Return to Level1Techs.com

Home Lab blog

#1

I was thinking about setting up an IPA server to user for central management of users & authentication at home.

Anyone have any tips or suggestions

I’ve never had luck with setting up kerberos keytab for use with secure NFS before… really want to figure it out.

(when i get enough motivation to tackle this change at home, I’ll have to redo my home network so I can properly do vlan tagging on my switches) – edit - completed!

2 Likes

#2

Something else I want to add to my list is to setup this:

http://ipaudit.sourceforge.net/

1 Like

#3

I was about to install keycloak on a kubernetes cluster, but I am still very confused by kerberos/ldap. It seems to be straight-forward, but we’ll see

1 Like

#4

Also if this is just a general home lab blog, I am about to install a new Gentoo server and load it up with kubernetes, libvirt, and probably some other stuff. I will probably be back here asking for advice haha

2 Likes

#5

Im cool with that

2 Likes

#6

Once the 8TB nas drives ( I got on sale) get here, i’ll backup my DIY SAN system and then update it from fedora 27.

0 Likes

#7

+1

1 update since 2005 though? Idk…

2 Likes

#8

Understandable reaction. But last I tried it… which was in a security class in college, it was nice.

3 Likes

#9

I have always enjoyed using kerberos auth with my linux servers (at work)

  • all you have to configure is the krb5.conf (manually or using the authconfig command)
  • create a local user with same user id as the AD user
  • can use usermod -L to lock the local auth via /etc/shadow
  • and then the user can only log in via kerberos
1 Like

#10

So does this affect like the local login manager (gdm, sddm, etc)?

1 Like

#11

I don’t know why it would be. The uid gid are still controlled via etc/passwd.

1 Like

#12

Site says my drives shipped two days ago but there have not been any tracking updates…

Concern

3 Likes

#13

Agreed. It seems like sso was a huge focus for a while and more and more things were being kerberized, but now not as much.

I have been planning to test Samba AD/FreeIPA trust to create a completely cross-platform, open-source directory structure, but I’m still working on the Samba half.

2 Likes

#14

and now I have to wait up to 5 more days based on the tracking… wtf

1 Like

#15

They aren’t getting rerouted through Virginia are they?

1 Like

#16

What is happening in VA…
but yes. I think it should go thru VA…

2 Likes

#17

I was joking, but…

And my bad, I think it’s Maryland, not Virginia.

3 Likes

#18

I never heard of this before.

1 Like

#19

I once locked my keys in my car in the parking lot at the NSA… Fortunately, the parking lot police were able to unlock the car by looking at it.

7 Likes

#20

You were at the NSA why?

1 Like