Security :: Make A Choice On What Authentication Protocol To Use For Authentication And Authorization?
Jan 17, 2011
I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
View 2 Replies
ADVERTISEMENT
Apr 1, 2016
If I am running a script, let's say a install script. Is there a way to make Su repeat authentication rather then just returning "Authentication failed" and continuing the script?
View 3 Replies
View Related
Jan 10, 2010
I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies
View Related
Jun 4, 2011
I just started learning the Linux system and I installed Ubuntu 11.04 as a partition on my IMac. I want to change my authorization in the terminal to su - , but I keep being told authentication failure.
View 4 Replies
View Related
Mar 14, 2011
On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
[Code].....
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
View 9 Replies
View Related
Mar 12, 2010
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
View 1 Replies
View Related
May 27, 2011
I have a network and am using squid proxy with authentication I want to create another subnet without authentication.
View 1 Replies
View Related
Feb 2, 2011
What security mechanisms are used by recent versions of the Linux operating system during user authentication?
View 3 Replies
View Related
Mar 19, 2010
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
View 3 Replies
View Related
Oct 25, 2010
I have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:
[code]...
With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?
View 2 Replies
View Related
Jul 9, 2010
I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.
I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).
So... my questions:
1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?
2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?
View 1 Replies
View Related
Aug 17, 2010
My server is connected to the Internet for ssh on port 22 with root logon disabled, a single non-dictionary word user name allowed, and pki authentication only (about as secure as I can make it). I've previously run fc5 and 9 servers using the same sshd config since 2006 and had no security troubles, so I'm happy, but.. After the fc13 install and configuration, logins from a host on a remote network are taking about 1m 30s to complete! A (partial) console output for ssh -vv appears below. The lines marked with "**" were the lines after which significant pauses happen. This is fully repeatable.
Code:
debug1: Next authentication method: publickey
debug1: Offering public key:
debug2: we sent a publickey packet, wait for reply
[code]....
View 3 Replies
View Related
Jan 7, 2010
How can I remove authentication completely from my pc?
How can I edit the files present in the patrician filesystem?
View 8 Replies
View Related
Apr 3, 2011
having a slow internet connection, I bought the all maverick repository on DVDs, copied the files on a usb drive and modified the apt sources file to consider the local repository only:
Code:
# deb file:/var/www/ubuntu_local/ ./
deb file:/var/www/maverick/dvd1/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd2/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd3/ maverick main universe restricted multiverse
[code]....
Even though I am reasonably sure it is safe, this local repository is not authenticated and I can only install package through the command line or synaptic, the Ubuntu Software Centre giving an error message "Requires installation of untrusted packages"...I thus would like to disable the apt authentication check for this local repository.
View 2 Replies
View Related
Jun 25, 2011
Does anyone know if/how its possible to integrate HOTP authentication into GDM login manager? Basically what I want to do is have it ask for the password of the account, then another prompt come up asking for the code for the account.
I know how to set it up, but I'm know if modifying the PAM module for requiring OATH/HOTP authentication will make this happen or if it will just break the system...and this is one thing I don't want to have to fix.
View 1 Replies
View Related
Mar 3, 2010
I want to use AD sys accounts to logon to linux servers. What is the best and most secure way to do this. This because we want to ensure it is tracable when a server administrator makes changes to a linux server. Now we use root to make changes to the servers.
View 13 Replies
View Related
Mar 9, 2010
I have installed CentOS 5.2. I want to login automatically for an user without authentication.
View 2 Replies
View Related
Jun 23, 2010
Im using CenOs 5 and have install a mail system(postfix+dovecot),when I trying to enable selinux for enforcing mode and i'm have some issue, the user authentication failed. How can i to fix this problem?
View 2 Replies
View Related
Jan 26, 2011
I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).
I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).
I have done the follwoing configuration at both sides
SERVER SIDE.
users file
"vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"
Reply-Message = "Hello, %u"
[Code]....
Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration
View 2 Replies
View Related
Mar 7, 2011
I'm using Ubuntu Lucid Lynx and every time I search for updates it ask for authentication. I'd like to search and apply updates without confirmation. Is it possible in some manner?
