enterprise desktop at home with freeipa and gnome
play

Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy - PowerPoint PPT Presentation

Sep 20, 2022 •256 likes •978 views

January 30th, 2016 FOSDEM16 Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com ) Enterprise desktop at home with FreeIPA and GNOME 2 Enterprise? Enterprise desktop at home with FreeIPA and GNOME 3 *

  1. January 30th, 2016 FOSDEM’16 Enterprise desktop at home with FreeIPA and GNOME Alexander Bokovoy ( abokovoy@redhat.com )

  2. Enterprise desktop at home with FreeIPA and GNOME 2 Enterprise?

  3. Enterprise desktop at home with FreeIPA and GNOME 3 * almost local offjce network is not managed by a company’s IT department

  4. Enterprise desktop at home with FreeIPA and GNOME 4 * almost company services’ hosting is cloudy there is no one cloud to rule them all

  5. Enterprise desktop at home with FreeIPA and GNOME 5 * almost I have FEW identities: Home-bound identity to access local resources Cloud-based (social networking) identities Free Software hats to wear Certifjcates and smart cards to present myself legally Private data to protect and share I want them to be usable at the same time ▶ A corporate identity for services sign-on

  6. Enterprise desktop at home with FreeIPA and GNOME 6 * almost I have FEW identities: Cloud-based (social networking) identities Free Software hats to wear Certifjcates and smart cards to present myself legally Private data to protect and share I want them to be usable at the same time ▶ A corporate identity for services sign-on ▶ Home-bound identity to access local resources

  7. Enterprise desktop at home with FreeIPA and GNOME 7 * almost I have FEW identities: Free Software hats to wear Certifjcates and smart cards to present myself legally Private data to protect and share I want them to be usable at the same time ▶ A corporate identity for services sign-on ▶ Home-bound identity to access local resources ▶ Cloud-based (social networking) identities

  8. Enterprise desktop at home with FreeIPA and GNOME 8 * almost I have FEW identities: Certifjcates and smart cards to present myself legally Private data to protect and share I want them to be usable at the same time ▶ A corporate identity for services sign-on ▶ Home-bound identity to access local resources ▶ Cloud-based (social networking) identities ▶ Free Software hats to wear

  9. Enterprise desktop at home with FreeIPA and GNOME 9 * almost I have FEW identities: Private data to protect and share I want them to be usable at the same time ▶ A corporate identity for services sign-on ▶ Home-bound identity to access local resources ▶ Cloud-based (social networking) identities ▶ Free Software hats to wear ▶ Certifjcates and smart cards to present myself legally

  10. Enterprise desktop at home with FreeIPA and GNOME 10 * almost I have FEW identities: I want them to be usable at the same time ▶ A corporate identity for services sign-on ▶ Home-bound identity to access local resources ▶ Cloud-based (social networking) identities ▶ Free Software hats to wear ▶ Certifjcates and smart cards to present myself legally ▶ Private data to protect and share

  11. Enterprise desktop at home with FreeIPA and GNOME 11 I work on FreeIPA, https://www.freeipa.org Management of identities and policies: And it is available in: 2014 ▶ stored centrally ▶ applied locally ▶ Fedora ▶ Red Hat Enterprise Linux / CentOS ▶ GNU/Linux Debian and Ubuntu ▶ https://account.gnome.org/ runs FreeIPA since october

  12. Enterprise desktop at home with FreeIPA and GNOME 12 How enterprisey are we?

  13. Enterprise desktop at home with FreeIPA and GNOME 13 Let’s score by a password

  14. Enterprise desktop at home with FreeIPA and GNOME 14 Let’s score by a password A typical workfmow for every laptop reboot 1. Sign into a local system account (enter a password) 2. Jump onto virtual private network (enter a password or more) 3. Obtain initial Kerberos credentials (enter a password) 4. Use corporate applications (enter a password?)

