versuch.net

If you want to make your SSH Tunnel automatic reconnect when it is disconnected, you can use autossh. This is an examples how to configure autossh to make tunnel on port 10088 in local server and on port 10087 in yourserver.com and only accessible from yourserver.com Put these codes in the rc.local : AUTOSSH_POLL=600 AUTOSSH_GATETIME=30 export AUTOSSH_POLL AUTOSSH_GATETIME autossh -2 -M 20000 -fN username@yourserver.com -R 10087:localhost:10088 -N

To set up a realurl config for multidomain and with different template, you can adapt this example for your realurlconf.php. $RootPID  = array(      'www.domain1.com'  =>  '1' ,      'www.domain2.com'  =>  '2' ,      'intranet.domain1.com'  =>  '3' ,  );      $GLOBALS [ 'TYPO3_CONF_VARS' ][ 'EXTCONF' ][ 'realurl' ]=array (      '_DEFAULT'  => array (          'init'  => array (              'enableCHashCache'  =>  true ,              'appendMissingSlash'  =>  'ifNotFile,redirect' ,        ...          'pagePath'  => array...

With pdf_generator2, we can produce pdf format of our web page. To use this extension in tt_news single view, we need to setup the typoscript configuration. This typoscript example will show the pdf link beside the tt_news single view title and put the web url as header and page number and date as footer in the pdf document. 1. Put this definition in constants section of the main template: pdf_generator2   {    size   =   A4    top   =   15    bottom   =   15    left   =   15    right   =   15    cssmedia   =   print    max_execution_time   =   10000    renderfields   =   1    string_search1   =   / * < ! [CDATA [ * /    string_replace1   =   / *   < ! [CDATA [   * /    string_search2   =   / * ] ] > * /    string_replac...

Integrating Shibboleth login with Mediawiki Installation This extension will not create a new user if the user is not exist, the mediawiki user must be created first before they can login using shibboleth, if the user is not exist, the mediawiki will report an error after the user authenticated with shibboleth. Create file ShibAuthPlugin.php in mediawiki extensions directory, and put the code like in  this  link. Create file wiki_login.php in mediawiki root directory, and put the code like in  this  link, and add  header("Location: /Shibboleth.sso/Logout");  so the code looks like the following: if(isset($_REQUEST['logout'])) { $obj_user = new User(); $obj_user->logout(); header("Location: /Shibboleth.sso/Logout"); } For mediawiki lower than 1.13 version change in both files this directive: specials/ SpecialUserlogin.php to SpecialUserlogin.php and in file ShibAuthPlugin.php change this line: ShibUserLoadFromSession($user, true ); t...

Integrating Shibboleth login with Moodle Installation In Moodle, Shibboleth plugin is already installed. We only need to activate the plugin. To use this plugin, the authentication method of the existing users must be changed to shibboleth, if not, they won't be able to login using shibboleth. This can be done by modify the value directly via database for all existing user. Thus, we must disable the login using another authentication method such as LDAP because moodle can not check the user using another autentication method after fail to login using shibboleth. This plugin will import a new user from Shibboleth when user not exist in the moodle database. Configuration Go to Settings -> Site Administration -> Plugins -> Authentication -> Manage Authentication. Click on the eye icon to activate it. To make Shibboleth the only way to login, set the value of Alternate login URL to http://DOMAIN_NAME/auth/shibboleth/index.php To make Shibboleth an alternat...

Integrating Shibboleth login with Typo3 Extension installation Go to extension manager and install Shibboleth Authentication (shibboleth_auth) extension. The extension is not automatically loaded, you must set the extension configuration first. For frontend login, this extension can automatically import user information from Shibboleth IdP but not for backend login. This extension will not propagate to another authentication mechanism (eg. LDAP or typo3 login) if the user is not found in the Shibboleth IdP but can be enabled with other authentication mechanism as long as in different function (eg. Shibboleth handles the frontend login and LDAP handles the backend login) In this example, we only configure Shibboleth for frontend login. Extension configuration Open the extension configuration and check Frontend and Auto Import to enable frontend login and import user information from Shibboleth. In the Others section: Define the storage Pid. This value is based on th...

