본문 바로가기

Kerberos setup - 4 (API Server for User management) Kerberos user management sample flask code. You could re-use this code for Kerberos host management as well @app.route('/krb/user/', methods=['GET', 'DELETE', 'POST', 'PUT']) def userAPI(username): result_code = "success" result_message = "ok" if request.method == 'GET': cmd = "/usr/bin/kadmin -p account/admin -w ADminP@ssW0rd -q \"getprinc " + username + "\"" elif request.method == 'POST': cmd ..
Kerberos setup - 3 (MacOS User) macOS User Configuration 1. /etc/krb5.conf [libdefaults] default_realm = ABCDEF.COM allow_weak_crypto = false rdns = false [realms] ABCDEF.COM = { kdc = kdc.abcdef.com kdc = kdc2.abcdef.com admin_server = kdc.abcdef.com kpasswd_server = kdc.abcdef.com } 2. /etc/ssh/ssh_config After MacOS update, this configuration usually reset. So after update you must check this configuration. GSSAPIAuthentica..
Kerberos setup - 2 (Kerberos Client) Install yum --disablerepo=* --enablerepo=base,update install -y dmidecode krb5-libs Configuration 1. Set files if you need /etc/hosts /etc/ssh/sshd_config 2. Run ntp update ntpdate -u pool.ntp.org 3. Registration for principal with kadmin account at the new kerberos server. And create keytab # addpric /usr/bin/kadmin -p account/admin -w RkaWkrdldi -q "addprinc -randkey host/dev1-api-all.abcdef.c..
Kerberos setup - 1 (Kerberos Server) Install 1. OS (AMI Linux 2) $ cat /etc/system-release Amazon Linux release 2 (Karoo) 2. Installed Package releated krb5 ntp $ sudo yum list installed | grep krb krb5-devel.x86_64 1.15.1-19.amzn2.0.3 @amzn2-core krb5-libs.x86_64 1.15.1-19.amzn2.0.3 @amzn2-core krb5-server.x86_64 1.15.1-19.amzn2.0.3 @amzn2-core krb5-workstation.x86_64 1.15.1-19.amzn2.0.3 @amzn2-core pam_krb5.x86_64 2.4.8-6.amzn2.0..
OpenVPN setup - 3 (OpenVPN Client for VPC Tunnel) I want to use Linux OpenVPN client for the tunnel. OpenVPN Client Install Insatll (Linux AMI 2) # amazon-linux-extras install epel # yum -y install openvpn easy-rsa iptables-services Setting # Copy autologin profile for auto login. vi /etc/openvpn/client/vpn_cli01.conf # Service start open VPN Client systemctl status openvpn-client@vpn_cli01.service systemctl start openvpn-client@vpn_cli01.servi..
OpenVPN setup - 2 (OpenVPN Server) Set OpenVPN custom account # 1. myadmin account create % sudo useradd -s /sbin/nologin "myadmin" % sudo passwd myadmin # 2. Configuration file path /usr/local/openvpn_as/etc # 3. custom admin login setup users.0 % sudo vim /usr/local/openvpn_as/etc/as.conf ## allowed to access via the bootstrap auth mechanism. boot_pam_service=openvpnas boot_pam_users.0=myadmin # boot_pam_users.1= # boot_pam_use..
OpenVPN setup - 1 (AWS EC2) Setup environment: AWS OpenVPN Server Select AMI for purchase license Select Region & Continue to Launch I choose 'Launch through EC2'. I need to set more details. I recommend 'Launch from Website' . This option is much easy to setup.
Github enterprise server setup - 4 (Jenkins Build hook) GHE server version: 2.19.2 Reference https://stackoverflow.com/a/51003334/8163714 Github Webhooks Setup fail Case Enterprise - settings - Hooks (not working) Success Case Set each Organization Github token Create token Create a personal token for Jenkins (I used a system account for this job) I selected all-access, it's the stage test case. I'll select releated repos access for the production ca..