  15. Enterprise desktop at home with FreeIPA and GNOME 15 Let’s score by a password A typical workfmow for every laptop reboot 1. Sign into a local system account (enter a password) 2. Jump onto virtual private network (enter a password or more) 3. Obtain initial Kerberos credentials (enter a password) 4. Use corporate applications (enter a password?)

  16. Enterprise desktop at home with FreeIPA and GNOME 16 Let’s score by a password A typical workfmow for every laptop reboot 1. Sign into a local system account (enter a password) 2. Jump onto virtual private network (enter a password or more) 3. Obtain initial Kerberos credentials (enter a password) 4. Use corporate applications (enter a password?)

  17. Enterprise desktop at home with FreeIPA and GNOME 17 Let’s score by a password A typical workfmow for every laptop reboot 1. Sign into a local system account (enter a password) 2. Jump onto virtual private network (enter a password or more) 3. Obtain initial Kerberos credentials (enter a password) 4. Use corporate applications (enter a password?)

  18. Enterprise desktop at home with FreeIPA and GNOME 18 Can we do better than this? how far are we from ? ▶ Sign into a corporate environment ▶ Use corporate applications

  19. Enterprise desktop at home with FreeIPA and GNOME 19 Let’s try to login! Demo of interactive logon

  20. Enterprise desktop at home with FreeIPA and GNOME 20 What was that? SSSD handles login and Kerberos keys Login to the system is verifjed over public network using a proxy for Kerberos protocol Established VPN connection based on Kerberos ticket Credentials were entered only once ▶ The system is confjgured to be a client for FreeIPA

  21. Enterprise desktop at home with FreeIPA and GNOME 21 What was that? Login to the system is verifjed over public network using a proxy for Kerberos protocol Established VPN connection based on Kerberos ticket Credentials were entered only once ▶ The system is confjgured to be a client for FreeIPA ▶ SSSD handles login and Kerberos keys

  22. Enterprise desktop at home with FreeIPA and GNOME 22 What was that? proxy for Kerberos protocol Established VPN connection based on Kerberos ticket Credentials were entered only once ▶ The system is confjgured to be a client for FreeIPA ▶ SSSD handles login and Kerberos keys ▶ Login to the system is verifjed over public network using a

  23. Enterprise desktop at home with FreeIPA and GNOME 23 What was that? proxy for Kerberos protocol Credentials were entered only once ▶ The system is confjgured to be a client for FreeIPA ▶ SSSD handles login and Kerberos keys ▶ Login to the system is verifjed over public network using a ▶ Established VPN connection based on Kerberos ticket

  24. Enterprise desktop at home with FreeIPA and GNOME 24 What was that? proxy for Kerberos protocol ▶ The system is confjgured to be a client for FreeIPA ▶ SSSD handles login and Kerberos keys ▶ Login to the system is verifjed over public network using a ▶ Established VPN connection based on Kerberos ticket ▶ Credentials were entered only once

  25. Enterprise desktop at home with FreeIPA and GNOME 25 Kerberos proxy Available on the client side with Microsoft Active Directory and MIT Kerberos 1.13 Kerberos proxy is implemented by FreeIPA 4.2, OpenConnect Server 7.05, and as a standalone server very easy to use (one line change on the client) https://account.gnome.org to allow use of Kerberos credentials for SSH accounts for GNOME developers ▶ protocol is called MS-KKDCP ▶ transparent for Kerberos library users ▶ Requires HTTPS connection, set up by default in FreeIPA 4.2, ▶ Allows to obtain tickets from anywhere ▶ SSSD 1.12+ ▶ GNOME project has enabled KDC proxy support in

  26. Enterprise desktop at home with FreeIPA and GNOME 26 VPN and Kerberos OpenConnect client supports GSSAPI negotiation OpenVPN does not support GSSAPI negotiation Could we enforce stronger authentication at a VPN edge? ▶ Fedora 22+ works out of the box ▶ to do since 2005 ▶ yes, we are be able to do so with Kerberos 1.14 ▶ no practical implementation in FreeIPA yet

