Introduction to Authentication Frameworks (PAM and SSPI)

This article gives a very brief high-level introduction to PAM (Pluggable Authentication Module) and SSPI (Security Support Provider Interface) as authentication frameworks in Linux and Windows respectively. PAM The Pluggable Authentication Module (PAM) architecture provides a powerful abstraction for user IAM using pluggable authentication model Unix platforms. It defines a generic API for authentication and … Read moreIntroduction to Authentication Frameworks (PAM and SSPI)

SASL Authentication Mechanisms

Introduction Authentication is used in many protocols (such as LDAP binding) and it usually involves sending password. Given the nature of authentication protocol, its traffic encryption is usually mandatory. Simple Authentication and Security Layer (SASL) is introduced to ensure the security during authentication. It is not a single protocol, but rather a framework for authentication … Read moreSASL Authentication Mechanisms

Lightweight Directory Access Protocol (LDAP)

Introduction Originally LDAP only refers to the connectivity protocol to the directory server. This term is being used loosely today and it also refers to the actual directory service that supports and complies with LDAP. LDAP v3 is the current version developed in RFC 2251. A directory is information about some set of entities such … Read moreLightweight Directory Access Protocol (LDAP)

Free tools for application high availability

High availability can be implemented through server clustering and load balancing. Clustering can be supported by corosync and pacemaker. On the load balancing side, there are dedicated hardware such as F5 which is expensive. Alternatively, there are three common ways to achieve load balancing with application, Linux Virtual Server (LVS), Nginx and HA Proxy. LVS … Read moreFree tools for application high availability

Nginx as a reverse proxy for Nifi web UI and Kibana

Nginx can act as a application neutral proxy. One example is to front Nifi. The nifi default configuration provides an HTTP access point, specified in the following entries in nifi.properties: Nifi can provide secure port by commenting out the lines above and provide the followings: However, it does require configuring JKS keystore for Java, as … Read moreNginx as a reverse proxy for Nifi web UI and Kibana

Quick way to configure Rest API service

Working in IT, we sometimes want the customer to have an API to perform pre-defined activities on our servers. We are hoping to manage the activities in a script to control what can be done, allow customer or partner to perform the activities on their own. Restful API is a great way to simplify and … Read moreQuick way to configure Rest API service

Set up automation with Ansible

Ansible is very flexible automation tools with many benefits. The free version is command-line based and here is an example to set it up. Environment setup Ansible 2.8 is required or some command may not work. Ansible files (including playbooks, tasks and inventory files) are all located in /home/glowing/ansible Default inventory file needs to be … Read moreSet up automation with Ansible