Yubikeys (manufactured by Yubico) are inexpensive hardware tokens for multi-factor authentication. In addition to Yubikeys, Yubico also manufactures YubiHSM, which are Hardware Security Modules. HSM are used to store various x509 private keys in hardware, so they cannot be stolen by hackers. Apart from Yubico, there is also, for example, the manufacturer Nitrokey, who manufactures…

Early last Friday morning, three scouts from the Adfinis SyGroup AG made their way to the Gurten – the famous local mountain of the city of Bern. They weren’t there to enjoy the lovely view, however. They came to sit behind closed curtains in dimly lit rooms, to witness the “Future of Web Development”: Jazoon…

The SUSE Manager 3 beta programme was started at the end of December 2015. We would like to take this opportunity to gain a basic understanding of what the next version will offer. To start, the most important change is the integration of [SaltStack] as a remote execution and configuration management framework. We have selected…

Trademark notice DRBD® and LINBIT® are trademarks or registered trademarks of LINBIT in Austria, the United States, and other countries. Other names mentioned in this document may be trademarks or registered trademarks of their respective owners. License information This is a commercial document from LINBIT and Adfinis SyGroup. There are distribution terms that apply to…

In this day and age, hacker attacks are an all too common occurrence. This is why it is more important than ever to keep data secured but without making it significantly harder to access. Multi-factor authentication is a tool that allows you to do precisely that. Security should be a topic for everyone (individuals and…

Imagine you get a login for Unix-Box running on some esoteric hardware. On that box you find a 10 mloc C++/C/Java project, with many custom domain specific languages and file formats. You may not take the source to your computer, because it belongs to the customer. You may change the source and build it on…

A Univention Corporate Server (UCS) is not particularly suited for configuration by Ansible, since many tasks have to be done either via the Web GUI or via special Bash commands. Examples of this are creating, modifying or deleting users and groups. Since we still want to automatically install and configure UCS from the Adfinis SyGroup,…

The problem A web application which requires a Samba-Share (cifs) via openvpn (IPv6) runs on a Debian server (jessie, systemd 215). With the naive configuration, manual starting and stopping works just fine, but rebooting doesn’t work properly. Naive configuration: Debian packages: apache2 cifs-utils openvpn cifs mount in /etc/fstab configured openvpn configuration in /etc/openvpn/client.conf When you…

To ensure that GnuPG (Manpage) or PKCS#11 keys can no longer be stolen by a virus or similar, they can instead be stored on an external hardware security module (HSM) or a SmartCard. The objective of this blog article is to show how a GnuPG key is created according to “best current practice” and then…