Recent Red Hat Enterprise Linux releases see an expansion in support of the smart card related use cases. However customers usually have a mixed environment and standardize on a specific version of Red Hat Enterprise Linux for period of time. It is important to understand the
Continue reading “Smart Card Support in Red Hat Enterprise Linux”
Questions related to DNS and service discovery regularly come up during deployments of Identity Management (IdM) in Red Hat Enterprise Linux in a trust configuration with Active Directory. This blog article will shed some light of this aspect of the integration.
We will start with a description of the environment. Let us say that the Active Directory environment consist of
Continue reading “Discovery and Affinity”
This article is one of the blog posts dedicated to use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement one – install and maintain a firewall configuration to protect cardholder data. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.
The first requirement of the PCI standard talks about the firewalls and networking. While Red Hat’s Identity Management solution is not directly related to setting up networks and firewall rules, there are several aspects of IdM that
Continue reading “PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data”
In my Identity Management and Application Integration blog post I talk about how applications can make the most of the identity ecosystem. For example, a number of applications have integrated Apache modules and SSSD to provide a more flexible authentication experience. Despite this progress – some (people) remain unconvinced. They wonder why they should use Apache modules and SSSD in conjunction with, for example, Active Directory instead of using a simple LDAP configuration… essentially asking: why bother?
Let’s look at this scenario in greater detail. If an application supports
Continue reading “Why Use SSSD Instead of a Direct LDAP Configuration for Applications?”
Severity analysis of vulnerabilities by experts from the information security industry is rarely based on real code review. In the ‘Badlock’ case, most read our CVE descriptions and built up a score representing a risk this CVE poses to a user. There is nothing wrong with this approach if it is done correctly. CVEs are analyzed in isolation; as if no other issue exists. In the case of a ‘Badlock‘ there were eight CVEs. The difference is the fact that one of them was in a foundational component used by most of the code affected by the remaining seven CVEs. That very specific CVE was
Continue reading “How Badlock Was Discovered and Fixed”
Identity management solutions integrate systems, services, and applications into a single ecosystem that provides authentication, access control, enterprise SSO, identity information and the policies related to those identities. While I have dedicated time to explaining how to provide these capabilities to Linux systems – it is now time to broaden the scope and talk a little bit about services and applications.
In some ways, services and applications are very similar. They are both usually
Continue reading “Identity Management and Application Integration”
Over last several months, in meetings with many Red Hat customers, I have been asked about best practices related to migration from an existing third-party identity management solution to Red Hat’s Identity Management (IdM) solution. In today’s post I will share some of my thoughts on this matter…
Continue reading “When to Migrate: Red Hat Identity Management vs. Third-Party Solutions”
Hello again! I have not had time to blog in awhile. What happened? I picked up some additional responsibilities and these consumed a lot of my time. But now… I am back and will be blogging once again.
Time goes on and there are (many) new topics that are worth sharing with you. The first subject that I want to cover is the new Identity Management (IdM) features in Red Hat Enterprise Linux 7.2. While the release happened nearly three months ago – it’s still worth me providing an overview of new features and functionality. Another subject that people often ask about nowadays is the conversion from 3rd party vendor solutions to the IdM offering from Red Hat. We see a lot of interest in this area and I want to share some hints for when it is a good idea to use what we offer and when it might not be. Finally, there are also some emerging technologies
Continue reading “Back to Blogging: New Identity Management Features in RHEL 7.2”
Today, we are pleased to announced the general availability of Red Hat Directory Server 10, the latest version of Red Hat’s open source, network-based registry server. Built on the technologies delivered by the 389 Directory Server project, Red Hat Directory Server offers a Lightweight Directory Access Protocol (LDAP)-compliant server that centralizes critical application information, simplifies user management and enhances security across an entire organization.
As a tool for building business applications, Red Hat Directory Server provides
Continue reading “Red Hat Directory Server 10 Now Generally Available”
Two-factor authentication, or 2FA, is not something new. It has existed for quite some time and in different forms. What is a ‘factor’? A factor is something you have, something you know, or something you are. For example, if we combine a PIN that you know, with your fingerprint, we get a 2FA based on biometrics. In practice, biometric solutions are not often used because it’s not especially difficult to steal someone’s fingerprint (…and it is quite hard to revoke or replace your finger). The more practical approach to two-factor authentication is to combine something you know, a PIN or password, with something you have.
Something you have often comes in form of
Continue reading “Identity Management and Two-Factor Authentication Using One-Time Passwords”