификации Для Vmware Vcloud Director Содержание 1 Настройка 2-факторной аутентификации для VMware vCloud Director Содержание 1. Установка Keycloak Server ............................................................................................................................. 2 1.1 Установка Keycloak в качестве Docker контейнера ............................................................................... 2 1.2 Установка Keycloak Standalone на виртуальную машину с гостевой ОС Centos7 ............................... 3 1.2.1 Подготовка платформы под сервер ................................................................................................ 3 1.2.2 Установка необходимых утилит ...................................................................................................... 4 1.2.3 Установка дистрибутива Keycloak Standalone ................................................................................ 4 1.2.4 Установка Keycloak как сервис в Centos7 ........................................................................................ 5 1.3 Установка Keycloak Standalone на виртуальную машину с гостевой ОС Windows Server 2019 ........ 8 1.3.1 Подготовка платформы под сервер ................................................................................................ 8 1.3.2 Установка необходимых утилит ...................................................................................................... 8 1.3.3 Установка дистрибутива Keycloak Standalone ................................................................................ 9 1.3.4 Установка Keycloak как сервис в Windows Server 2019 ............................................................... 10 2. Настройка поддержки HTTPS для Keycloak ............................................................................................... 16 2.1 Настройки доменного имени ............................................................................................................... 17 2.2 Установка и настройка Nginx ................................................................................................................ 17 2.2.1 Установка и настройка Nginx на Docker ........................................................................................ 17 2.2.2 Установка и настройка Nginx на Centos7 ...................................................................................... 17 2.2.3 Установка и настройка Nginx на Windows Server 2019 ................................................................ 19 3. Настройка связки с vCloud Director ............................................................................................................ 23 3.1 Настройка со стороны Keycloak ............................................................................................................ 23 3.2 Выгрузка метаданных из vCloud Director ............................................................................................ 25 3.2.1 Выгрузка метаданных для версии vCloud Director 10.0.0+ ......................................................... 25 3.2.2 Выгрузка метаданных для версии vCloud Director 9.0.0 ............................................................. 26 3.3 Настройка клиента в Keycloak............................................................................................................... 27 3.4 Финальная настройка со стороны vCloud Director .............................................................................. 31 3.4.1 Финальная настройка в vCloud Director 10.0.0+ ........................................................................... 31 3.4.2 Финальная настройка в vCloud Director 9.0.0 ............................................................................... 34 3.5 Вход в vCloud Director под учетной записью Keycloak ....................................................................... 37 4. Настройка 2-факторной аутентификации с Google Authenticator ........................................................... 