I have been converting a number of hosts to LDAP authentication. I’m currently creating user home directories on each server, which has a number of pros and cons. One of the cons is that a newly provisioned user won’t have a home directory, all will be assigned “/” as their home directory when they login. [...]
I spend a bunch of time a while back learning how SELinux worked, and it definitely has some useful applications (especially with the tools that were recently added to assist with policy setup). On some of the hosts I support it is overkill, and I disable in one of my kickstart postinstall actions. To disable [...]
I have been spending a bit of time lately configuring Solaris and Linux hosts to authenticate against LDAP. Authentication works well on the surface, but the actual client implementations are somewhat lacking. Let’s take the Linux pam_ldap module for instance. To authenticate a single session, the pam_ldap module performs thirty-three operations, which includes 7 TCP [...]
Most modern day UNIX operating systems store password expiration data in /etc/shadow. This expiration data includes the last time a user changed their password, the number of days a user can use a given password, an interval to warn a user that their password is going to expire, etc. There are six (I don’t count [...]
To ensure that my CentOS machines run as efficiently and securely as possible, I disable a number of services after each installation. The end result is a system that accepts ssh connections on TCP port 22, and on one or more service ports that are in use by the applications hosted on the platform. To [...]
I often forget about the Centos Linux chage utility, and it’s ability to manage the expiration data in /etc/shadow. In addition to being able to manage password policies, chage can be be run with the “-l” option to view the policy set for a user, and the date when a users password was last changed: [...]
