Most self-hosted web services can authenticate against a back end server using LDAP or Kerberos. Hosting a server to handle authentication using these protocols can be a daunting task for the uninitiated. This guide explains how to configure Samba as a back end authentication server to allow each user to authenticate against multiple services with a single account. The authentication server will run Active Directory Domain Services as a domain controller to enable authentication over LDAP and Kerberos. This guide will also explain how to configure Nextcloud to authenticate users using LDAP. Users will be able to login and change their passwords through Nextcloud's web interface. The same (changed) password would also be usable for other (web) services.
Routing traffic through OpenVPN using a local SOCKS proxy
OpenVPN can be used with an obfuscation proxy, such as obfsproxy or obfs4, to avoid identification of VPN traffic through deep packet inspection. In this post I explain a connectivity problem that client-side OpenVPN phases when such a proxy is approached as a local SOCKS proxy by OpenVPN. A solution is provided, of course.
Maintaining SSL/TLS is hard...
Not even experts are safe from the many pitfalls that exist in implementations. Qualys, known for their Qualys SSL Labs Vulnerability Scanner (used in my research), allowed the expiration of their blog's certificate.
See 'PhD thesis' in the menu bar at the top of this page.
Installing Arch Linux ARM on an Iomega ix2-200
In this post I explain how to modify an aging network attached storage device with a Linux distribution that will keep its software and functionality up-to-date for the foreseeable future.