[svlug] Meeting this Wednesday: Speaker? Open discussion?
Luke S. Crawford
lsc at prgmr.com
Tue Sep 1 12:04:08 PDT 2015
On 08/31/2015 11:13 PM, Rick Moen wrote:
> Quoting Luke S. Crawford (lsc at prgmr.com):
>> Yeah, openldap! I could throw together a "how to setup a linux system
>> to authenticate off openldap" - including both pam, (so you can
>> authenticate to the linux system itself,) and the OpenSSH-LPK patch so
>> you can setup your passwordless ssh logins using LDAP, as well as the
>> apache mod_auth_ldap setup.
>> I'd have to delay truing my new wheel, and you'd need to settle for not
>> very good slides, but I could totally have a working howto/walkthrough
>> done tomorrow evening; I've done this... many times, and am probably
>> going to do it again this weekend for a friend who is helping me setup a
>> webapp with django.
> More than cool. OK, we'll go with that. You probably remember the
> drill: Ideally, we'll need a title for the talk and a 1-3ish sentence
> description. Past examples are onhttp://www.svlug.org/prevmeet.php .
> I was _about_ to say 'I'll just reuse the speaker bio from your last
> SVLUG talk', but since that was July 2009 and the bio talked about your
> upcoming book with No Starch Press in Sept. 2009, an update would be
> really nice, too.
> When speakers don't give us a topic title, talk description, or bio,
> SVLUG is obliged to invent them, with uncertain results. ;->
OpenLDAP; single sign-on without sharing password hashes.
"Luke will go over how to setup a linux system to authenticate off
openldap - including both pam, (so you can authenticate to the linux
system itself,) the OpenSSH-LPK patch so you can setup your passwordless
ssh logins using LDAP, as well as the apache mod_auth_ldap setup. Luke
will also rant about "damn kids" who have to "rewrite the auth stack" -
and explain how LDAP is "good enough" without being too much work to
implement. Properly setup, LDAP is as good as kerberos with
tunneled-cleartext passwords enabled. Not, obviously, as good as
end-to-end kerberos, but that requires client-side support. Being as I
have one-day of prep, we're not going to go deep into kerberos used with
ldap, and I'm going to largely ignore activedirectory."
If I get time, I'll add slides on mail-routing (mailhub setups are
pretty nice) and if I'm lucky, Wayne Roth will get me information on
integrating django with ldap for the kids who think apache-based auth is
"ugly" but call that a "stretch goal" - good chance I won't get to it.
"Luke S. Crawford is a long-time computer technician, an author and an
entrepreneur. With Sarah Newman, he runs prgmr.com, a small company
that provides Virtual Private Servers to the technically adept, and
contracting/consulting services to the moneyed.
With Chris Takemura, he wrote "The Book of Xen." published by No-Starch
In his role as a contractor, Luke has many years of dealing with LDAP on
a very diverse set of platforms, from OSX and Solaris to FreeBSD and
Linux, enabling everything from the traditional company directory to
mail-routing and authentication services.
More information about the svlug