Linux Central Authentication

Posted by Blake McKeeby 0 comments
aws iam isn't open to managing resource outside of aws 

https://github.com/denismo/aws-iam-ldap-bridge/blob/master/INSTALL.md was the closest i found and seemed like a giant hac

https://code.google.com/p/openssh-lpk/ - patching openssh to store keys
The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong user authentication by using an LDAP server for retrieving public keys instead of ~/.ssh/authorized_keys.

google authenticator has a cool pam module.. but i need soln that less trendy, more practical
https://code.google.com/p/google-authenticator/wiki/PamModuleInstructions

using ldap to centralize account information and using a configuration management tool like chef or puppet to distribute authorized_keys file doesn't seem to allow for the granularity required. Need to be able to limit which users can access which hosts without complicated exception rules in configuration management tool
http://serverfault.com/questions/471753/what-are-best-practices-for-managing-ssh-keys-in-a-team

Arrived at freeipa.
at 10:26 PM

Upgrading OSX PHP to 5.4.15 with snmp and radius support

Posted by Blake McKeeby Labels: , , , 0 comments
By default the new macbook pros ship with an older version of php. Looking back it's hard to remember why I needed to upgrade, but I believe the introduction of namespaces in php came after the version that was shipped with my mac, and consequently I couldn't develop using zend framework 2. I aslo needed to compile with snmp support.

Most of what is needed to accomplish compiling php 5.4.15 (latest stable), I found here:
http://mac.tutsplus.com/tutorials/server/upgrading-the-native-php-installation-on-os-x-mountain-lion/

Quick Summary:
Mac by default doesn't have a good place collect src. Follow *nix traditions...
mkdir /usr/local/src


Prereqs Installed via Brew:



brew install libjpeg



brew install pcre



brew install libxml2



brew install mcrypt






Prereq ICU:


cd /usr/local/src


curl -O http://download.icu-project.org/files/icu4c/4.8.1.1/icu4c-4_8_1_1-src.tgz
tar -xzvf icu4c-4_8_1-src.tgz
cd icu/source
./runConfigureICU MacOSX
make
sudo make install




Prereq imap-2007:


cd /usr/local/src


curl -O http://cursor.uam.mx/mirrors/imap/imap-2007f.tar.gz


tar -zxvf imap-2007f.tar.gz


cd ~/Downloads/imap-2007f
make osx EXTRACFLAGS="arch i386 -arch X86_64 -g -Os -pipe -no-cpp-precomp"
sudo cp c-client/*.h /usr/local/include/
sudo cp c-client/*.c /usr/local/lib/
sudo cp c-client/c-client.a /usr/local/lib/libc-client.a






cd /usr/local/src


curl -O http://us1.php.net/get/php-5.4.15.tar.gz/from/us3.php.net/mirror

tar -zxvf php-5.4.15.tar.gz

./configure  \

--prefix=/usr  \

--mandir=/usr/share/man  \

--infodir=/usr/share/info  \

--sysconfdir=/private/etc  \

--with-apxs2=/usr/sbin/apxs  \

--enable-cli  \

--with-config-file-path=/etc  \

--with-libxml-dir=/usr  \

--with-openssl=/usr  \

--with-kerberos=/usr  \

--with-zlib=/usr  \

--enable-bcmath  \

--with-bz2=/usr  \

--enable-calendar  \

--with-curl=/usr  \

--enable-dba  \

--enable-exif  \

--enable-ftp  \

--with-gd  \

--enable-gd-native-ttf  \

--with-icu-dir=/usr/local \

--with-iodbc=/usr  \

--with-ldap=/usr  \

--with-ldap-sasl=/usr  \

--with-libedit=/usr  \

--enable-mbstring  \

--enable-mbregex  \

--with-mysql=mysqlnd  \

--with-mysqli=mysqlnd  \

--with-pdo-mysql=mysqlnd  \

--with-mysql-sock=/var/mysql/mysql.sock  \

--with-readline=/usr  \

--enable-shmop  \

--with-snmp=/usr  \

--enable-soap  \

--enable-sockets  \

--enable-sysvmsg  \

--enable-sysvsem  \

--enable-sysvshm  \

--with-tidy  \

--enable-wddx  \

--with-xmlrpc  \

--with-iconv-dir=/usr  \

--with-xsl=/usr  \

--enable-zip  \

--with-imap=/usr/local/imap-2007 \

--with-kerberos \

--with-imap-ssl \

--enable-intl \

--with-pcre-regex  \

--with-pgsql=/usr  \

--with-pdo-pgsql=/usr \

--with-freetype-dir=/usr/X11 \

--with-jpeg-dir=/usr  \

--with-png-dir=/usr/X11

make test

sudo make install



modify /etc/apache2/httpd.conf to contain

LoadModule php5_module        libexec/apache2/libphp5.so



sudo apachectl restart



To add radius support, I attempted to install the radius extension using pear which resulted in a compile error. I had to modify one line of in radius.c to correct the extension so it would compile against php-5.4.15.

cd /usr/local/src

curl -O http://pecl.php.net/get/radius

tar -zxvf radius-1.2.5.tar.gz


cd radius-1.2.5
$ phpize


change line containing "function_entry" to "zend_function_entry" to fix compile error that occurred during pear install
$ ./configure
$ make
# make install














at
10:31 PM
































Subscribe to:
Posts (Atom)