38 Настройка 2-факторной аутентификации для VMware vCloud Director Для аутентификации пользователей в интерфейсе VMware vCloud Director (начиная с версии 9.0.0) поддерживается функционал «SAML provider». В данном «Руководстве пользователя» рассмотрена настройка 2-факторной аутентификации при подключении пользователя к vCloud Director. Для этого используются сервер Keycloak и приложение Google Authenticator на мобильном устройстве (смартфоне). Ссылка на статью-источник: https://digaround.cloud/vcloud_2fa_google_authenticator/ 1. Установка Keycloak Server Keycloak – это ориентированный на современные применения и сервисы продукт с открытым кодом для реализации single sign-on с возможностью управления доступом. Проект сообщества JBoss находится под управлением Red Hat. Цель проекта – помощь в создании безопасных приложений и сервисов с минимальным написанием собственного кода для аутентификации. Существуют несколько вариантов установки серверной части данного приложения: ▪ как готовый контейнер в Docker; ▪ Standalone версия на операционную систему Linux; ▪ Standalone версия на операционную систему Windows. Системные требования (System Requirements) для сервиса keycloak приведены ниже. These are the requirements to run the Keycloak authentication server: ✓ Can run on any operating system that runs Java ✓ Java 8 JDK ✓ zip or gzip and tar ✓ At least 512M of RAM ✓ At least 1G of diskspace ✓ A shared external database like PostgreSQL, MySQL, Oracle, etc. Keycloak requires an external shared database if you want to run in a cluster. Please see the database configuration section of this guide for more information. ✓ Network multicast support on your machine if you want to run in a cluster. Keycloak can be clustered without multicast, but this requires a bunch of configuration changes. Please see the clustering section of this guide for more information. ✓ On Linux, it is recommended to use /dev/urandom as a source of random data to prevent Keycloak hanging due to lack of available entropy, unless /dev/random usage is mandated by your security policy. To achieve that on Oracle JDK 8 and OpenJDK 8, set the java.security.egd system property on startup to file:/dev/urando 1.1 Установка Keycloak в качестве Docker контейнера Простейшим способом запуска Keycloak будет установка его в качестве контейнера, если ваша инфраструктура уже содержит работающий сервис Docker. Для этого, запустите в сервисе Docker команду: docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:11.0.0 Руководство пользователя версия 1.2r 02_2021 2 Настройка 2-факторной аутентификации для VMware vCloud Director Keycloak готов к использованию, если в логах есть следующие строки: 07:37:29,398 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 10.0.1 (WildFly Core 11.1.1.Final) started in 67444ms - Started 689 of 994 services (708 services are lazy, passive or on-demand) Перейдите на веб-интерфейс Keycloak по ссылке: http://IP:8080/auth/admin 1.2 Установка Keycloak Standalone на виртуальную машину с гостевой ОС Centos7 Официальная документация по установке: https://www.keycloak.org/docs/latest/server_installation/index.html 1.2.1 Подготовка платформы под сервер Для установки службы Keycloak, из шаблона была развернута виртуальная машина с “чистой” операционной системой Centos7. Для управления «проброшены» порт SSH и порт 8080 для сервиса keycloak. Руководство пользователя версия 1.2r 02_2021 3 Настройка 2-факторной аутентификации для VMware vCloud Director При установке Keycloak Standalone Server на виртуальную машину, она не обязательно должна быть расположена в том же облаке, где настраивается 2-факторная аутентификация. Это может быть виртуальный/физический сервер в любой инфраструктуре с выходом в интернет и «проброшенным» на него портом 8080. 1.2.2 Установка необходимых утилит Зайдите на созданный сервер по SSH, обновите систему: yum update Установите необходимые компоненты: yum install gzip yum install tar yum install wget yum install java-1.8.0-openjdk Приложение Keycloak будет запускаться от имени пользователя keycloak. Добавьте пользователя и группу в Centos7: groupadd -r keycloak useradd -m -d /var/lib/keycloak -s /sbin/nologin -r -g keycloak keycloak Важно! Между службами vCloud Director и Keycloak должно быть синхронизировано время. Необходимо убедиться, что часовой пояс выставлен правильно и служба NTP включена: timedatectl set-timezone Europe/Kiev yum install chrony systemctl enable chronyd systemctl start chronyd 1.2.3 Установка дистрибутива Keycloak Standalone Загрузите дистрибутив отсюда: https://www.keycloak.org/downloads Вам нужна эта версия: Руководство пользователя версия 1.2r 02_2021 4 Настройка 2-факторной аутентификации для VMware vCloud Director Скачайте архив tar.gz: wget https://downloads.jboss.org/keycloak/11.0.0/keycloak-11.0.0.tar.gz Распакуйте архив: tar xzvf keycloak-11.0.0.tar.gz Создайте папку /opt/keycloak/current/ и скопируйте туда распакованный архив: mkdir /opt/keycloak/currrent cp -r /root/keycloak-11.0.0 /opt/keycloak/current Предоставьте права на папку: chown keycloak: -R /opt/keycloak cd /opt/keycloak/current sudo -u keycloak chmod 700 standalone Отредактируйте в конфигурационном файле значение IP-адреса, который будет «прослушивать» служба keycloak: nano /opt/keycloak/current/standalone/configuration/standalone.xml Найдите строку с адресом 127.0.0.1 (нажатием сочетания клавиш «ctrl+w») и замените это значение на IP-адрес виртуальной машины (в данном примере это 192.168.0.3, когда виртуальная машина расположена за NAT): Сохраните изменения и закройте редактор (нажатием сочетания
