[svlug] Meeting this Wednesday: Speaker? Open discussion?

Luke S. Crawford lsc at prgmr.com
Tue Sep 1 12:04:08 PDT 2015



On 08/31/2015 11:13 PM, Rick Moen wrote:
> Quoting Luke S. Crawford (lsc at prgmr.com):
>
>> Yeah, openldap!   I could throw together a "how to setup a  linux system
>> to authenticate off openldap"  - including both pam, (so you can
>> authenticate to the linux system itself,) and the  OpenSSH-LPK patch so
>> you can setup your passwordless ssh logins using LDAP,   as well as the
>> apache mod_auth_ldap setup.
>>
>> I'd have to delay truing my new wheel, and you'd need to settle for not
>> very good slides, but I could totally have a working howto/walkthrough
>> done tomorrow evening;  I've done this... many times, and am probably
>> going to do it again this weekend for a friend who is helping me setup a
>> webapp with django.
> More than cool.  OK, we'll go with that.  You probably remember the
> drill:  Ideally, we'll need a title for the talk and a 1-3ish sentence
> description.  Past examples are onhttp://www.svlug.org/prevmeet.php  .
>
> I was _about_ to say 'I'll just reuse the speaker bio from your last
> SVLUG talk', but since that was July 2009 and the bio talked about your
> upcoming book with No Starch Press in Sept. 2009, an update would be
> really nice, too.
>
>
> When speakers don't give us a topic title, talk description, or bio,
> SVLUG is obliged to invent them, with uncertain results.  ;->
okay.   hm.

for title:

OpenLDAP;  single sign-on without sharing password hashes.


"Luke will go over how to setup a linux system to authenticate off 
openldap - including both pam, (so you can authenticate to the linux 
system itself,) the OpenSSH-LPK patch so you can setup your passwordless 
ssh logins using LDAP, as well as the apache mod_auth_ldap setup.  Luke 
will also rant about "damn kids" who have to "rewrite the auth stack"  - 
and explain how LDAP is "good enough" without being too much work to 
implement.   Properly setup, LDAP is as good as kerberos with 
tunneled-cleartext passwords enabled.  Not, obviously, as good as 
end-to-end kerberos, but that requires client-side support.  Being as I 
have one-day of prep, we're not going to go deep into kerberos used with 
ldap, and I'm going to largely ignore activedirectory."

If I get time, I'll add slides on mail-routing (mailhub setups are 
pretty nice)  and if I'm lucky, Wayne Roth will get me information on 
integrating django with ldap for the kids who think apache-based auth is 
"ugly" but call that a "stretch goal"  - good chance I won't get to it.


For bio:

"Luke S. Crawford is a long-time computer technician, an author and an 
entrepreneur.  With Sarah Newman, he runs prgmr.com, a small company 
that provides Virtual Private Servers to the technically adept, and 
contracting/consulting services to the moneyed.

With Chris Takemura, he wrote "The Book of Xen." published by No-Starch 
press[1]

In his role as a contractor, Luke has many years of dealing with LDAP on 
a very diverse set of platforms, from OSX and Solaris to FreeBSD and 
Linux, enabling everything from the traditional company directory to 
mail-routing and authentication services.


[1]https://www.nostarch.com/xen.htm"






More information about the svlug mailing list