View 5 Replies
View Related
Aug 6, 2010
As part of the project I'm working on, I need to set up a server with IPSec authentication only connections to a large number of low bandwidth clients. I'm making use of the PF_KEY interface to populate the keys on the server and while prototyping things I've found that the initial setup is taking longer than I had expected. At the start of my test, entries are being added to the database at a rate of around 30/second, but as time goes on this is dropping significantly. I ran a test up to around 100k entries and by then the rate had dropped to 10/second. It's key to me that if I reboot my server that the Security Associations can be repopulated in a very short period, so I do genuinely need this to be much faster.
Two questions:
1) Does anyone have any experience of running with a large number of SAs set up, and if so what sort of setup rate did you get?
2) Are there things I can do to speed up the provisioning of these SAs? I'd really like to see a rate in the thousands per second.
We've been doing the prototyping on the 2.6 kernel.
View 1 Replies
View Related
Feb 10, 2011
I'm new in UNIX & trying to access the server using SSH but I encounter this error PAM Authentication Error. I use edit /etc/ssh/sshd_login & set the PermitRootLogin to yes. But didn't work. I used this command ps -ef | grep sshd & saying Process environment requires procfs(5). I don't know what to do now. What I want is access it by SSH but I got Access Denied. [MOD]Pruned from [URL]. create your own thread instead of resurrecting a five year old one.[/MOD]
View 1 Replies
View Related
Jan 11, 2011
I have a strange behaviour on a Slackware 13.1 box:
Code:
user@host$ su
su: Authentication failure
[code]...
View 5 Replies
View Related
Mar 1, 2010
I would like to have a web site pop-up on the persons laptop that connects to my wifi network. The page will let them know this is my network and give a list of shares on the network. Then click ok to get wireless authentication. Something like you get when you connect to a wireless connection in a hotel. software i can install on my Ubuntu 9.10 server to do this.
View 1 Replies
View Related
Apr 13, 2010
When I'm trying to login to the ftp server with appropriate username and password its taking almost 10-15 seconds to authenticate making the login process slow, even when I'm uploading files its again hanging for 10-15 seconds before completing the job successfully.
Its not like its happening every time, but 7 times out of 10.
Any idea how can make the authentication fast?
View 5 Replies
View Related
Aug 19, 2009
while tampering with the settings for my wireless connection by right-clicking on the icon on the top menu i was originally asked for my password for authentication. i selected the option to remember the password for future sessions unintentionally.
how do i get it back to the original setting so that it asks for a password before allowing me into the editing screen? i tried preferences > system > authorisations > network-manager-settings, but it didnt work.
View 2 Replies
View Related
Jan 27, 2010
Can't seem to do it, wondering if anyone knows how? Normally there's something in sshd_config that can be switched to true or yes to allow root login but I can't see it in fedora 12.I can login via root at a terminal no problem, just not via ssh, I get access denied every time. Also, I need to login using password authentication.I've done: 227169 but that's just for GUI which I don't really need since I rarely ever log into the GUI.I have also searched through here and mostly only found info such as above, how to enable root login for GUI, or billions of posts about how logingin as root is bad but I cannotswer to my question.DISCLAIMER: Please do not reply to this thread if all you can contribute is the question of why I need root or to put some message telling me I can do everything using su, etc, etc. Please only contribute if you can answer my question. A: My machine and a valid quesiton. B: Spirit of Linux is open, not restrictive
View 3 Replies
View Related
Jan 6, 2011
Given that my public key is a pre-shared secret is sshd made in a way that this negates the possibility of a man in the middle attack? In other words, if the known_hosts file were to be deleted, would it be safe to ignore the fingerprint of a server that already has my public key in authorized_keys?
View 5 Replies
View Related
Jan 26, 2011
Running Ubuntu 10.10 and I'm getting annoyed by the password authentication each time I want to do something. I find this more annoying than Windows 7 and UAC
View 9 Replies
View Related
Mar 7, 2011
I'm using Ubuntu Lucid Lynx and every time I search for updates it ask for authentication. I'd like to search and apply updates without confirmation. Is it possible in some manner?
View 1 Replies
View Related
