So, I’ve been lazy.
Apparently during the move to HTTPS, I failed to set up some things. The personal blog is still loading http for media assets and RSS, but http is no longer available, and one of our certs expired because i didnt properly configure the alias for the automation behind cert regeneration and then also didn’t set up a monitor for that.
I’ve work to do.
NEWS Outlet is now Mobile Friendly
Did give the news outlet a facelift to make it mobile-friendly, though, so, there’s that. It’s still http though. Gotta get on that.
TODO
- move news outlet to phanes.silo server
- set up automated cert renewal for news.silo
- regen certs for phanes.silo and news.silo
- fix https in application layer for phanes.silo
- update news.silo to point to phanes.silo
- set up LDAP auth and UID/GID mapping for SILO
LDAP for SURRO and SILO
I’m also in the process still of finishing up configuration of a new LDAP service for everything.
So, it’s SSSd, NSSwitch, and PAM, yay. 3 huge parts of the linux system I never really made myself learn.
I think starting out with Kerberos 5, SLAPd, LDAP working my way down the docs is the smart way to go there.
The fun part is Ipsilon after that but I want to get system auth up and functional first.
Reading for Network Login SErvices
So, when it comes to KRB5, SSSD, NSS, and PAM, this is an area of linux systems that everyone skips over (myself included) because there are just so many moving parts and it’s a pain in the ass to troubleshoot. But it needs learned if we’re going to implement it in a new distro. We’re looking more and more like an enterprise infrastructure every day and I need to get us to “that magic quiet zone” after all the shifting around. I find this part of the system to be far more complicated than SystemD and even compiling a custom kernel.
- The TLDP Guide for Kerberos.
- RFC 1510 for LDAP definition.
- An Ubuntu Guide (I’m using Fedora but it’s helpful) for Kerberos + LDAP.
- The official MIT-origin Kerberos Documentation
- SSSD and NSS docs from Red Hat
- SUSE’s expectedly sexy and clear presentation on SSSD.
- An introductory text on how PAM works from Tux Radar.
- The official docs on PAM.
Examplar
Still plugging away. Pipes, pipes, dupes, forks and more pipes, oh my!
New Rack SErver and 32bit compat in python
Someone donated a new rack server for lair.silo. I’m not sure what I’ll be doing with it besides hosting auth services since it is 32bit and can’t be the archipel demo (and can’t really be preprod for any of the python services since 32bit py environments don’t seem to have library continuity with 64 bit in just the right cases).
Oh well. Tons of shit to do. Time to go work out first and then get to it. With it being labor day weekend it’s the perfect chance to get caught up.