Using MTA-STS to enhance email transport security and privacy
Overview SMTP is broken by design. It comes from a time when communication partners trusted each other and the NSA was intercepting facsimiles and phone calls instead of internet traffic. To enhance...
View ArticleUsing Data Deduplication and Compression with VDO on RHEL 7 and 8
Storage deduplication technology has been on the market for quite some time now. Unfortunately all of the implementations have been vendor-specific proprietary software. With VDO, there is now an...
View ArticleInstalling Red Hat Satellite 6 with Letsencrypt certificates
Red Hat Satellite 6 is a nice tool for system life cycle management. It can get complex and even installation is sometimes tricky. This article is about how to install Satellite, it does not explain...
View ArticleOpenID and SAML authentication with Keycloak and FreeIPA
Not every web application can handle Kerberos SSO, but some provide OpenID and/or SAML. There is how Keycloak comes into the game. You can use Keycloak to federate users from different sources. This...
View ArticleRenew Letsencrypt certificates for Red Hat Satellite 6 and Capsule
Letsencrypt certificates are only valid for just three months. The procedure to renew x509 certificates in Red Hat Satellite 6 is not so straight forward and its even more complex for Capsule servers....
View ArticleMigrating from CentOS8 to RHEL8
There are various reasons why to migrate from CentOS to RHEL. Quicker access to bugfixes and new minor releases as well as having a fully commercially supported system. Unfortunately most providers do...
View ArticleInstalling RHEL 8 on Hetzner root servers
Hetzner is a very popular provider for so-called root servers and VPS (Virtual private Servers) located in Germany with data centers in Germany and Finnland. They are quite affordable and have good...
View ArticleUsing LVM cache for storage tiering
SSDs are small, expensive but fast. HDDs are large and cheap, but slow. Let’s combine the two technologies to get the speed of SSDs with the price and size of HDDs. This can be achieved with storage...
View ArticleUsing DNSSEC with (Free) IPA
The DNS infrastructure contains a growing number of critical information such as services records pointing to authentication services, TLSA records, SSH fingerprints and the like. DNSSEC signs this...
View ArticleUsing KDC Proxy to authenticate users
How to authenticate users with Kerberos when port 88 is not available in a DMZ? Use an HTTPS server as a proxy. IPA comes with an integrated KDC Proxy and it’s simple to make use of it. A typical use...
View Article
