jump to navigation

out again October 16, 2006

Posted by Phillip in : travel, work , 1 comment so far

I’m sitting In a cab on my way to the airport. My cab was an hour late so now I will probably miss my flight (which leaves in 45 minutes). Also, it’s raining so I-35 is a holy terror of a mess.

The only upside to all of this is that my driver is the spitting image of Morgan Freeman.

More from Denver.

Password Expiry Notification June 19, 2006

Posted by Phillip in : sysadmin, work , add a comment

Problem:

We need a method to notify users who are not logging into Active Directory (ie: Mac and Linux users) that their password is going to expire.

Solution #1: Password Notification Identity Manager Driver
Description: This is an Identity Manager Loopback Driver that watches for password events in your directory and notifies users (via email) that their password is going to expire.
Issue: Does not work as designed, requires MAJOR FREAKIN’ REWRITES (xslt, yuck)! The driver pseudo-works for detecting users who have limited Grace Login levels. It completely fails on trying to notify users that their password is going to expire.

Solution #2: Password Expiration Email Notification
Description: This is a console-based java application that runs out of CRON every night. It is supposed to scan the defined containers in your directory and notify users (via emai) that their passwords are going to expire in defined intervals (30,15,5,3,1 day(s)) and send them a URL to the self-service portal. It also identifies users whose passwords have already expired and notifies them to contact the IT Help Desk.
Issue: Missing something. I have it working in a not-so-working state. For whatever reason, it detects all levels (set to expire and expired) as expired and notifies me as such. Time to hack away at the java source.

True SSO June 6, 2006

Posted by Phillip in : work, geek , 1 comment so far

At last! Someone who understands what SSO really entails finally asked me what it would take to implement it. Some people are under the impression that SSO is simply re-using the same password in multiple places (*yuck*). For those of us in the identity management business, we know that SSO is really much more.

I like Wikipedia’s definition of SSO: “Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.”

The idea is that Jo[e] User comes to work, sits down in his/her sterile cubicle and logs into his/her desktop. Once Jo[e] User has logged into his/her desktop (via some form of Directory Services), he/she should have access to everything he/she needs to do his/her job without authenticating again.

There are several ways to accomplish this. Ideally, you are managing identities in these disparate systems via some federated form of directory services, maybe you are using Novell’s eDirectory with Identity Manager to integrate OpenLDAP and Active Directory. Assuming you have a decent way to manage identities, the next layer can be mildly challenging. Providing the authentication into each application. If you are using web-based apps, you can utilize a WEB-SSO or Web-AM (Web access management) technology to provide this authentication, something like iChain. If you are using any non-web-based apps, you will have to use something a little more robust. Never fear, SecureLogin is here.

From what I have read, this is exactly what I am looking for. Not sure on the price, so I’m glad I don’t own any budgets. I have the full trial version, but I have yet to find time to install it. More on that is it unfolds.

I am still concerned about how to handle the last layer of access, the authorization part. Most applications have their own authorization and access level scheme based on profiles and roles. Figuring out how to integrate to this level is the Real Challange (TM).

New WordPress Theme May 23, 2006

Posted by Phillip in : work, geek , 1 comment so far

As you can probably tell, my blog got a face lift. I am trying out a new theme. So far I like it, we will have to see if my readership boosts to a total of 4 readers or if I will lose the existing two that I have (hi Darrell). It’s worth noting that I originally saw this theme in use by the Evil Zen Scientist and I liked it.

I hope to have final word today or tomorrow as to whether or not I will be visiting Novell, INC. next week. When Martin (aka the Evil Zen Scientist) was visiting with us last week, we toyed around with the idea of me and two of my colleagues hopping up to Provo to visit the Super Lab. In addition to all of the fun Identity Management work I do with Novell software, I am also the person who rolled out ZENworks Linux Management (ZLM for short) for our internal systems. All and all, I am happy with the product. It is very powerful and it fits nicely into our architecture allowing us to manage multipe systems through one interface. This, in turn, cuts down on the overall administrative overhead of server management.
(more…)

Published (well, sorta…) May 1, 2006

Posted by Phillip in : sysadmin, work , add a comment

I recently submitted a HOWTO article to Novell CoolSolutions(TM). Here is the link. I was pretty excited about it, especially since I found out that every time you submit an article or tip, you get points. These points can then be redeemed for cool prizes!

I have yet to decide what I want, but I am quite certain I don’t want the T-Shirt.

At any rate, I was excited about the entire thing. It turns out not many people have made the Remote Loader actually function on a Debain Linux server. For those of you who don’t know, the Remote Loader is an application layer service that serves as an interface between your connected system, in this case a comma-delimited text file, and Novell Identity Manager. I could probably ramble on about how cool all of this technology is, but I think I might need to do a little work today, so until I have some time, OUT!.

need a sysadmin? March 10, 2006

Posted by Phillip in : work, geek , 1 comment so far

For the past several days, I have seriously started trying to find some freelance linux sysadmin work. I found a nifty website that helps hook people who need stuff done with people who can do said stuff. The gist of the site is that someone (who doesn’t want to pay much) creates a writeup of a service they need, then lots of someones (who want to be paid more then the other someone is offering) bid on the job. At some point the needing someone picks a providing someone and the project is underway. From what I can tell, the fee for all of the someone hooking up that the website does is a mere 10%. I think that is pretty fair. I have already got my first little job so I’ll be sure to follow up on this post when it’s all said and done.