Yip, I’m still alive.
I am a computer geek.
I do computer geek things.
After all of the work on the house for the past few months, I needed to engage in a geeky project, something that would benefit my network. Something that has plagued me since my server rebuild has been the lack of a centralized authentication scheme for my network. LDAP, of course, is the choice I had made, but setting it up and understanding what was going on would take longer than setting it up.
Tonight, I have published a brief article entitled “SSL LDAP Server on CentOS 5″ which details how to set up the LDAP server portion of the authentication system. Soon I will include an article on the client end. One will be for CentOS and the final one will be for Windows, which can use pGina to load an LDAP module and authenticate (I found that to be very cool).
It wasn’t enough for me to just have centralized authentication. If that were all I needed, I would have used NIS. I wanted encryption so that any rogue program or user on my small home network would not be able to sniff my passwords off the wire. Paranoid? Yes, yes I am, but not enough to use Kerberos yet. I also wanted something that pGina would work with. Many factors had to be considered for my authentication scheme, including brief experiments with Samba and Microsoft Active Directory.
I also wanted to know how this all worked for work. What good is a security person who doesn’t understand how the technology works? I don’t know. There are too many of those. Maybe I can make things better by trying to be one that does, in some way, know how the tech works. It’s a goal.