SP Installation In debian 6, Installation of Shibboleth SP can be done using these steps: apt-get update apt-get install libapache2-mod-shib2 shibboleth-sp2-schemas Enable Shibboleth SP module: a2enmod shib2 and restart apache. SP Configuration Apache module Add the following entry in to file /etc/apache2/mods-enabled/shib2.conf ShibConfig /etc/shibboleth/shibboleth2.xml # Used for example logo and style sheet in error templates. <IfModule mod_alias.c> <Location /shibboleth-sp> Allow from all </Location> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css Alias /shibboleth-sp/logo.jpg /usr/share/shibboleth/logo.jpg </IfModule> <Files *.sso> SetHandler shib-handler </Files>

LDAPS Connection To be able to connect to LDAPS, the shibboleth must already has the LDAP SSL certificate. To do so, get the LDAP SSL certificate from the administrator or export it from another server which already have the certificate. To export: keytool -export -keystore /etc/java-1.5.0-sun/security/cacerts -alias ldap -file ldap.cer To import into the new Shibboleth IdP, we must import in to the current java keystore file: keytool -import -trustcacerts -alias "ldap" -file ldap.cer -keystore /usr/lib/jvm/jdk1.6.0_30/jre/lib/security/cacerts login.config Edit IDP_HOME/conf/login.config edu.vt.middleware.ldap.jaas.LdapLoginModule required host="ldap.example.com" port="636" ssl="true" base="ou=users,o=myorg" serviceCredential="PASSWORD" serviceUser="cn=ldap_proxy,ou=misc,o=myorg" subtreeSearch=true userField="cn"

To create kerberos principal for existing eDirectory user, we need to export the user data from ldap using the tool from http://ldapwiki.willeke.com/wiki/DumpEdirectoryPasswordInformationTool . This tool should be executed using ldap user which has permission to see universal password. Example: java -jar DumpPasswordInformation.jar -h ldap.company.com -Z SSL -p 636 -D cn=admin,o=novell -w adminpassword -dvAL -b "ou=people,o=novell" The tool will create output in the file dumppasswordinformation.ldif. The following script will read from above ldif file and map the existing user with the kerberos principal. This script uses keytab from admin/admin kerberos principal with filename admin.keytab

Server requirement: Novell eDirectory + LDAP. Kerberos Server. Shibboleth IDP with Kerberos Auth Plugin. Client requirement: Kerberos Client. Novell Client. Mozilla Firefox. (Tested browser) Tested Structure: SSO Structure

Installation Download Download Shibboleth IdP SLO from  http://software.niif.hu curl -L -O http://software.niif.hu/maven2/edu/internet2/middleware/shibboleth-identityprovider/2.3.5-slo10/shibboleth-identityprovider-2.3.5-slo10-bin.tar.gz and extract tar zxvf shibboleth-identityprovider-2.3.5-slo10-bin.tar.gz Modify the login page We should modify the login page before installing, it can be done later but we must run the install script again to apply the change to the current running IdP,  modify login.jsp in shibboleth-identityprovider-2.3.5-slo10/src/main/webapp directory.

Prerequisite Jdk with version > 1.6.0 In debian older than 6, we must download the jdk manually (cannot use apt-get install openjdk-6-jdk) download and install jdk from sun website in to /usr/lib/jvm/  curl -L -O http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-i586.bin chmod +x jdk-6u30-linux-i586.bin ./jdk-6u30-linux-i586.bin Change default jvm To change the default jvm, use this command: idp:~# update-alternatives --config java Es gibt 2 Alternativen, die »java« bereitstellen. Auswahl Alternative ----------------------------------------------- * 1 /usr/lib/jvm/java-1.5.0-sun/jre/bin/java + 2 /usr/lib/jvm/java-6-openjdk/jre/bin/java Drücken Sie die Eingabetaste, um die Vorgabe[*] beizubehalten, oder geben Sie die Auswahlnummer ein: 2 Verwende »/usr/lib/jvm/java-6-openjdk/jre/bin/java«, um »java« bereitzustellen.

Next step is to compile and install Samba 4. The process of compiling and installing Samba 4 is already described in the Samba 4 Howto . The Howto is very straightforward and easy to follow, my compilation was done in one step without more dependencies. I just want to add some Tips and Troubleshooting from that Howto. From the 4th step , if you install a new samba domain, you can directly follow that procedure. For example, if you want to use EXAMPLE.COM as kerberos realm and the domain name SAMBA the provision command is as follow:

Samba 4 is developed to be a replacement of Microsoft Active Directory, it provides kerberos and directory service.With samba 4, you will have a free copy of Microsoft Active Directory. Please remember that Samba 4 is still in alpha stage, so use it with your own risk. Installation Before you follow installation procedure from Samba 4 wiki, I suggest you to install bind (DNS Server) first, here is the steps:

In recent years, web application is rapidly developing. The development of web application is preferred because of its flexibility and accessibility. With this type of application, a company or an organization with a huge number of employee can easily maintain and improve the functionality because they can immediately implement the change into the current system without needed any adjustment in the client environment. There are so many useful web application developed by open source community, but because the web applications are developed by different group, they use different kind of authentication system. For users, typing username and password every time they use different kind of web application are some kind of pain even though they have the same username and password. There is also a security risk, this gives a greater probability to get the typed username and password for trojan or attacker.