Next Integration Task(s)

With the majority of my Linux servers now authenticating against Active Directory, I’m now able to broaden my integration focus and work on some related tasks:

SASL2/PAM:  I still have one server, running SASL2, that has not been switched over to the standard Kerberos/LDAP configuration.  I’ll need to research the interplay between SASL2 and PAM before I tackle this one.

OpenBSD Authentication:  I haven’t touched any of the OpenBSD servers yet for Kerberos/LDAP authentication.

VPN Authentication via RADIUS:  I’d like to use RADIUS to handle some VPN authentication against Active Directory as well.  I don’t anticipate this should be too terribly difficult, but it is something that is rather new to me.

Apache Authentication via Kerberos to AD:  One of the documents that helped me in getting the pam_krb5 stuff working was for using mod_auth_kerb with Apache (more information also posted here as well).  I’d like to deploy this for some select areas of our intranet and extranet sites, to add an additional layer of security on top of what is already present.

Of course, this is in addition to trying to establish an internal news server running INNd (and then migrating content from Exchange Server 2003 into this news server) and working on Squid log analysis tools.  I’ll probably start investigating Squid authentication options as well, since that would be very helpful to my customers (especially if I can get the authentication to be transparent, or very nearly so).  On top of that I have duties in church, work as a manager overseeing employees, and things to do as a dad.  Whew!  I often wonder if I am just not efficient with managing my time, or if I just have too much to do.

Tags: , , ,

2 comments

  1. Jason Sjobeck’s avatar

    This is not specifically related to the above, but it is related on a tangent, and seems like some people who are working on the above might be interested in this type of thing:

    http://www.wikidsystems.com/howtos/how-to-add-two-factor-authentication-to-apache

    We might test their example wherein they auth’ OpenVPN users against a central mechanism and or using OTP’s.

    Peace. Love. Linux.

  2. slowe’s avatar

    Jason,

    Thanks for the link; I’ll review that and see what kind of information I can glean from it.

    Scott

Comments are now closed.