Setting up a lightweight authentication back end

Most self-hosted web services can authenticate against a back end server using LDAP or Kerberos. Hosting a server to handle authentication using these protocols can be a daunting task for the uninitiated. This guide explains how to configure Samba as a back end authentication server to allow each user to authenticate against multiple services with a single account. The authentication server will run Active Directory Domain Services as a domain controller to enable authentication over LDAP and Kerberos. This guide will also explain how to configure Nextcloud to authenticate users using LDAP. Users will be able to login and change their passwords through Nextcloud's web interface. The same (changed) password would also be usable for other (web) services.

Read more

Maintaining SSL/TLS is hard...

Not even experts are safe from the many pitfalls that exist in implementations. Qualys, known for their Qualys SSL Labs Vulnerability Scanner (used in my research), allowed the expiration of their blog's certificate.

Read more