Recommended publications
  • Deploying Red Hat Openshift Container Platform 3.6 on Microsoft Azure
    Reference Architectures 2017 Deploying Red Hat OpenShift Container Platform 3.6 on Microsoft Azure Last Updated: 2018-01-12 Reference Architectures 2017 Deploying Red Hat OpenShift Container Platform 3.6 on Microsoft Azure Glenn West Ryan Cook Eduardo Minguez [email protected] Legal Notice Copyright © 2018 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Enterprise Desktop at Home with Freeipa and GNOME
    Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ([email protected]) January 30th, 2016 FOSDEM’16 Enterprise? Enterprise desktop at home with FreeIPA and GNOME 2 * almost local office network is not managed by a company’s IT department Enterprise desktop at home with FreeIPA and GNOME 3 * almost company services’ hosting is cloudy there is no one cloud to rule them all Enterprise desktop at home with FreeIPA and GNOME 4 I Home-bound identity to access local resources I Cloud-based (social networking) identities I Free Software hats to wear I Certificates and smart cards to present myself legally I Private data to protect and share * almost I have FEW identities: I A corporate identity for services sign-on I want them to be usable at the same time Enterprise desktop at home with FreeIPA and GNOME 5 I Cloud-based (social networking) identities I Free Software hats to wear I Certificates and smart cards to present myself legally I Private data to protect and share * almost I have FEW identities: I A corporate identity for services sign-on I Home-bound identity to access local resources I want them to be usable at the same time Enterprise desktop at home with FreeIPA and GNOME 6 I Free Software hats to wear I Certificates and smart cards to present myself legally I Private data to protect and share * almost I have FEW identities: I A corporate identity for services sign-on I Home-bound identity to access local resources I Cloud-based (social networking) identities I want them to be usable at the same time Enterprise desktop
    [Show full text]
  • LINUX JOURNAL | Issue 284 | March 2018
    What’s New Shell Scripting Raspberry Pi in Qubes 4 Security Alternatives Since 1994: The original magazine of the Linux community DEEP DIVE BLOCKCHAIN PLUS POSTGRESQL 10 The Latest and Most Interesting Features BITCOIN AND TAXES Cryptocurrency and Uncle Sam LINUXBOOT FOSS Project Spotlight ISSUE 284 | MARCH 2018 www.linuxjournal.com MARCH 2018 CONTENTS ISSUE 284 DEEP DIVE: Blockchain 95 Blockchain, Part I: Introduction and Cryptocurrency by Petros Koutoupis What makes both bitcoin and blockchain so exciting? What do they provide? Why is everyone talking about this? And, what does the future hold? 105 Blockchain, Part II: Configuring a Blockchain Network and Leveraging the Technology by Petros Koutoupis How to set up a private etherium blockchain using open-source tools and a look at some markets and industries where blockchain technologies can add value. 2 | March 2018 | http://www.linuxjournal.com CONTENTS 6 From the Editor—Doc Searls Help Us Cure Online Publishing of Its Addiction to Personal Data UPFRONT 18 FOSS Project Spotlight: LinuxBoot by David Hendricks, Ron Minnich, Chris Koch and Andrea Barberio 24 Readers’ Choice Awards 26 Shorter Commands by Kyle Rankin 29 For Open-Source Software, the Developers Are All of Us by Derek Zimmer 32 Taking Python to the Next Level by Joey Bernard 37 Learning IT Fundamentals by Kyle Rankin 40 Introducing Zero-K, a Real-Time Strategy Game for Linux by Oflameo 45 News Briefs COLUMNS 46 Kyle Rankin’s Hack and / What’s New in Qubes 4 52 Reuven M. Lerner’s At the Forge PostgreSQL 10: a Great New Version for a Great Database 64 Shawn Powers’ The Open-Source Classroom Cryptocurrency and the IRS 72 Zack Brown’s diff -u What’s New in Kernel Development 76 Susan Sons’ Under the Sink Security: 17 Things 86 Dave Taylor’s Work the Shell Shell Scripting and Security 178 Glyn Moody’s Open Sauce Looking Back: What Was Happening Ten Years Ago? LINUX JOURNAL (ISSN 1075-3583) is published monthly by Linux Journal, LLC.
