PUBLIC MARKS from falko with tag authentication

This tutorial describes the installation of LinOTP on OpenSUSE 12.3 using PostgreSQL as a token database. LinOTP is a two factor authentication solution with One Time Passwords. In the following Howto we are showing how to enable SSH authentication with LinOTP.

OpenID is a widely adopted technology for user authentication in web applications. It relies on the concepts of distributed user authentication in blog applications. This small cookbook explains step-by-step how to install and configure the Open Source Apache module mod_auth_openid.

This guide explains how to set up WebDAV with MySQL authentication (using mod_auth_mysql) on Apache2 on a Debian Etch server. WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files.

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it is protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

VNC is the most popular remote access solution today. However, it was developed to provide remote access, not to provide secure remote access. Administrators have to add security to VNC by tunneling it through an encrpyted channel such as SSH and adding a layer of authentication. In this article, we will show you how to combine the NoMachine NX server to encrpyt VNC and remote X session combined with two-factor authentication from WiKID Systems to create a secure, fast remote access solution.

Auth Shadow or mod-auth-shadow is a module for apache (and apache2, sort of) that enables authentication against /etc/shadow. The benefits being that any system user with a password can be authenticated for web_dav, subversion or simply an https server. The only other way to do this is with PAM. That method is dangerous because the apache user (www-data in my case) must be able to read /etc/shadow. Obviously, not a good idea. Auth Shadow accomplishes this safely by using a intermediate program called validate. This works because validate can be owned by root but executable by everyone. In the event that your server is compromised through apache, your password file will not be readable.

This howto will show you how to store your users in LDAP and authenticate some of the services against it. It will not show how to install particular packages, as it is distribution/system dependant, instead it will focus on pure configuration of all componenets needed to have LDAP authentication/storage of users. The howto assumes that you are migrating from a regular passwd/shadow authentication, but it is also suitable for people who do it from scratch.