|
|
Time-Based Account Policies in FreeIPA
Láznička, Stanislav ; Trchalík, Roman (oponent) ; Očenášek, Pavel (vedoucí práce)
This thesis deals with the common problems when implementing account policies based on time in the user authorization process. The reader is shown how this problem is solved in some of the current systems. FreeIPA identity management project architecture is presented with the focus on its user management and user authorization policies. The SSSD project is described with aim on its connection to FreeIPA. The author creates a design for time-based account policies functionality and implements it in FreeIPA and SSSD systems.
|
|
|
Support for RADIUS Protocol in SSSD
Hujňák, Ondřej ; Očenášek, Pavel (oponent) ; Zelený, Jan (vedoucí práce)
Modern trends in user management in enterprise solutions makes use of centralized solutions such as LDAP or Active Directory. User validation against those resources in Unix-like systems is available via PAM modules or via new security daemon SSSD. This work analyses the use of RADIUS protocol for user validation and as a part of this work was developed SSSD module which uses this protocol.
|
|
|
Využití klíčenky Gnome v projektu FreeIPA
Židek, Michal ; Janoušek, Vladimír (oponent) ; Smrčka, Aleš (vedoucí práce)
Tato diplomová práce poskytuje úvod do projektu FreeIPA a projektu GNOME Keyring. Rozebírá možné výhody integrace GNOME Keyringu do FreeIPA pomocí komponenty FreeIPA zvané Password Vault. Jsou poskytnuty návrhy možných implementací a rozebírají se jejich výhody. Jeden z návrhú je pak implementován ve formě prototypu.
|
|
|
Tool for Querying SSSD Database
Bambušek, David ; Burget, Radek (oponent) ; Kolář, Dušan (vedoucí práce)
This thesis is focused on databases, particularly on SSSD database. SSSD is a set of daemons providing an option to access various identity and authentication resources through one simple application, that also offers offline caching. Thesis describes general information about databases, but mainly focuses on LDAP and LDB, that are used in SSSD. In addition also describes function and architecture of SSSD. Main goal of this thesis was to create a tool, that will be able to query all the data stored in SSSD database.
|
|
|
Single D-Bus Server for SSSD
Úradník, Dušan ; Rogalewicz, Adam (oponent) ; Pavela, Jiří (vedoucí práce)
This thesis aims to reimplement the current topology of SSSD's inter-process communication. This communication is managed through separate D-Bus message buses to which components connect and send messages. The star topology with a single D-Bus requires to create a central message bus for components to use without affecting the current performance of SSSD. To ensure that, a thorough performance analysis had to be done by measuring response times and monitoring SSSD's behavior under constant stream of requests. Therefore, the tools SystemTap and hyperfine were employed to assemble a performance test suite.
|
|
|
Unified Network Authentication for Linux
Zůna, Pavel ; Drozd, Michal (oponent) ; Mlích, Jozef (vedoucí práce)
This thesis discusses the design and implementation of an unified network authentication solution for the Linux operating system based on the integration of WinBind and SSSD system daemons. The goal is to be able to authenticate Linux clients against multiple domains based on different platforms. In the first two chapters, readers are introduced to authentication mechanisms and related technologies used in Windows and Linux based computer network infrastructures. The third chapter is focused on the core of this work and discusses decisions made during the design phase. Implementation details are describedin chapter four. The last part of the thesis describes experiments and tests for selected use cases along with ideas for future improvements.
|
|
|
Implementation of NIS Backend for SSSD
Nykrýn, Lukáš ; Burget, Radek (oponent) ; Zelený, Jan (vedoucí práce)
The first part this thesis introduces technologies and tools for centralized management and authentication of users in GNU / Linux. It shows the usage of directory services in a network infrastructure, namely the NIS and its comparison with today probably the most widely used directory service LDAP. Then it describes the process of authentication on client workstations, specifically use of PAM and NSS, and possible expansion of whole system through the introduction of cache by using daemon SSSD. The second part of this thesis describes design and implementation of the NIS provider for SSSD.
|
|
|
FreeIPA - URI Based Access Management
Hellebrandt, Lukáš ; Michal, Bohumil (oponent) ; Kašpárek, Tomáš (vedoucí práce)
The goal of this thesis is designing and implementing access management based on URI of the requested resource. Host Based Access Control in the identity management tool FreeIPA was used as a basis for implementation. Furthermore, it was necessary to enhance the related infrastructure, namely the SSSD tool. The authorization module for Apache HTTP Server was used as an example of the application using URI-based HBAC. The main solved problem was design of the infrastructure for communication of the necessary parameters and strategy proposal for evaluating HBAC rules which define the access rights. The complete solution was demonstrated on the example of securing an instance of the web application Wordpress.
|
|
|
Single D-Bus Server for SSSD
Úradník, Dušan ; Rogalewicz, Adam (oponent) ; Pavela, Jiří (vedoucí práce)
This thesis aims to reimplement the current topology of SSSD's inter-process communication. This communication is managed through separate D-Bus message buses to which components connect and send messages. The star topology with a single D-Bus requires to create a central message bus for components to use without affecting the current performance of SSSD. To ensure that, a thorough performance analysis had to be done by measuring response times and monitoring SSSD's behavior under constant stream of requests. Therefore, the tools SystemTap and hyperfine were employed to assemble a performance test suite.
|
|
|
Unified Network Authentication for Linux
Zůna, Pavel ; Drozd, Michal (oponent) ; Mlích, Jozef (vedoucí práce)
This thesis discusses the design and implementation of an unified network authentication solution for the Linux operating system based on the integration of WinBind and SSSD system daemons. The goal is to be able to authenticate Linux clients against multiple domains based on different platforms. In the first two chapters, readers are introduced to authentication mechanisms and related technologies used in Windows and Linux based computer network infrastructures. The third chapter is focused on the core of this work and discusses decisions made during the design phase. Implementation details are describedin chapter four. The last part of the thesis describes experiments and tests for selected use cases along with ideas for future improvements.
|
host ::
RSS.