You are here


LINUX CA Certificate Deployment

Creating an in house signing [aka CA] certificate is a common practice; this allows you to generate free cerficates for internal use. For Windows hosts distributing this CA certificate to all the clients and relevant servers can be accomplished using Active Directory GPOs. Certificate management on LINUX hosts on the other hand has always been a swamp of tedium where the certificates often need to be configured into each client or service. Recent distributions have eased this process considerably by including a quasi-standardized set of scripts and certificate store locations.

Overrides With SSSD

LINUX has long been plagued with a rather lousy identity management scheme. Beyond the limitations of POSIX's getent and related calls [which can be very inefficient] the attempts to stub in network-aware identity services such as LDAP have only piled onto the rough edges. NSCD attempted to work around performance problems via caching - and did not do very well. Then was NSLCD the next evolution of NSCD which was better, but still inflexible. Identity management in more complex networks is a tedious business and what administrators need more than anything else is flexibility.

Uncoloring ls

By default on every recent shell the output of ls is colorized. This is a great feature - but it makes using terminals that use a non-standard [not(background==black)] color-scheme awkward.  Things just disappear;  try reading directory name displayed in yellow on a yellow background.  It is difficult.
How this colorization gets setup in openSUSE is that that the ls command is aliased to "ls --color=auto".  You can see this aliasing using the alias command.

Recovery From Half An MD Mirrored Pair

In the process of decommissioning an old physical server I wanted to recover some data from the server's drives. The failing server was configured with a SATA RAID1 pair that contained a logical volume group (LVM). So I could either boot up the old server, change it's IP address, and recover the data over the network.... or I could just recover the data directly from one of the drives [they are a mirrored pair after all]. But only having a USB caddy for one SATA drive the trick was to get the RAID1 array to come up on my laptop with only one drive.


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer