Red Hat Security Blog: June 2015 archives

  • Single sign-on with OpenConnect VPN server over FreeIPA

    In March of 2015 the 0.10.0 version of OpenConnect VPN was released. One of its main features is the addition of MS-KKDCP support and GSSAPI authentication. Putting the acronyms aside that means that authentication in FreeIPA, which uses Kerberos, is greatly simplified for VPN users. Before explaining more, let's first explore what the typical login process is on a VPN network. Currently, with a VPN server/product one needs to login to the VPN server using some username-password pair, and then...
    Posted 2015-06-17T13:30:08+00:00 - 0
  • The hidden costs of embargoes

    It's 2015 and it's pretty clear the Open Source way has largely won as a development model for large and small projects. But when it comes to security we still practice a less-than-open model of embargoes with minimal or, in some cases, no community involvement. With the transition to more open development tools, such as Gitorious and GitHub, it is now time for the security process to change and become more open. The problem In general the argument for embargoes simply consists of "we'll fix...
    Posted 2015-06-10T13:30:38+00:00 - 0
  • Emergency Security Band-Aids with Systemtap

    Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method. On the other hand, in some circumstances the update & restart methods are unacceptable, leading to the development of online fix facilities like kpatch, where code may be surgically replaced in a running system. There is plenty of potential in these systems, but they...
    Posted 2015-06-03T13:30:13+00:00 - 0