ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    What Are You Doing Right Now

    Scheduled Pinned Locked Moved Water Closet
    time waster
    88.9k Posts 287 Posters 52.3m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ObsolesceO
      Obsolesce @coliver
      last edited by

      @coliver said in What Are You Doing Right Now:

      @wirestyle22 said in What Are You Doing Right Now:

      @scottalanmiller said in What Are You Doing Right Now:

      @wirestyle22 said in What Are You Doing Right Now:

      Is MediaWiki still the standard? What are you preferences Mangolassi and why?

      It's the biggest player. That's for sure. But it's ugly and a pain.

      So the question becomes should I learn it? It sounds like I should.

      In that you should learn the LAMP stack yes. But you could do the same with a few other tools. I like @Tim_G's suggestion of Wordpress with a wiki plugin.

      Also, definitely worth looking at an addon called TablePress. Turn your ugly and time-consuming mediawiki table into something real... searchable, manageable. Like if you have a server list with associated info in a table, copy/paste it to excel, then import it to tablepress. Add to wordpress post and be amazed!

      1 Reply Last reply Reply Quote 1
      • EddieJenningsE
        EddieJennings @scottalanmiller
        last edited by

        @scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

        1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

        2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

        I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

        EddieJenningsE coliverC scottalanmillerS 4 Replies Last reply Reply Quote 0
        • EddieJenningsE
          EddieJennings @EddieJennings
          last edited by

          Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

          scottalanmillerS 1 Reply Last reply Reply Quote 2
          • coliverC
            coliver @EddieJennings
            last edited by

            @EddieJennings said in What Are You Doing Right Now:

            Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

            I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

            scottalanmillerS 1 Reply Last reply Reply Quote 1
            • coliverC
              coliver @EddieJennings
              last edited by

              @EddieJennings said in What Are You Doing Right Now:

              I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

              You may want to watch @scottalanmiller's discussion on LANless design.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @EddieJennings
                last edited by

                @EddieJennings said in What Are You Doing Right Now:

                Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

                Is there another way? 😉

                EddieJenningsE 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @coliver
                  last edited by

                  @coliver said in What Are You Doing Right Now:

                  @EddieJennings said in What Are You Doing Right Now:

                  Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

                  I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

                  That's what I would guess.

                  coliverC 1 Reply Last reply Reply Quote 0
                  • coliverC
                    coliver @scottalanmiller
                    last edited by

                    @scottalanmiller said in What Are You Doing Right Now:

                    @coliver said in What Are You Doing Right Now:

                    @EddieJennings said in What Are You Doing Right Now:

                    Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

                    I don't believe you need a client certificate for LDAPS, not a registered one. Just used a self signed one.

                    That's what I would guess.

                    I'm trying to find documentation on it. But really it's just LDAP riding over SSL. So no special certificates or anything are really needed.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @EddieJennings
                      last edited by

                      @EddieJennings said in What Are You Doing Right Now:

                      @scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

                      1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

                      2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

                      I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

                      For point 1 you can do any cert. but LE is the only one I would ever use.

                      dafyreD JaredBuschJ 2 Replies Last reply Reply Quote 0
                      • EddieJenningsE
                        EddieJennings @scottalanmiller
                        last edited by

                        @scottalanmiller said in What Are You Doing Right Now:

                        @EddieJennings said in What Are You Doing Right Now:

                        Or maybe a 4th option and figure out how to authenticate against AD using kerberos.

                        Is there another way? 😉

                        Is there? If so, enlighten me, so I'm not putting effort toward negative learning. 🙂

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          I think just LDAPS.

                          1 Reply Last reply Reply Quote 0
                          • coliverC
                            coliver
                            last edited by coliver

                            I'm pretty sure with Dokuwiki you set StartTLS = 1. You may need the openssl library installed first but I'm pretty sure it is that easy.

                            EddieJenningsE scottalanmillerS 2 Replies Last reply Reply Quote 2
                            • EddieJenningsE
                              EddieJennings @coliver
                              last edited by

                              @coliver Since you mentioned possibly just needing a self-sign cert, that's what I'm thinking as well. We're about to find out.

                              coliverC 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @coliver
                                last edited by

                                @coliver said in What Are You Doing Right Now:

                                I'm pretty sure with Dokuwiki you set StartTLS = 1. You may need the openssl library installed first but I'm pretty sure it is that easy.

                                That's what I would guess. Generating a very of any sort is weird for this.

                                1 Reply Last reply Reply Quote 0
                                • coliverC
                                  coliver @EddieJennings
                                  last edited by

                                  @EddieJennings said in What Are You Doing Right Now:

                                  @coliver Since you mentioned possibly just needing a self-sign cert, that's what I'm thinking as well. We're about to find out.

                                  This would be a good how to thread by-the-by.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    Heading home from whisky stuff.

                                    NerdyDadN 1 Reply Last reply Reply Quote 2
                                    • EddieJenningsE
                                      EddieJennings
                                      last edited by

                                      First test = failure. But it seems to follow what we think. The failure came from the fact that the dokuwiki's server doesn't trust the CA of the cert that my domain controller is presenting -- which is what I expected.

                                      1 Reply Last reply Reply Quote 0
                                      • NerdyDadN
                                        NerdyDad @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in What Are You Doing Right Now:

                                        Heading home from whisky stuff.

                                        Just steer clear of all parking garages.

                                        1 Reply Last reply Reply Quote 2
                                        • wirestyle22W
                                          wirestyle22
                                          last edited by wirestyle22

                                          Just bought this: https://luuup.com/ for my cat

                                          Laura also said yes to that sweet coffee table i linked yesterday.

                                          NerdyDadN travisdh1T momurdaM ObsolesceO 4 Replies Last reply Reply Quote 2
                                          • dafyreD
                                            dafyre @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in What Are You Doing Right Now:

                                            @EddieJennings said in What Are You Doing Right Now:

                                            @scottalanmiller The other part of the problem is there are two things I'm wanting to secure.

                                            1. Traffic from client to my dokuwiki, which I agree can be easily accomplished with Lets Encrypt, despite this site not being public-facing.

                                            2. Traffic between my dokuwiki and domain controller (for authentication), since LDAP is sent in the clear. I suppose I could use Let's Encrypt to give the domain controller a certificate, so the certificate it presents to dokuwiki is from a trusted root CA. Or I issue and install certs with our internal CA that's already in place.

                                            I suppose there's a third option as well, which is what was mentioned yesterday: Do I really care that AD credentials are sent in the clear if this traffic is only on my local network (or travelling to a user at home over a VPN tunnel)? Which, for me, the answer is "yes." I don't think it's a good idea to pass credentials in the clear over a network in general.

                                            For point 1 you can do any cert. but LE is the only one I would ever use.

                                            How do you do LE for internal only servers? I didn't think that was supported?

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 4426
                                            • 4427
                                            • 4428
                                            • 4429
                                            • 4430
                                            • 4446
                                            • 4447
                                            • 4428 / 4447
                                            • First post
                                              Last post