  27. Enterprise desktop at home with FreeIPA and GNOME 27 Two-factor authentication FreeIPA 4.x supports 2FA natively HOTP/TOTP compatible software and hardware ▶ Yubikey, FreeOTP client for Android and iOS, any ▶ Two-factor authentication is enforced on Kerberos level ▶ Performs pre-authentication before issuing a ticket ▶ Authentication Indicators are in Kerberos 1.14 ▶ Pre-authentication modules can say how tickets were issued

  28. Enterprise desktop at home with FreeIPA and GNOME 28 FreeOTP client for Android and iOS Figure 1:

  29. Enterprise desktop at home with FreeIPA and GNOME 29 Demo of interactive logon with 2FA Let’s create a token for a user and logon with 2FA via Yubikey

  30. Enterprise desktop at home with FreeIPA and GNOME 30 What was that? added for the user in FreeIPA 2. SSSD handles login and notices OTP pre-authentication support in Kerberos conversation 3. Login to the system is verifjed over public network using a proxy for Kerberos protocol 4. Kerberos ticket is obtained, fjrst factor is provided by SSSD to GDM for unlocking GNOME passwords and keys storage (SeaHorse) 5. Credentials were entered only once 1. One time password token was programmed to Yubikey and

Recommend

Enterprise desktop: improving client side in the age of Samba AD and FreeIPA Alexander Bokovoy

Enterprise desktop: improving client side in the age of Samba AD and FreeIPA Alexander Bokovoy

Principal Software Engineer, Red Hat // Samba Team SambaXP16 Enterprise desktop: improving client side in the age of Samba AD and FreeIPA Alexander Bokovoy Enterprise desktop: improving client side in the age of Samba AD and FreeIPA 2

1.33k views • 106 slides
and the Enterprise User Brian Nitz Software Engineer brian.nitz@sun.com GNOME and the

and the Enterprise User Brian Nitz Software Engineer brian.nitz@sun.com GNOME and the

and the Enterprise User Brian Nitz Software Engineer brian.nitz@sun.com GNOME and the Enterprise User Who uses GNOME? Scientific Medical Education Enterprise Developers Sun Sun's GNOME based products GNOME 1.4

658 views • 34 slides
GNOME and the Enterprise User - JDS Ghee Teo & Brian Nitz Sun Microsystems Inc.

GNOME and the Enterprise User - JDS Ghee Teo & Brian Nitz Sun Microsystems Inc.

GNOME and the Enterprise User - JDS Ghee Teo & Brian Nitz Sun Microsystems Inc. Introduction Who are we? Intended Audience CTOs, CIOs, Technical managers Software developers Anyone considering developing/deploying a GNOME-based

455 views • 22 slides
Software with the Quality that Has No Name Federico Mena Quintero federico@gnome.org Desktop

Software with the Quality that Has No Name Federico Mena Quintero federico@gnome.org Desktop

Software with the Quality that Has No Name Federico Mena Quintero federico@gnome.org Desktop Summit, Berlin, Aug/2011 Our house in the middle of our street FIXME: before/after pictures 1994 1999 Christopher Alexander 1977 Intimacy

1.19k views • 63 slides
FREEIPA INSTALLATION USING ANSIBLE-FREEIPA FOSDEM - 2018-02-03 Thomas Wrner Senior Software

FREEIPA INSTALLATION USING ANSIBLE-FREEIPA FOSDEM - 2018-02-03 Thomas Wrner Senior Software

FREEIPA INSTALLATION USING ANSIBLE-FREEIPA FOSDEM - 2018-02-03 Thomas Wrner Senior Software Engineer, Red Hat Inc. https://github.com/freeipa/ansible-freeipa/ AGENDA Project goals IPA installers vs. ansible-freeipa IPA client installation

406 views • 16 slides
FreeIPA www.freeipa.org Identity Management in the FOSS World Simo Sorce Principal Software

