Search found 135 matches
- 2021/08/21 22:53:06
- Forum: 8 /8-Stream / 9-Stream - Security Support
- Topic: [Solved] Persistent Authentication for ssh with dual-factor
- Replies: 1
- Views: 5889
Re: Persistent Authentication for ssh with dual-factor
Thanks to some help from a user on Stack Exchange, I was able to solve this one. I added to the globals section of .ssh/config for one of my test users:[/list] Host * ControlMaster auto ControlPath ~/.ssh/master-%r@%h:%p I logged onto a test server and got the expected authentication prompts I can n...
- 2021/08/21 16:05:35
- Forum: 8 /8-Stream / 9-Stream - Security Support
- Topic: [Solved] Persistent Authentication for ssh with dual-factor
- Replies: 1
- Views: 5889
[Solved] Persistent Authentication for ssh with dual-factor
If there a way to get dual factor authentication for ssh in which the second factor only has to be entered once per day or other time period? The idea is to set up jump hosts for ssh that require 2FA. A jump host can then be use to provide access to other servers that will, in turn, be restricted to...
- 2021/05/01 14:35:01
- Forum: 8 /8-Stream / 9-Stream - Security Support
- Topic: Remove port from selinux policy
- Replies: 2
- Views: 10581
Re: Remove port from selinux policy
Thank you.
I was trying remove the port from squid_port_t when I should have been looking for a way to let httpd and squid share the squid ports. Once past that, I just used audit2allow to produce a policy to allow the sharing.
I was trying remove the port from squid_port_t when I should have been looking for a way to let httpd and squid share the squid ports. Once past that, I just used audit2allow to produce a policy to allow the sharing.
- 2021/04/30 16:02:38
- Forum: 8 /8-Stream / 9-Stream - Security Support
- Topic: Remove port from selinux policy
- Replies: 2
- Views: 10581
Remove port from selinux policy
I am trying to get the ESET AV software working on my employer's system. The firewall we have (Cisco Firepower) does not handle a generic many-to-one NAT IP, an allow list, and a country blacklist as expected. ESET is in Slovakia and their registration server is in the country blacklist. So I need a...
- 2021/04/26 22:04:34
- Forum: 8 /8-Stream / 9-Stream - General Support
- Topic: sssd and Kerberos
- Replies: 3
- Views: 1285
Re: sssd and Kerberos
I was able to get sssd to work with kerberos by putting the following in /etc/sssd/sssd.conf: [sssd] config_file_version = 2 domains = LOCAL services = nss, pam [domain/LOCAL] id_provider = files auth_provider = krb5 krb5_server = kdc01.lereta.net krb5_realm = TOTALFLOOD.COM cache_credentials = true...
- 2021/04/26 22:00:28
- Forum: 8 /8-Stream / 9-Stream - General Support
- Topic: kerberos offline authentication doesn't work with pam_krb5
- Replies: 5
- Views: 3246
Re: kerberos offline authentication doesn't work with pam_krb5
If you are still beating your head against this... After much trial and error, I was able to get sssd to work with kerberos by creating /etc/sssd/sssd.conf with the following [sssd] config_file_version = 2 domains = LOCAL services = nss, pam [domain/LOCAL] id_provider = files auth_provider = krb5 kr...
- 2021/04/15 23:21:53
- Forum: 8 /8-Stream / 9-Stream - General Support
- Topic: sssd and Kerberos
- Replies: 3
- Views: 1285
Re: sssd and Kerberos
Thank you. Dunno how I overlooked it but I now have a place to start.
- 2021/04/14 19:22:00
- Forum: 8 /8-Stream / 9-Stream - General Support
- Topic: File sharing between Windows and CentOS8 through Samba
- Replies: 8
- Views: 1068
Re: File sharing between Windows and CentOS8 through Samba
I have to mount windows shares on Linux servers quite a bit here. This is a procedure I have worked out. Define a remote machine and a share name export MACHINE="abc.def.xyz" export SHARE="fooshare" Create a mountpoint sudo mkdir -p /smbfs/$MACHINE/$SHARE Create a directory to store credential files...
- 2021/04/14 14:59:13
- Forum: 8 /8-Stream / 9-Stream - General Support
- Topic: sssd and Kerberos
- Replies: 3
- Views: 1285
sssd and Kerberos
For several years I have used Kerberos and PAM to provide authentication for most users. However, pam_krb5.so does not appear to be in CentOS 8. Is there a way to add Kerberos authentication? I do not mean using using Active Directory and/or LDAP. Just plain vanilla Kerberos I searched out sssd whic...
- 2020/06/30 21:52:28
- Forum: CentOS 6 - General Support
- Topic: Directory index full
- Replies: 2
- Views: 4827
Re: Directory index full
Thank you.
Would it make more sense to just migrate the existing data to an XFS formatted volume and download the rest of the files to there?
Would it make more sense to just migrate the existing data to an XFS formatted volume and download the rest of the files to there?