Recently, I have been playing with Kerberos, a popular Single Sign On system (SSO) that is used in many large organizations. My first contact with Kerberos has been at university in a network security course, but that only covered the cryptographic part, not the more practical issues like setting up …
read moreOpenID Delegation
Excluding Pages From Authentication
Java's Servlet spec allows web applications to delegate authentication and authorization to the servlet container, a mechanism known as container-based security. A lot of people use it for in-house applications or web services because it's simple and containers like Tomcat already provide several authentication backends to choose from. There's one …
read moreSSH Public Key Authentication
A lot of people use SSH to log into remote hosts. SSH is secure and works well, but if you have to access many hosts with long, well-chosen passwords there is a lot of typing to do just for authentication.
In this article I'll walk you through a basic public …
read moreTransparent Directory Encryption
In a previous article, I discussed sshfs, a user mode filesystem based on FUSE for accessing remote files. Another useful filesystem type is encfs which provides transparent encryption of directories. With encfs, files are stored encrypted in a special directory under encfs' control. The encryption algorithm and password are specified …
read moreMounting Directories via SSH
For mounting directories from a remote machine, usually NFS or SMB/CIFS is used which requires a running file server. On many linux servers, however, all you have is a shell account, so file transfer has to be done via scp.
Using the FUSE Linux kernel module, which provides user …
read more