|
|
Implementation of NIS Backend for SSSD
Nykrýn, Lukáš ; Burget, Radek (oponent) ; Zelený, Jan (vedoucí práce)
The first part this thesis introduces technologies and tools for centralized management and authentication of users in GNU / Linux. It shows the usage of directory services in a network infrastructure, namely the NIS and its comparison with today probably the most widely used directory service LDAP. Then it describes the process of authentication on client workstations, specifically use of PAM and NSS, and possible expansion of whole system through the introduction of cache by using daemon SSSD. The second part of this thesis describes design and implementation of the NIS provider for SSSD.
|
|
|
FreeIPA - URI Based Access Management
Hellebrandt, Lukáš ; Michal, Bohumil (oponent) ; Kašpárek, Tomáš (vedoucí práce)
The goal of this thesis is designing and implementing access management based on URI of the requested resource. Host Based Access Control in the identity management tool FreeIPA was used as a basis for implementation. Furthermore, it was necessary to enhance the related infrastructure, namely the SSSD tool. The authorization module for Apache HTTP Server was used as an example of the application using URI-based HBAC. The main solved problem was design of the infrastructure for communication of the necessary parameters and strategy proposal for evaluating HBAC rules which define the access rights. The complete solution was demonstrated on the example of securing an instance of the web application Wordpress.
|
|
|
Nebezpečí internetové komunikace
Štěrba, Radek ; Jeřábek, Jan (oponent) ; Polívka, Michal (vedoucí práce)
Tato práce se zabývá problematikou komunikačních protokolů a serverů. Jsou zde popsány protokoly TCP/IP. Dále jsou popsány čtyři nejpoužívanější IM protokoly (popis přihlašování, komunikace a zabezpečení). Jsou zde popsány protokoly pro hlasovou komunikaci a problematika softwarových ústředen. Dále jsou zde nastíněny databázové systémy hlavně LDAP. Součástí této práce je také praktická činnost – zprovoznění serveru pro hlasovou komunikaci a posílání zpráv a databáze LDAP. Je popsán postup pro zprovoznění jednotlivých serverů, navázání příslušných klientů na servery a v neposlední řadě komunikace s LDAP.
|
|
|
Automatic Kerberos Key Rotation
Kos, Ondřej ; Henzl, Martin (oponent) ; Zelený, Jan (vedoucí práce)
This thesis is focused on the Kerberos authentication system and itsmanagement, primarily in the area of the Keytab files. The thesis describes the basic components of the whole system which are involved in these operations and their main properties. The FreeIPA administration system is partly described as well. It uses the Kerberos for the users' authentication. The main objective of this work was to develop an application capable of ,automatically and without user's effort, rotation of the Kerberos keys and thus enhance the security level of the whole system in cases of the communication eavesdropping.
|
|
|
Single D-Bus Server for SSSD
Úradník, Dušan ; Rogalewicz, Adam (oponent) ; Pavela, Jiří (vedoucí práce)
This thesis aims to reimplement the current topology of SSSD's inter-process communication. This communication is managed through separate D-Bus message buses to which components connect and send messages. The star topology with a single D-Bus requires to create a central message bus for components to use without affecting the current performance of SSSD. To ensure that, a thorough performance analysis had to be done by measuring response times and monitoring SSSD's behavior under constant stream of requests. Therefore, the tools SystemTap and hyperfine were employed to assemble a performance test suite.
|
|
|
A decentralized voting platform using blockchain technology
Chochula, Peter
Táto práca sa zaoberá vývojom decentralizovanej volebnej platformy so zámerom byť alternatívou ku stávajúcemu volebnému systému na štátnej univerzite. Aplikácia umožňuje hlasovať odkiaľkolvek na svete a retrospektívne overiť správnosť hlasov. Dôležité dáta sú uložené na Ethereum blockchain. Aplikácia využíva na autentizáciu LDAP poskytnutý Mendlovou Univerzitou, Prevádzkovo-ekonomickou fakultov. Hlasy sú počítané za použitia Paillierovho kryptosystému. Anonymita je ďalej zabezpečená RSA kryptosystémom.
|
|
|
Unified Network Authentication for Linux
Zůna, Pavel ; Drozd, Michal (oponent) ; Mlích, Jozef (vedoucí práce)
This thesis discusses the design and implementation of an unified network authentication solution for the Linux operating system based on the integration of WinBind and SSSD system daemons. The goal is to be able to authenticate Linux clients against multiple domains based on different platforms. In the first two chapters, readers are introduced to authentication mechanisms and related technologies used in Windows and Linux based computer network infrastructures. The third chapter is focused on the core of this work and discusses decisions made during the design phase. Implementation details are describedin chapter four. The last part of the thesis describes experiments and tests for selected use cases along with ideas for future improvements.
|
|
|
Webové rozhraní pro správu dat
Samek, Jan ; Burget, Radek (oponent) ; Bartík, Vladimír (vedoucí práce)
Tato práce se věnuje problematice návrhu a implementaci webové aplikace pro správu dat. Aplikace umožňuje administrátorovi vytvářet a graficky upravovat prezentace datových sestav, které jsou následně prostřednictvím aplikace prezentovány koncovým uživatelům. Aplikace také obsahuje šablonovací podsystém, který zefektivňuje vytváření těchto prezentací. Koncovým uživatelům tento systém poskytuje nástroje pro snadnou organizaci zobrazovaných informací a manipulaci s nimi. Logická část aplikace je implementována v jazyce PHP a pro databázi je využita technologie MySQL. Pro realizaci uživatelského prostředí jsou využity jazyky HTML, CSS a JavaScript.
|
|
|
Extend USBGuard to Support External Authorization Policy Sources
Sroka, Radovan ; Smrčka, Aleš (oponent) ; Peringer, Petr (vedoucí práce)
This thesis deals with a security aspect of using external USB devices on Linux. It also describes the USBGuard project and its alternatives as well as advantages and disadvantages of centralized management. The main goal of this thesis is to add ability to manage the USBGuard policy centrally via LDAP. The USBGuard extension includes implementation of LDAP functionality and the new public API that handles various sources of policy. This thesis defines the new USBGuard LDAP schema and its attributes on the LDAP server side.
|
|
|
Synchronization of DNS Records between LDAP Database and DNS Server
Bašti, Martin ; Matoušek, Petr (oponent) ; Čejka, Rudolf (vedoucí práce)
The aim of this thesis is to discover possibilities in storing the DNS data in the LDAP Database and keep them synchronized in two-way manner, using standard technologies, paralelization and possibility of extensions to support various types of LDAP and LDAP servers with various DNS schemas. This thesis also describes various schemas for storing DNS data in an LDAP database and analyzes issues related to synchronization and provides solutions how to solve them. The result of this thesis is a proof-of-concept code of synchronization application with recommended settings for the DNS server and the LDAP database, which will be able effectively to synchronize the DNS data.
|
host ::
RSS.