FreeIPA www.freeipa.org Identity Management in the FOSS World Simo Sorce Principal Software

FreeIPA www.freeipa.org Identity Management in the FOSS World Simo Sorce Principal Software Engineer Red Hat, Inc. What is FreeIPA ? Acronym: Free Identity, Policy, Audit Purpose: Make it simpler to manage a complex problem

730 views • 28 slides
Using Dtrace for Gnome Performance Analysis Krishnan Parthasarathi Desktop Sustaining Engineer

Using Dtrace for Gnome Performance Analysis Krishnan Parthasarathi Desktop Sustaining Engineer

USE IMPROVE EVANGELIZE Using Dtrace for Gnome Performance Analysis Krishnan Parthasarathi Desktop Sustaining Engineer Sun Microsystems, India USE IMPROVE EVANGELIZE Agenda Dtrace Intro Problem Statement Existing approaches What

439 views • 39 slides
Enterprise and Desktop Search Lecture 5: Desktop Search and Personal Information Personal

Enterprise and Desktop Search Lecture 5: Desktop Search and Personal Information Personal

Enterprise and Desktop Search Lecture 5: Desktop Search and Personal Information Personal Information Management Pavel Dmitriev Pavel Serdyukov Sergey Chernov Delft University of L3S Research Center Yahoo! Labs Technology Hannover

1.13k views • 90 slides
Identity and Directories with FreeIPA Simo Sorce Sr. Principal Sw. Eng., Red Hat 2015/01/21 1

Identity and Directories with FreeIPA Simo Sorce Sr. Principal Sw. Eng., Red Hat 2015/01/21 1

Identity and Directories with FreeIPA Simo Sorce Sr. Principal Sw. Eng., Red Hat 2015/01/21 1 Simo Sorce What is FreeIPA ? FreeIPA is a Directory and Authentication Server aka a Domain Controller Primarily targets at Linux servers.

487 views • 31 slides
Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander Bokovoy <ab@samba.org> May 21th, 2015 Samba Team / Red Hat 0 A crisis of identity (solved?) FreeIPA What is FreeIPA? Cross Forest Trusts

298 views • 29 slides
Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric

Migrating GNOME to Git Migrating GNOME to Git (a human & technical perspective) Frdric Pters Frdric Pters <fpeters@gnome.org> <fpeters@gnome.org> Rencontres Mondiales du Logiciel Libre Nantes - 10 juillet 2009

991 views • 49 slides
GLOBAL CATALOG SERVICE IMPLEMENTATION IN FREEIPA Alexander Bokovoy Red Hat Inc. May 4th, 2017

GLOBAL CATALOG SERVICE IMPLEMENTATION IN FREEIPA Alexander Bokovoy Red Hat Inc. May 4th, 2017

GLOBAL CATALOG SERVICE IMPLEMENTATION IN FREEIPA Alexander Bokovoy Red Hat Inc. May 4th, 2017 ABOUT:ME Sr. Principal Software Engineer at Red Hat Samba Team member since 2003 Core FreeIPA developer since 2011 2 WHAT IS THIS TALK

669 views • 30 slides
Web applications and the Desktop An open source perspective Owen Taylor Christopher Aillon

Web applications and the Desktop An open source perspective Owen Taylor Christopher Aillon

Web applications and the Desktop An open source perspective Owen Taylor Christopher Aillon otaylor@redhat.com W3C workshop for Web Applications San Jose, CA June 2004 Background Open source desktop Linux, *BSD, Solaris GNOME,

383 views • 9 slides
Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software

Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software

Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 6 th October 2015 FreeIPA Integration of multiple identity-management tools. directory

352 views • 17 slides
Continuous integration for GNOME Juan Jos Snchez Penas <jjsanchez@igalia.com> Guadec

Continuous integration for GNOME Juan Jos Snchez Penas <jjsanchez@igalia.com> Guadec

