Posts tagged: Identity management

Getting started on seam-security, picketlink IDM and JPAIdentityStore

I love how JBoss 7(.1) has everything working out of the box – not much fiddling with jars or suchlike and with Arquillian, everything really was a treat to get started on a new project. This was until I had to sort out security with seam-security.

To be fair, the main issue was just poor documentation. It took me a day to sort out what should essentially have taken an hour(or two)

The documentation you get to from http://www.seamframework.org/Seam3/SecurityModule seems to be out of date. The fact that the page referes to version 3.0.0.Alpha1 and Alpha2 should have tipped me off but the url for the doc suggested it was the latest.

The more up to date documentation I found was at http://docs.jboss.org/seam/3/3.1.0.Final/reference/en-US/html/pt04.html

I followed chapter 33 on there and I won’t repeat it here for the sake of brevity.

What follows are the additional steps I had to take to get it to work.

Read more »

Restricting Linux Logins to Specified Group

If you have linux boxes that authenticate over ldap but want logins for specific boxes to be restricted to a particular group, there is a simple way to achieve this.

Firstly, create a new file called /etc/group.login.allow (it can be called anything – you just need to update the line below to reflect the name)

In this file, pop in all the groups that should be able to login

admin
group1
group2

Edit /etc/pam.d/common-auth (in ubuntu), it might be called /etc/pam.d/system-auth or something else very similar. At the top of the file (or at least above other entries, add the following line:

auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/group.login.allow

For the record, found this little tidbit over at the centos forums

WordPress Themes