|
|
SSH Public Key Management in FreeIPA and SSSD
Cholasta, Jan ; Smrčka, Aleš (oponent) ; Zelený, Jan (vedoucí práce)
SSH is one of the most frequently used remote access protocols on the Internet. SSH is flexible and extensible protocol, which consists of three main components: SSH transport layer protocol, which provides confidentiality, integrity and server authentication, SSH user authentication protocol, which provides user authentication and SSH connection protocol, which multiplexes multiple channels of different types (interactive sessions, TCP/IP forwarding, etc.) into one connection. OpenSSH is one of the most widespread implementation of SSH. OpenSSH contains a SSH server, SSH clients, a SSH key generator and an authentication agent, which eases public key authentication. FreeIPA and SSSD are projects which provide centralized identity management for Linux and Unix systems. These projects had no direct support for SSH at the time of writing of this paper, but nonetheless could be used in combination with OpenSSH to a certain degree.
|
|
|
Time-Based Account Policies in FreeIPA
Láznička, Stanislav ; Trchalík, Roman (oponent) ; Očenášek, Pavel (vedoucí práce)
This thesis deals with the common problems when implementing account policies based on time in the user authorization process. The reader is shown how this problem is solved in some of the current systems. FreeIPA identity management project architecture is presented with the focus on its user management and user authorization policies. The SSSD project is described with aim on its connection to FreeIPA. The author creates a design for time-based account policies functionality and implements it in FreeIPA and SSSD systems.
|
|
|
Implementace externích autentizačních modulů pro nginx
Kameníčková, Petra ; Očenášek, Pavel (oponent) ; Rychlý, Marek (vedoucí práce)
Tato bakalářská práce se věnuje návrhu a vývoji autentizačních modulů pro webový server nginx, tak aby bylo možné aplikace a služby běžící na tomto serveru používat v rámci FreeIPA domény. V první části práce jsou vysvětleny základy architektur FreeIPA a serveru nginx a princip autentizace pomocí Kerberos a PAM. Druhá část řeší praktickou stránku problému - analýzu již existujícího řešení pro webový server Apache, návrh řešení pro nginx a popis postupu práce na vlastních modulech. V závěru jsou probrány možnosti konfi gurace těchto modulů a návrhy na zlepšení.
|
|
|
Využití klíčenky Gnome v projektu FreeIPA
Židek, Michal ; Janoušek, Vladimír (oponent) ; Smrčka, Aleš (vedoucí práce)
Tato diplomová práce poskytuje úvod do projektu FreeIPA a projektu GNOME Keyring. Rozebírá možné výhody integrace GNOME Keyringu do FreeIPA pomocí komponenty FreeIPA zvané Password Vault. Jsou poskytnuty návrhy možných implementací a rozebírají se jejich výhody. Jeden z návrhú je pak implementován ve formě prototypu.
|
|
|
Single D-Bus Server for SSSD
Úradník, Dušan ; Rogalewicz, Adam (oponent) ; Pavela, Jiří (vedoucí práce)
This thesis aims to reimplement the current topology of SSSD's inter-process communication. This communication is managed through separate D-Bus message buses to which components connect and send messages. The star topology with a single D-Bus requires to create a central message bus for components to use without affecting the current performance of SSSD. To ensure that, a thorough performance analysis had to be done by measuring response times and monitoring SSSD's behavior under constant stream of requests. Therefore, the tools SystemTap and hyperfine were employed to assemble a performance test suite.
|
|
|
A Tool to Check Status of All Replicas in the FreeIPA Infrastructure
Špůrek, David ; Smrčka, Aleš (oponent) ; Zelený, Jan (vedoucí práce)
This master's thesis deals with possibilities how to check status of all replicas in FreeIPA infrastructure. At the begining of the thesis some important terms like FreeIPA, FreeIPA infrastructure and replica are explained. FreeIPA is a composition of several components which will be described. The tool designed in this master thesis uses SNMP for tracking a status of FreeIPA services. Two main parts of the tool are SNMP agent's configuration and user interface.
|
|
|
FreeIPA - URI Based Access Management
Hellebrandt, Lukáš ; Michal, Bohumil (oponent) ; Kašpárek, Tomáš (vedoucí práce)
The goal of this thesis is designing and implementing access management based on URI of the requested resource. Host Based Access Control in the identity management tool FreeIPA was used as a basis for implementation. Furthermore, it was necessary to enhance the related infrastructure, namely the SSSD tool. The authorization module for Apache HTTP Server was used as an example of the application using URI-based HBAC. The main solved problem was design of the infrastructure for communication of the necessary parameters and strategy proposal for evaluating HBAC rules which define the access rights. The complete solution was demonstrated on the example of securing an instance of the web application Wordpress.
|
|
|
Automatic Kerberos Key Rotation
Kos, Ondřej ; Henzl, Martin (oponent) ; Zelený, Jan (vedoucí práce)
This thesis is focused on the Kerberos authentication system and itsmanagement, primarily in the area of the Keytab files. The thesis describes the basic components of the whole system which are involved in these operations and their main properties. The FreeIPA administration system is partly described as well. It uses the Kerberos for the users' authentication. The main objective of this work was to develop an application capable of ,automatically and without user's effort, rotation of the Kerberos keys and thus enhance the security level of the whole system in cases of the communication eavesdropping.
|
|
|
Single D-Bus Server for SSSD
Úradník, Dušan ; Rogalewicz, Adam (oponent) ; Pavela, Jiří (vedoucí práce)
This thesis aims to reimplement the current topology of SSSD's inter-process communication. This communication is managed through separate D-Bus message buses to which components connect and send messages. The star topology with a single D-Bus requires to create a central message bus for components to use without affecting the current performance of SSSD. To ensure that, a thorough performance analysis had to be done by measuring response times and monitoring SSSD's behavior under constant stream of requests. Therefore, the tools SystemTap and hyperfine were employed to assemble a performance test suite.
|
|
|
FreeIPA - URI Based Access Management
Hellebrandt, Lukáš ; Michal, Bohumil (oponent) ; Kašpárek, Tomáš (vedoucí práce)
The goal of this thesis is designing and implementing access management based on URI of the requested resource. Host Based Access Control in the identity management tool FreeIPA was used as a basis for implementation. Furthermore, it was necessary to enhance the related infrastructure, namely the SSSD tool. The authorization module for Apache HTTP Server was used as an example of the application using URI-based HBAC. The main solved problem was design of the infrastructure for communication of the necessary parameters and strategy proposal for evaluating HBAC rules which define the access rights. The complete solution was demonstrated on the example of securing an instance of the web application Wordpress.
|
host ::
RSS.