Search found 135 matches

by jscarville
2021/08/21 22:53:06
Forum: 8 /8-Stream / 9-Stream - Security Support
Topic: [Solved] Persistent Authentication for ssh with dual-factor
Replies: 1
Views: 5889

Re: Persistent Authentication for ssh with dual-factor

Thanks to some help from a user on Stack Exchange, I was able to solve this one. I added to the globals section of .ssh/config for one of my test users:[/list] Host * ControlMaster auto ControlPath ~/.ssh/master-%r@%h:%p I logged onto a test server and got the expected authentication prompts I can n...
by jscarville
2021/08/21 16:05:35
Forum: 8 /8-Stream / 9-Stream - Security Support
Topic: [Solved] Persistent Authentication for ssh with dual-factor
Replies: 1
Views: 5889

[Solved] Persistent Authentication for ssh with dual-factor

If there a way to get dual factor authentication for ssh in which the second factor only has to be entered once per day or other time period? The idea is to set up jump hosts for ssh that require 2FA. A jump host can then be use to provide access to other servers that will, in turn, be restricted to...
by jscarville
2021/05/01 14:35:01
Forum: 8 /8-Stream / 9-Stream - Security Support
Topic: Remove port from selinux policy
Replies: 2
Views: 10581

Re: Remove port from selinux policy

Thank you.

I was trying remove the port from squid_port_t when I should have been looking for a way to let httpd and squid share the squid ports. Once past that, I just used audit2allow to produce a policy to allow the sharing.
by jscarville
2021/04/30 16:02:38
Forum: 8 /8-Stream / 9-Stream - Security Support
Topic: Remove port from selinux policy
Replies: 2
Views: 10581

Remove port from selinux policy

I am trying to get the ESET AV software working on my employer's system. The firewall we have (Cisco Firepower) does not handle a generic many-to-one NAT IP, an allow list, and a country blacklist as expected. ESET is in Slovakia and their registration server is in the country blacklist. So I need a...
by jscarville
2021/04/26 22:04:34
Forum: 8 /8-Stream / 9-Stream - General Support
Topic: sssd and Kerberos
Replies: 3
Views: 1285

Re: sssd and Kerberos

I was able to get sssd to work with kerberos by putting the following in /etc/sssd/sssd.conf: [sssd] config_file_version = 2 domains = LOCAL services = nss, pam [domain/LOCAL] id_provider = files auth_provider = krb5 krb5_server = kdc01.lereta.net krb5_realm = TOTALFLOOD.COM cache_credentials = true...
by jscarville
2021/04/26 22:00:28
Forum: 8 /8-Stream / 9-Stream - General Support
Topic: kerberos offline authentication doesn't work with pam_krb5
Replies: 5
Views: 3246

Re: kerberos offline authentication doesn't work with pam_krb5

If you are still beating your head against this... After much trial and error, I was able to get sssd to work with kerberos by creating /etc/sssd/sssd.conf with the following [sssd] config_file_version = 2 domains = LOCAL services = nss, pam [domain/LOCAL] id_provider = files auth_provider = krb5 kr...
by jscarville
2021/04/15 23:21:53
Forum: 8 /8-Stream / 9-Stream - General Support
Topic: sssd and Kerberos
Replies: 3
Views: 1285

Re: sssd and Kerberos

Thank you. Dunno how I overlooked it but I now have a place to start.
by jscarville
2021/04/14 19:22:00
Forum: 8 /8-Stream / 9-Stream - General Support
Topic: File sharing between Windows and CentOS8 through Samba
Replies: 8
Views: 1068

Re: File sharing between Windows and CentOS8 through Samba

I have to mount windows shares on Linux servers quite a bit here. This is a procedure I have worked out. Define a remote machine and a share name export MACHINE="abc.def.xyz" export SHARE="fooshare" Create a mountpoint sudo mkdir -p /smbfs/$MACHINE/$SHARE Create a directory to store credential files...
by jscarville
2021/04/14 14:59:13
Forum: 8 /8-Stream / 9-Stream - General Support
Topic: sssd and Kerberos
Replies: 3
Views: 1285

sssd and Kerberos

For several years I have used Kerberos and PAM to provide authentication for most users. However, pam_krb5.so does not appear to be in CentOS 8. Is there a way to add Kerberos authentication? I do not mean using using Active Directory and/or LDAP. Just plain vanilla Kerberos I searched out sssd whic...
by jscarville
2020/06/30 21:52:28
Forum: CentOS 6 - General Support
Topic: Directory index full
Replies: 2
Views: 4827

Re: Directory index full

Thank you.

Would it make more sense to just migrate the existing data to an XFS formatted volume and download the rest of the files to there?