I have been working with SSH for a long time, but recently I have needed to add another user to my set up. I followed some instructions I found on the web and did the folllowing. adduser sam sudo nano /etc/ssh/sshd_config AllowUsers michael, sam sudo reboot I set up the user sam completely, added the allow users to the sshd configuration and rebooted. Now michael is sudoer, but the funny thing is, I can login [...]

We have in our company multiple directories (Active Directory, Domino, OpenDS). Domino (and it seems AD) give the ability to have multiple logins for the same user (aliases). Is there a way to achieve the same thing with an OpenDS directory? I have tried to put multiple cn on a user (which is authorized) without success: the user can only bind with his primary cn. I have also look at LDAP alias object, but I [...]

I can’t figure out how to write an .htaccess file which blocks all access to a directory except for reading html files, which sould be allowed and php-files which require athentication. Denying all access and allowing html works fine but asking for a password for php-files doesn’t. Here is what I came up with: <FilesMatch “.*\.php$”> AuthName “Test area” AuthUserFile /var/www/.htpasswd AuthType Basic require valid-user </FilesMatch><FilesMatch “\.html?$”> Order Allow,Deny Allow from All </FilesMatch>order Allow,Deny Deny [...]

I am trying to connect my File Server (FreeNAS 8.0.1 / 8.2-RELEASE-p7) with my Mac OS X 10.7 Lion Directory Server’s Open Directory… I know that Mac OS X provides an LDAP service via which other servers can authenticate against, but I am having great difficulty getting FreeNAS to authenticate against the Mac OS X Open Directory. How do I connect my FreeNAS File Server to my Mac OS X Directory Server? Asked by Josh [...]

I have just been given access to a new Windows Web Server 2008 R2 which has SQL Server 2008 R2 installed on it. When I open up SQL Server Management Studio and try to connect, it does so with Windows Authentication, however, it does not ask me for a password, and it successfully connects. I am worried that (hopefully not) someone who shouldn’t be accessing the server does so, and can then easily connect to [...]

We utilise both Windows and Linux server at our software development company. One of the friction points with this setup is that we don’t have a single sign-on solution. Being more of a Microsoft shop than a Linux one we want to authenticate against AD. I read a couple of articles online and I understand this to be possible. We are currently using the following services on Linux that requires authentication: – git server (through [...]

My nginx.conf: location ~ ^/api/(.*)$ { alias /home/username/apidav/$remote_user/$1; client_body_temp_path /var/www/path/; client_max_body_size 50m; dav_methods PUT DELETE MKCOL;# COPY MOVE; create_full_put_path on; dav_access user:rw group:rw all:r; dav_ext_methods PROPFIND OPTIONS; auth_request /api_auth; }location /api_auth { internal; proxy_pass http://www.domain.ru/accounts/api_auth/; proxy_pass_request_body off; proxy_set_header Content-Length “”; proxy_set_header X-Original-URI $request_uri; } curl -T test.txt ‘http://gert:passwd@www.domain.ru/api/’ curl: (56) Recv failure: Connection reset by peer? Why? tail -f /var/log/nginx/error.log 2012/11/16 17:53:42 [alert] 30060#0: worker process 8374 exited on signal 11 Tail debug log, after [...]

I’m trying to set up LDAP authentication with my Django app using Django-Auth The basic idea I want to do is any LDAP user with “IT – Help Desk” in the description would get mapped to a certain Django group, a user with “Admin” in the description would go to another Django group, and anyone else wouldn’t be allowed in. (There are legacy reasons I have to use the description field, so that’s not an [...]

Okay, so here’s the story: I administrate a server running a web application on my internal LAN, say foo:1234. My team uses this actively. We have now decided to make this application accessible from outside our network – but we don’t want to install it on our webserver. I have forwarded an external port (say 5678) on our (DDWRT) router to foo:1234, and this works fine. The problem though, is that due to certain configuration [...]

I am managing a web application that uses forms authentication. Most of it (including the login functionality) was written by a 3rd party so I cannot change it’s architecture. The web application uses forms authentication to require all users to log in before they can access anything. The application has an admin section that end-users should not be able to see and they are kept out of via forms authentication. But it doesn’t look good [...]