Tuesday, April 24, 2012

Shibboleth IdP SLO part 1 (preparation)

Prerequisite

Jdk with version > 1.6.0

In debian older than 6, we must download the jdk manually (cannot use apt-get install openjdk-6-jdk)
download and install jdk from sun website in to /usr/lib/jvm/ 
curl -L -O http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-i586.bin
chmod +x jdk-6u30-linux-i586.bin
./jdk-6u30-linux-i586.bin

Change default jvm

To change the default jvm, use this command:
idp:~# update-alternatives --config java

Es gibt 2 Alternativen, die »java« bereitstellen.

Auswahl      Alternative
-----------------------------------------------
*         1    /usr/lib/jvm/java-1.5.0-sun/jre/bin/java
 +        2    /usr/lib/jvm/java-6-openjdk/jre/bin/java

Dr├╝cken Sie die Eingabetaste, um die Vorgabe[*] beizubehalten,
oder geben Sie die Auswahlnummer ein: 2
Verwende »/usr/lib/jvm/java-6-openjdk/jre/bin/java«, um »java« bereitzustellen.

Monday, April 16, 2012

Active Directory with Samba 4 part 2

Next step is to compile and install Samba 4.

The process of compiling and installing Samba 4 is already described in the Samba 4 Howto. The Howto is very straightforward and easy to follow, my compilation was done in one step without more dependencies. I just want to add some Tips and Troubleshooting from that Howto.

From the 4th step, if you install a new samba domain, you can directly follow that procedure. For example, if you want to use EXAMPLE.COM as kerberos realm and the domain name SAMBA the provision command is as follow:

Active Directory with Samba 4 part 1

Samba 4 is developed to be a replacement of Microsoft Active Directory, it provides kerberos and directory service.With samba 4, you will have a free copy of Microsoft Active Directory.

Please remember that Samba 4 is still in alpha stage, so use it with your own risk.

Installation


Before you follow installation procedure from Samba 4 wiki, I suggest you to install bind (DNS Server) first, here is the steps:

Build Single Sign On Implementation (using computer login) for Intranet or Campus network.

In recent years, web application is rapidly developing. The development of web application is preferred because of its flexibility and accessibility. With this type of application, a company or an organization with a huge number of employee can easily maintain and improve the functionality because they can immediately implement the change into the current system without needed any adjustment in the client environment.

There are so many useful web application developed by open source community, but because the web applications are developed by different group, they use different kind of authentication system. For users, typing username and password every time they use different kind of web application are some kind of pain even though they have the same username and password. There is also a security risk, this gives a greater probability to get the typed username and password for trojan or attacker.