Continuous integration for GNOME Juan Jos Snchez Penas <jjsanchez@igalia.com> Guadec 2006, Vilanova i la Geltr Proposed table of contents What is continuous integration? Why CI for Gnome? History of CI inside the GNOME

239 views • 11 slides
LightDM: Cross Desktop Display Manager Robert Ancell What is a Display Manager? High level:

LightDM: Cross Desktop Display Manager Robert Ancell What is a Display Manager? High level:

LightDM: Cross Desktop Display Manager Robert Ancell What is a Display Manager? High level: Run display servers (X) Authenticate users (greeter) Start sessions (GNOME, KDE, XFCE, ...) Remote login (XDMCP) What is a Display

414 views • 19 slides
Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a wholesale distribution business providing complete range of Electronic Security Systems Kamlesh 093232 51184 Adit Enterprise Adit Enterprise Adit

619 views • 29 slides
Integrating new major Integrating new major components on fast and slow components on fast and

Integrating new major Integrating new major components on fast and slow components on fast and

Integrating new major Integrating new major components on fast and slow components on fast and slow moving distributions moving distributions How latest GNOME desktop was integrated into latest How latest GNOME desktop was integrated into

616 views • 23 slides
FOSDEM 2019 Distributions devroom FreeIPA and cross-distribution packaging experience Alexander

FOSDEM 2019 Distributions devroom FreeIPA and cross-distribution packaging experience Alexander

FOSDEM 2019 Distributions devroom FreeIPA and cross-distribution packaging experience Alexander Bokovoy FreeIPA and cross-distribution packaging experience about:me Red Hat Sr. Principal software engineer at Red Hat Identity

793 views • 31 slides
Digital Photography in the GNOME environment Hubert Figuire <hfiguiere@teaser.fr>

Digital Photography in the GNOME environment Hubert Figuire <hfiguiere@teaser.fr>

Digital Photography in the GNOME environment Hubert Figuire <hfiguiere@teaser.fr> Digital Photography in the GNOME environment 1/17 Digital photography in GNOME Acquiring Managing GNOME Integration Digital Photography in

1.04k views • 17 slides
The K Desktop Environment (KDE) Page 1 We Shall be Covering ... Desktop environment The

The K Desktop Environment (KDE) Page 1 We Shall be Covering ... Desktop environment The

The K Desktop Environment (KDE) Page 1 We Shall be Covering ... Desktop environment The KDE Desktop Control Center Konqueror Help Center Page 2 The Desktop Environment A common graphical user interface and platform

323 views • 17 slides
The Evolving Network: Trends in the connected home, SMB and Enterprise Services markets SMB and

The Evolving Network: Trends in the connected home, SMB and Enterprise Services markets SMB and

The Evolving Network: Trends in the connected home, SMB and Enterprise Services markets SMB and Enterprise Services markets Clarence Black ANMTA Spring Conference 2014 Introduction Network Engineer with Plateau Telecommunications in Clovis,

668 views • 50 slides
Women in Free Software Findings from FLOSSPOLS Anne stergaard aoe@gnome.org Member of

Women in Free Software Findings from FLOSSPOLS Anne stergaard aoe@gnome.org Member of

Women in Free Software Findings from FLOSSPOLS Anne stergaard aoe@gnome.org Member of The GNOME Foundation Board At aKademy 2006, Trinity, Dublin Are women in FLOSS considered as bugs, babes, groupies, or equal partners in their

673 views • 33 slides
AbiWord: A CrossPlatform GNOME Office Component Dom Lachowicz <doml@appligent.com>

AbiWord: A CrossPlatform GNOME Office Component Dom Lachowicz <doml@appligent.com>

AbiWord: A CrossPlatform GNOME Office Component Dom Lachowicz <doml@appligent.com> Hubert Figuire <hfiguiere@teaser.fr> 1 Abstract What is AbiWord ? 1.Cross platform Word processor 2.Part of GNOME Office 2

582 views • 25 slides

More recommend