Usually I’m using a web based mail tool, however for some tasks a full-featured mail client comes in handy. So after quite some idle time I started up my thunderbird today just to find that the GSSAPI/Kerberos authentication fails. Since the last time I used it I re-installed the mail server, so it is not […]
Category: Linux
The main challenge to do so, is to make this change permanent (as the OPNsense web frontend does not support that kind of config modification). So here’s a short wrap up of the things required: Now edit custom.users: Rebuild the template files and restart freeradius: And the tests results look like this: In my case […]
While trying to get radius working with my Samba domain controller, I was looking for a way to get attributes like radiusTunnelPrivateGroupId into it. In the end the solution was something completely different, but anyhow: Here’s what I did to raise the domain level (and as it turns out the function and forest level) of […]
Due to some hardware problems with my switches (cheap Chinese ones) I recently decided to switch my core home network to Ubiquity systems. Only 3 weeks later I had to realize that my old FritzBox had lost its 2.4 GHz WiFi (seems to be quite common and may obviously go unnoticed for a long time […]
As mentioned earlier I was going to replace thiss-mdq with pyFF for my SAML federation metadata query service. Comparison thiss-mdq / pyFF On its project site thiss-mdq describes itself as The thiss-mdq is a minimal implementation of MDQ that only supports JSON data. while pyFF considers itself “a SAML metadata aggregator written in python”. Both […]
Categories
SAML discovery service
Federated services If you want to provide web bases services in a federated (SAML) environment, you’ll need a way for your users to select their home institution in order to log into the service using their local credentials. That service is called discovery service. What’s that discovery service doing? So what happens if a user […]
There Multiple SPs on same apache vhost By default the helper scripts mentioned above use some default values like file names and local hostname. So in case you need multiple SPs within a single apache web service, we’ll need to generate key pairs and metadata for each of them and use more specific settings for […]
I once started protecting web sites using mod_auth_mellon. Back then it seemed much easier to implement it that way, however shibboleth / mod_shib is the default implementation and therefore seems to be the better choice on the long run. For a basic introduction have a look here. Existing mellon config In this example we’ll change […]
Some time ago I ran into trouble while installing debian packages (something went wrong and a few packages claimed to be installed – their corresponding files however didn’t make it to disk). While I was able to fix most of them from time to time I still got random errors that – after some investigation […]
Categories
Analyzing Ubuntu Initial Ramdisk
While investigating ZFS snapshot problems I was looking into Ubuntu 24.04 initial RAM disks (initrd/initramfs). So here’s what I found. Unpacking RAM disk Over the years many different ways to pack a RAM disk were used (things like cpio archives, squashfs, and so on). Since it has been a long time since I was forced […]