Posts Tagged ‘ User

Likewise, the myth debunked

This post originally written for my personal blog on June 14th 2009.

As a systems administrator in many mixed Windows and linux environments I have seen and made many of my own attempts at integrating the linux servers into the Windows Active Directory structure with mixed results. Linux registration and authentication inside of a Windows domain is akin to the bigfoot: some have claimed to see one, many have worked long hours to find them, no one can produce consistent results. Until now.

At the suggestion by a coworker I decided to give Likewise a try on my most recent attempt at bringing our linux servers into the windows domain. Skeptically I built a new CentOS 5.3 server and proceeded to follow the instructions for installing Likewise. The seemed too simple and with each step I waited for the fatal issue that would bring the test to it’s demise. Software installed, no issues. As I reviewed the instructions for adding the system to the domain and found that it only required one command and no further configuration of files I thought, “This is so going to fall on it’s face.” Command executed and I’m waiting, then it comes up on the screen: Success. Success? Really? I don’t believe it, I log onto the domain controller and there it is, right where new computers are supposed to go in the domain. I quickly flip over to the manual and look up how to authenticate for ssh, simple DOMAIN\\username@host, and give it the final test. Success. In the span of 15 minutes I was able to install the app, add my computer to the domain and authenticate against the domain. 15 more minutes and I was able to limit who could log in and give them sudo access. This is a huge win for any admin who deals with linux servers in a domain.

I’m still testing the limits of Likewise and I will say that it hasn’t been without it’s speed bumps but I plan on paying for a little support and getting the answers I need. Like may open source products, Likewise is making it’s money on support and by selling upgraded functionality. I applaud this model, allowing the flexibility of open source while still finding a way to pay for all that hard work. I will be continuing to test the limits of Likewise but as of now I am thoroughly impressed and will continue to use it.

Reblog this post [with Zemanta]
2009
06/14
CATEGORY
Linux
User Administration
Windows
TAGS







73 comments

Love, Sex, Secret, and … God

This post originally written for my personal blog on January 11, 2009.

This past week saw two high profile security breaches on twitter.com and macrumorslive.com, each one a classic example of poor login management by websites. For full disclosure, I do not know anyone at either site but have read about each here and here as well as other websites. The short version on twitter is that an admin at twitter had a common word password and twitter has no limit on the times you can try your login. The short on Mac Rumors Live is that they either had no password on their admin interface or that the login page was sniffed, either way it was a bummer for them.

As a system administrator it is a constant challenge to keep our systems and the web applications that run on them secure while still keeping the usability that our great developers have created. So when I see things like the twitter and mac rumors issues I get very frustrated because the prevention of this is so simple. If you develop a website with user accounts, and most of them do, please consider the following.

Complex password requirements. Google returns about 232,000 results for javascript to check for strong passwords so you don’t even need to invent the wheel to add this to your change / create password page. If you don’t want to bother your users with this at least take some time to require it on admin accounts.

HTTPS, the S is for secure. Developers, please use ssl to encrypt your login page and use redirects to ensure that users don’t accidentally end up there without ssl. As more of us move out of the office and into the coffee shop we are also moving off of a private network and onto a public one. We log into twitter, brightkite, our blog, our email and most people give no thought to the idea that everyone else in that coffeeshop could now have your account and password, unless we use something secure like https. Webmail sites learned this lesson long ago and it’s time for the rest of the web to learn it too. The worst part of this is that most sites already have an https version of their site and it would be a very simple fix for them to redirect to it. For those sites that don’t ( I’m looking at you brightkite ), it’s time to step up, spend the money and get https going. For you wordpress users, setup a self-signed certificate (or purchase one) and wordpress has a plugin to do all the wp-admin encryption redirects for you.

More services are being provided via websites and as users of these we need to demand that they are secure. Give them feedback asking that logins be secure by default so that what happened with twitter and mac rumors doesn’t happen to you.

Reblog this post [with Zemanta]
2009
01/11
CATEGORY
Security
TAGS






6 comments