Introduction to Authentication Frameworks (PAM and SSPI)

This article gives a very brief high-level introduction to PAM (Pluggable Authentication Module) and SSPI (Security Support Provider Interface) as authentication frameworks in Linux and Windows respectively. PAM The Pluggable Authentication Module (PAM) architecture provides a powerful abstraction for user IAM using pluggable authentication model Unix platforms. It defines a generic API for authentication and … Read moreIntroduction to Authentication Frameworks (PAM and SSPI)

SASL Authentication Mechanisms

Introduction Authentication is used in many protocols (such as LDAP binding) and it usually involves sending password. Given the nature of authentication protocol, its traffic encryption is usually mandatory. Simple Authentication and Security Layer (SASL) is introduced to ensure the security during authentication. It is not a single protocol, but rather a framework for authentication … Read moreSASL Authentication Mechanisms

OAuth and OpenID Connect

OAuth 2.0 and OpenID Connect 1.0 are different types of protocols and they are often confused. When we talk about IAM (identity and access management), we should distinguish between AuthZ and AuthN: AutheNtication (AuthN, aka Identity Management) is about validating user’s identity by verifying that the user trying to connect is actually who it claims … Read moreOAuth and OpenID Connect

Security Assertion Markup Language (SAML)

SAML is an XML-based standard for exchanging authentication and authorization data between IdP (identity provider) and service provider. We can compare SAML with LDAP (as authentication protocol) as both are to provide single-sign-on (SSO) feature. LDAP is considered traditional configuration in on-premise operation for organizations. The configuration can be complex and administrators needs to complete … Read moreSecurity Assertion Markup Language (SAML)

Lightweight Directory Access Protocol (LDAP)

Introduction Originally LDAP only refers to the connectivity protocol to the directory server. This term is being used loosely today and it also refers to the actual directory service that supports and complies with LDAP. LDAP v3 is the current version developed in RFC 2251. A directory is information about some set of entities such … Read moreLightweight Directory Access Protocol (LDAP)

Migrate WordPress to static website

What for Someone who I maintain website for realized the bill of a public cloud provider isn’t exactly as expected. The computing resource falls under “free tier” but the disk isn’t. And the cost of disk usage is the surprise. Second, WordPress does a good job building the initial website but requires a hosting EC2 … Read moreMigrate WordPress to static website

Nginx as a reverse proxy for Nifi web UI and Kibana

Nginx can act as a application neutral proxy. One example is to front Nifi. The nifi default configuration provides an HTTP access point, specified in the following entries in nifi.properties: Nifi can provide secure port by commenting out the lines above and provide the followings: However, it does require configuring JKS keystore for Java, as … Read moreNginx as a reverse proxy for Nifi web UI and Kibana

Storage Nitty-Gritty 5 of 5 – Replication

Replication Terms PIT (point in time) replica – snapshot of the source at some specific timestamp;Continuous Replica – always in-sync with the production data;Recoverability – enables restoration of data from the replica to the source if data loss or corruption occurs;Restartability – enables restarting business operations using the replicas; Local Replication Use Case: Alternative source … Read moreStorage Nitty-Gritty 5 of 5 – Replication