    [Show full text]
  • Identity Management in Red Hat Enterprise Linux 8 Beta
    Identity Management in Red Hat Enterprise Linux 8 beta Dmitri Pal Director, Software Engineering, Red Hat, Inc. 09-May-2019 What is this presentation about? Let us set expectations! What is this presentation about? ● Who in the audience does not use Identity Management from Red Hat but considers it and came to learn more? What is this presentation about? ● Who in the audience does not use Identity Management from Red Hat but considers it and came to learn more? ● Who in the audience uses Identity Management in Red Hat Enterprise Linux (IdM) and wants to: ○ Learn how to get most out of the solution? ○ Find a solution to a specific problem? ○ Share their experiences about the deployments and discuss challenges and successes? What is this presentation about? ● Building identity management solution for your enterprise ● Getting the most out of your deployment ● What is next ● Staying connected Building an Identity Management solution for your enterprise What do we hear? ● How do I build my overall IdM solution for the enterprise connecting all the layers to avoid fragmentation? ● Should I use the Directory Server or IdM? What is the difference? ● What is the role of the RH-SSO? Is it the same as IdM? ● I have an existing LDAP solution and I need to consolidate around Active Directory (AD), what should I do? IdM vs. Directory Server What is IdM? ● IdM – Identity Management in Red Hat Enterprise Linux ● Based on FreeIPA open source technology ● IPA stands for Identity, Policy, Audit ○ Focused on identities and related policies ○ A separate project is ongoing in the audit space ● Built into operating system - comes with the RHEL subscription What Problems IdM Solves? ● Central management of authentication and identities for Linux clients ○ Improvement over standalone LDAP/Kerberos/NIS based solutions ○ Simplify and automate management of the infrastructure ● Gateway between the Red Hat Enterprise Linux and Active Directory.
    [Show full text]
  • Installation
    privacyIDEA Authentication System Release 2.17 Cornelius Kölbel January 10, 2017 Contents 1 Table of Contents 3 1.1 Overview.................................................3 1.2 Installation................................................3 1.3 First Steps................................................ 17 1.4 Configuration............................................... 25 1.5 Components............................................... 70 1.6 Tokenview................................................ 70 1.7 Userview................................................. 75 1.8 Policies.................................................. 79 1.9 Event Handler.............................................. 106 1.10 Audit................................................... 115 1.11 Client machines............................................. 116 1.12 Workflows and Tools........................................... 118 1.13 Application Plugins........................................... 121 1.14 Code Documentation........................................... 129 1.15 Frequently Asked Questions....................................... 254 2 Indices and tables 265 HTTP Routing Table 267 Python Module Index 269 i ii privacyIDEA Authentication System, Release 2.17 privacyIDEA is a modular authentication system. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications. Originally
    [Show full text]
  • Brno University of Technology Multi-Factor
    BRNO UNIVERSITY OF TECHNOLOGY VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ FACULTY OF INFORMATION TECHNOLOGY FAKULTA INFORMAČNÍCH TECHNOLOGIÍ DEPARTMENT OF INFORMATION SYSTEMS ÚSTAV INFORMAČNÍCH SYSTÉMŮ MULTI-FACTOR AUTHENTICATION IN WEB APPLI- CATIONS USING PAM VIAC-FAKTOROVÁ AUTENTIZÁCIA VO WEBOVÝCH APLIKÁCIACH POMOCOU PAM BACHELOR’S THESIS BAKALÁŘSKÁ PRÁCE AUTHOR MARIÁN KAPIŠINSKÝ AUTOR PRÁCE SUPERVISOR RNDr. MAREK RYCHLÝ, Ph.D. VEDOUCÍ PRÁCE BRNO 2020 Brno University of Technology Faculty of Information Technology Department of Information Systems (DIFS) Academic year 2019/2020 Bachelor's Thesis Specification Student: Kapišinský Marián Programme: Information Technology Title: Multi-Factor Authentication in Web Applications Using PAM Category: Security Assignment: 1. Study Pluggable Authentication Modules (PAM), focus on multi-factor authentication setups. Configure the multi-factor authentication for a common service (e.g., sshd) and analyse results. Study HTTP, focus on its state-less nature. 2. Investigate the possibility of using the full PAM stack in web applications, including multi- step conversations. 3. After agreement with the supervisor, develop a solution which would allow the use of the PAM conversation over the web. Create a prototype web application/setup to demonstrate the usage of the solution using FreeOTP. 4. Provide the documentation of the project, evaluate the results and discuss future work. Recommended literature: Andrew G. Morgan, Thorsten Kukuk. The Linux-PAM System Administrators' Guide [online]. Version 1.1.2, 2010. [http://linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html] Jan Humpolík. Webová aplikace využívající vícefaktorovou autentizaci [online]. Brno: Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií. 2013. [http://hdl.handle.net/11012/20728] Liliana F. B. Soares, Diogo A.
