Yay!

I got SmartCard authentication with PKINIT/Kerberos working in my home-network/home-lab 🙂

RSA key safely stored on the smartcard, getting a ticket granting ticket (TGT) from the KDC and then authenticating to an SSH host via GSSAPI/Kerberos..

Total overkill for a home-lab? Absolutely! But it's always amazing to learn something new and to have hands-on experience.

Client: Fedora 43 KDE Edition
KRB Realm: FreeIPA on Fedora Server

Remote-Server: FreeBSD 15.0-RELEASE machine (krb5 enrolled).

#linux #smartcard #authentication #ssh #gssapi #kerberos #crypto #freebsd

Tech Help! 🆘

I have a Synology NAS. And I want to use Kerberos on it for NFS.

Is aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 okay for DSM 7.1.1?

I am getting
gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No key table entry

Despite matching hosts, DNS, ptr, KVNO, principals.... Ugh..

#linux #synology #nas #tech #help #network #kerberos #gssapi #freeipa

#librem5 docked day 2:
- Move #gpg config over so #nitrokey works on the dock (hello encryted email, package uploads, ...)
- Join #matrix via element until #chatty fully covers it
- Figure out #gssapi smtp in #mutt needs libsasl2-modules-gssapi-mit (so say goodby to the last on disk location that stored account passwords unencrypted)
- unbreak plymouth in #PureOS #Byzantium so it doesn't force meta packages off the system (https://source.puri.sm/pureos/core/plymouth/-/merge_requests/1)
- no crashes so far

@twrightsman well, using #offlineimap3 it since yesterday but works well. I'm having some minor hickups with #GSSAPI still nothing a retrigger didn't fix so far.

The #GSSAPI support in #ceph still seems to be in its early stages. I don't seem to be able to run "ceph mon" without specifying cephx keys.

@neko I started down this staircase when I realized that mariabackup was segfaulting and that I should try to rebuild the port. Next, I saw that I need to make Maria use OpenSSL instead of #GSSAPI, which got me thinking about LibreSSL…

Wow, my #PostgreSQL works again with #GSSAPI #Kerberos authentication

Where was the problem? DNS...