My SLAC 2024 presentation about how to use FIDO2 tokens how to authenticate centrally managed users is now online Read more 26 May 2023 - less than 1 minute read Tag: talks
My SLAC 2023 presentation about FreeIPA and external Identity Providers is now online. Read more 26 May 2023 - less than 1 minute read Tags: ipa, talks
I recently had an issue where I accidentally lost the private key for my webserver certificate. The webserver is running as part of a FreeIPA environment. Luckily in such a setup the LDAP-Server share the same certificate and key with the webserver. So all I had to do is to copy the private key from the LDAP-Server certificate database to the we... Read more 08 Apr 2022 - 2 minute read Tags: ipa, nss
Two more article I wrote for the ADMIN magazine have now been published also online. Save sudo logs on a remote computer Integrating Podman and systemd Happy reading. Read more 08 Apr 2022 - less than 1 minute read Tag: articles
The following article was inspired by a question on StackOverflow. In Kerberos world many different preauthentication mechanism exist. PKINIT is one of those mechanism. It basically uses X.509 certificates to authenticate the Kerberos Key Distribution Center (KDC) against the client and also the client against the KDC. The latter use-case mostl... Read more 21 May 2021 - 3 minute read Tags: ipa, kerberos, pkinit