    [Show full text]
  • How to Enable Two-Factor Authentication Feature (User Web
    About 2 Factor Authentication With the 2 Factor Authentication (FA) feature you can apply additional security policies to COS and/or user accounts to provide another layer of authentication during attempts to access the system. This feature must be enabled or disabled in the Admin Console, to manage 2FA functions applicable to user mailboxes. For more information, see 2 Factor Authentication. How to enable two-factor authentication feature (User Web Client) Once the Admin has been enabled and configured the 2FA, users will see a new option under Preferences > Accounts > Account Security, called Setup two-step authentication If the user clicks on the Setup two-step authentication link, the configuration process will begin. The first step shows a brief description about two-step authentication. The user must click on Begin Setup. Next step will be introduce the user current password, if you remember the theory of 2FA, this will be “the component the user knows”. Once the user wrote the password, click on Next. The next step retrieves the other component the user must have, in this case an app in the smartphone. The Two Factor authentication wizard will show a Wiki link with the OTP Apps Zimbra recommends to use. Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App. How to Install and Configure an OTP smartphone app In this example, I will use Google authenticator, but please visit our Wiki where you can find other options. In the App Store or Play Store, search by Google authenticator, then click Install.
    [Show full text]
  • Zwei-Faktor-Authentifizierung (2FA)
    Zwei-Faktor-Authentifizierung (2FA) Bedienung und Konfiguration Version 3.00 (1709) Copyright © 2018 SOLARYS Informatik GmbH, Götzis Inhalt 1. Allgemeines und Voraussetzungen ................................................................................... 1 1.1 Einmal-Passwort (TOTP) .............................................................................................. 1 1.2 Universal 2nd Factor (U2F) .......................................................................................... 2 2. Konfiguration ....................................................................................................................... 3 2.1 Benutzereinstellungen/Administration .......................................................................... 3 2.2 TOTP - Software-Token ................................................................................................ 4 2.3 TOTP - Hardware-Token .............................................................................................. 8 2.4 Sicherheitsschlüssel - U2F ......................................................................................... 11 2.5 Zwei-Faktor-Authentifizierung deaktivieren ................................................................ 13 3. Login ................................................................................................................................... 14 4. Links .................................................................................................................................... 14 5. Abkürzungen .....................................................................................................................
    [Show full text]
  • Fedora Infrastructure Best Practices Documentation Release 1.0.0
    Fedora Infrastructure Best Practices Documentation Release 1.0.0 The Fedora Infrastructure Team Sep 09, 2021 Full Table of Contents: 1 Getting Started 3 1.1 Create a Fedora Account.........................................3 1.2 Subscribe to the Mailing List......................................3 1.3 Join IRC.................................................3 1.4 Next Steps................................................4 2 Full Table of Contents 5 2.1 Developer Guide.............................................5 2.2 System Administrator Guide....................................... 28 2.3 (Old) System Administrator Guides................................... 317 3 Indices and tables 335 i ii Fedora Infrastructure Best Practices Documentation, Release 1.0.0 This contains a development and system administration guide for the Fedora Infrastructure team. The development guide covers how to get started with application development as well as application best practices. You will also find several sample projects that serve as demonstrations of these best practices and as an excellent starting point for new projects. The system administration guide covers how to get involved in the system administration side of Fedora Infrastructure as well as the standard operating procedures (SOPs) we use. The source repository for this documentation is maintained here: https://pagure.io/infra-docs Full Table of Contents: 1 Fedora Infrastructure Best Practices Documentation, Release 1.0.0 2 Full Table of Contents: CHAPTER 1 Getting Started Fedora Infrastructure is full of projects that need help. In fact, there is so much work to do, it can be a little over- whelming. This document is intended to help you get ready to contribute to the Fedora Infrastructure. 1.1 Create a Fedora Account The first thing you should do is create a Fedora account.
