Recently, I have been playing with Kerberos, a popular Single Sign On system (SSO) that is used in many large organizations. My first contact with Kerberos has been at university in a network security course, but that only covered the cryptographic part, not the more practical issues like setting up …

OpenID is a great concept but what I don't like is that I tie myself to a specific identity provider. Suppose the provider goes out of business or doesn't support OpenID anymore. Of course, I could set up my own private identity provider but I'm lazy and I don't want …

Java's Servlet spec allows web applications to delegate authentication and authorization to the servlet container, a mechanism known as container-based security. A lot of people use it for in-house applications or web services because it's simple and containers like Tomcat already provide several authentication backends to choose from. There's one …

A lot of people use SSH to log into remote hosts. SSH is secure and works well, but if you have to access many hosts with long, well-chosen passwords there is a lot of typing to do just for authentication.

In this article I'll walk you through a basic public …

In a previous article, I discussed sshfs, a user mode filesystem based on FUSE for accessing remote files. Another useful filesystem type is encfs which provides transparent encryption of directories. With encfs, files are stored encrypted in a special directory under encfs' control. The encryption algorithm and password are specified …

For mounting directories from a remote machine, usually NFS or SMB/CIFS is used which requires a running file server. On many linux servers, however, all you have is a shell account, so file transfer has to be done via scp.

Using the FUSE Linux kernel module, which provides user …