I'm trying to test WS-MAN capabilities to manage multiple hypervisors (mainly ESXi and Hyper-V); in terms of Hyper-V, all samples I come across insist on first tuning the Hyper-V authentication to "basic"; does anyone know if this is a shortcoming in current OpenWSMAN implementation or by design it can't support other authentication mechanism OR please correct me if my understanding is wrong :-).
System Details:
Host OS: SL 6.1
OpenWSMAN: 2.2.0 (client version)
Thanks!
I found an explanation for above observation. On linux, OpenWSMAN uses OpenSSL for authentication connections, now OpenSSL on Linux supports "digest" and Windows machines does not. Windows supports Kerbos/GSSAPI which is not currently supported by OpenSSL.
Thanks!
Related
I need to connect a WinCE6.0 device to a web based server using HTTPS.
The problem: WinCE6.0 uses WinInet v6 which supports SSL2, SSL3 and TSL1.0 None of which are supported in the current (2018) best practices due to their security flaws.
I doubt I can drop in a newer version of WinInet and expect it to run.
I had thoughts of porting CURL to WinCE.
I'm thinking this issue has already been addressed by the CE community, but I'm not seeing an available solution.
How can I get an old embedded device to securely connect to the WWW?
From GuruCE:
If you want to use TLS 1.1 and 1.2 on CE a suitable solution is to use mbedTLS library from ARM. It has a BSD-like license, so not too restrictive. Only one change to the makefiles is needed to get it to work on CE.
I have an application in C++ that needs to transmit data securely via web services to our web server.
VPN was the first choice, but out network administrator informs us that we will not support the IPSEC protocols available on Windows Mobile.
Currently we have tried implementing a SSL connection, but found we don't have the libraries for that.
Alternatively, we have been trying PocketPutty to create a SSH tunnel, but that only has a GUI interface, and we're not sure how to get that to work via programming code.
Thank you
OpenSSL supports Windows CE.
SSL 2.0 has been supported since at least CE 5.0.
SecureBlackBox is also supported.
I need to implement a server running on Windows CE 5.0 that shall communicate on a secure connection. To implement a secure connection SSL looks like a good choice.
The Windows CE 5.0 Winsock implementation allows to implement all the SLL stuff using the Winsock Secure Sockets. But the problem is that the referred site states:
SSL does not support the following Winsock functionality ... "Calls to the accept function".
How can I implement a SSL secured server when accept will not work? What other options do I have to implement a secure connection to a Windows CE 5.0 device?
Edit: My current application implementation is in C++. So I would prefer an approach that use the Windows API or a C++ library.
We ported the Mentalis Secure Socket Library to the Compact Framework for when we needed SSL. It was fairly painless, though not without its bugs.
MatrixSSL supports Windows CE:
MatrixSSLâ„¢ is an embedded SSL and TLS implementation designed for
small footprint applications and devices. Available is a fully
supported, commercial version as well as an open source version that
is available for download. MatrixSSL allows secure management of
remote devices. Several secure embedded Web servers also use MatrixSSL
for their encryption layer.
MatrixSSL has been ported to operating systems including
FreeRTOS, Bare Metal, eCos, VxWorks, uClinux, eCos, FreeRTOS, ThreadX,
WindowsCE, PocketPC, Palm, pSOS, SMX, BREW, MacOS X, Linux and
Windows.
I am developing a website which is supposed to have blogging capabilities (which I aim to achieve via wordpress) and a CRM based upon jsp and oracle express (as the website will be deployed over linux server, sql server is not an option).
For development should I choose a server to be installed on a linux machine or should I use linux server? I am sorry if they are very different things and not comparable but I went through both of theirs documentation but couldn't figure out anything.
If I should go for some server to installed on ubuntu, what server should i go for?
I hear that glassfish has much higher support for jsp rather than apache.
Please also keep in mind that the website will go o live on a linux server so please suggest based upon problems or ease of deployment on later stage.
I have a deadline to meet and the people who gave me this work have not been much generous with time. I do not have much linux experience so please pardon my lack of knowledge of the platform.
There seems to be a lot of confusion in your post. Based on your lack of experience with GNU/Linux, I would suggest you use desktop Ubuntu.
The difference between Ubuntu server and Ubuntu desktop is that the server edition is targetted to experienced users, so you get a very minimal distribution. No GUI, nothing preinstalled except the bare minimum.
As for your comment about Apache/Glassfish, the two aren't comparable. Apache is the name of the open source community which looks after a lot of products. Very often people call Apache's httpd just "apache", which is a web server. Glassfish is a Java EE application server (Oracle's reference implementation) so probably a good place to start with Java EE.
My network has a kerberos server for username/password authentication. Machines that run my application have functioning kerberos clients, so users can use kinit, etc.
How do I interact with the server programatically, from my own custom applications? The preferred language for an example is C.
I want users of my application to authenticate against a kerberos server before access to certain functions. I anticipate having to ask them for their username and password - kinit may not have been called.
The machines hosting the applications run OS X and Debian/Linux.
I believe the answer might well involve GSSAPI. If so, are there good tutorials for this?
Sun covers this in their book Solaris Security for Developers Guide. Specifically helpful to you will probably be Appendix A - Sample C-based GSSAPI programs and Chapter 5 - GSS-API Client Example.
Have a look at Heimdal, they have an extensive kerberos API, and the site below has a great doxygen install that describes the API.
http://www.h5l.org
GSSAPI is indeed the recommended approach, but the precise details will depend on your language environment and whether you need interop with Windows. Is your kerberos provider Windows or something else?
On Windows, Kerberos is a native protocol supported by the OS, and many high level Win32 APIs will effectively give you it for free. Making it interop with a non Windows kerberos server is possible but not trivial.
On UNIX, you may first need to install kerberos client support and get that working - but if your network already has a kerberos server, this may have been done for you already.
Windows includes an implementation of GSSAPI as does Java, and most UNIX flavors have an implementation. I believe GSSAPI addons are available for PHP also.
If you can add more specifics on your requirements I can firm this answer up a bit.