    [Show full text]
  • Release 3.4.1 Cornelius Kölbel
    privacyIDEA Authentication System Release 3.4.1 Cornelius Kölbel Dec 22, 2020 CONTENTS 1 Table of Contents 3 2 Indices and tables 395 Python Module Index 397 HTTP Routing Table 399 Index 403 i ii privacyIDEA Authentication System, Release 3.4.1 privacyIDEA is a modular authentication system. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications. Originally it was used for OTP authentication devices. But other “devices” like challenge response and SSH keys are also available. It runs on Linux and is completely Open Source, licensed under the AGPLv3. privacyIDEA can read users from many different sources like flat files, different LDAP services, SQL databases and SCIM services. (see Realms) Authentication devices to provide two factor authentication can be assigned to those users, either by administrators or by the users themselves. Policies define what a user is allowed to do in the web UI and what an administrator is allowed to do in the management interface. The system is written in python, uses flask as web framework and an SQL database as datastore. Thus it can be enrolled quite easily providing a lean installation. (see Installation) CONTENTS 1 privacyIDEA Authentication System, Release 3.4.1 2 CONTENTS CHAPTER ONE TABLE OF CONTENTS 1.1 Overview privacyIDEA is a system that is used to manage devices for two factor authentication. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication.
    [Show full text]
  • Release 7 Final Nethesis
    NethServer Documentation Release 7 Final Nethesis Jul 05, 2021 Release notes 1 Release notes 7 3 1.1 Major changes on 2020-11-26......................................3 1.2 Major changes on 2020-05-05......................................4 1.3 Major changes on 2019-10-07......................................5 1.4 Major changes on 2018-12-17......................................5 1.5 Major changes on 2018-06-11......................................6 1.6 Major changes on 2017-10-26......................................6 1.7 Major changes on 2017-07-31......................................7 1.8 Major changes on 2017-01-30......................................7 1.9 Deprecated features and packages....................................8 1.10 Upgrading NethServer 6 to NethServer 7................................9 2 Installation 11 2.1 Minimum requirements......................................... 11 2.2 Installation types............................................. 11 2.3 Installing from ISO............................................ 12 2.4 Install on CentOS............................................ 15 2.5 Next steps................................................ 15 3 Accessing the Server Manager 17 3.1 Login................................................... 17 3.2 Hints................................................... 17 3.3 Change the current password....................................... 18 3.4 Logout.................................................. 18 4 Subscription 19 4.1 Registering the system.........................................
    [Show full text]
  • Linux Journal 33 Reality 2.0: a Linux Journal Podcast 34 News Briefs
    Easier Python Write Secure Free Software, paths with pathlib Shell Scripts Open Science and R Since 1994: The original magazine of the Linux community THE SECURITY ISSUE The Heads Project: a Free Software Solution for Secure Booting YubiKey 5 and Web Authentication The New Purism Librem Key Hardware Token Password Manager Roundup De-mystifying X.509 Certificates ISSUE 295 | FEBRUARY 2019 www.linuxjournal.com FEBRUARY 2019 CONTENTS ISSUE 295 62 DEEP DIVE: Security 63 Password Manager Roundup by Shawn Powers If you can remember all of your passwords, they’re not good passwords. 80 Everyday Security Tips by Michael McCallister Make your computer safer with these guidelines based on the Linux Foundation’s Security Checklist developed for corporate systems. 91 Understanding Public Key Infrastructure and X.509 Certificates by Jeff Woods An introduction to PKI, TLS and X.509, from the ground up. 104 WebAuthn Web Authentication with YubiKey 5 by Todd A. Jacobs A look at the recently released YubiKey 5 hardware authenticator series and how web authentication with the new WebAuthn API leverages devices like the YubiKey for painless website registration and strong user authentication. 122 The Purism Librem Key by Todd A. Jacobs The Librem Key is a new hardware token for improving Linux security by adding a physical authentication factor to booting, login and disk decryption on supported systems. 134 Tamper-Evident Boot with Heads by Kyle Rankin Learn about how the cutting-edge, free software Heads project detects BIOS and kernel tampering, all with keys under your control. 2 | February 2019 | https://www.linuxjournal.com CONTENTS 6 The Security Issue by Bryan Lunduke 10 From the Editor—Doc Searls A Line in the Sand 14 Letters UPFRONT 20 Some (Linux) Bugs Have All the Fun by Bryan Lunduke 24 Astronomy Software by Any Other Name by Joey Bernard 32 Patreon and Linux Journal 33 Reality 2.0: a Linux Journal Podcast 34 News Briefs COLUMNS 38 Reuven M.
    [Show full text]