Anonymous

LDAP: Difference between revisions

From London Hackspace Wiki

LDAP (view source)

Revision as of 23:51, 30 December 2015

95 bytes added ,  30 December 2015
m
Removed babbage references and changed wording slightly
No edit summary
m (Removed babbage references and changed wording slightly)
Line 2: Line 2:
= LDAP =
= LDAP =


Although the hackspace has had [[babbage]] for ages we've not had any kind of connection between the membership db on [[turing]] and babbage, or anything else. Additionally there are loads of neat things we could be doing if we had a membership db we could get at in software, like [http://spacefed.net spacefed].
Historically, the Hackspace did not not have any kind of connection between the membership db on [[Turing]] and user logins, but with the advent of LDAP, it has allowed us to extend functionality that helps to manage the space. Additionally there are loads of neat things we could be doing if we had a membership db we could get at in software, like [http://spacefed.net spacefed].


You can setup your LDAP account at [https://london.hackspace.org.uk/members/ldap.php https://london.hackspace.org.uk/members/ldap.php]
You can setup your LDAP account at [https://london.hackspace.org.uk/members/ldap.php https://london.hackspace.org.uk/members/ldap.php]
Line 10: Line 10:
== FAQ ==
== FAQ ==


=== I don't care about babbage or spacefed and just want to use the workshops at the hackspace, can I ignore this LDAP thing? ===
=== I don't care about spacefed and just want to use the workshops at the hackspace, can I ignore this LDAP thing? ===


Yes.
Yes.
Line 16: Line 16:
=== What can I use my LDAP account for? ===
=== What can I use my LDAP account for? ===


* logging into [[Lamarr#Chomsky|chomsky]] (the babbage replacement), [[Lamarr#Services|Services]] (for things we care a bit about), [[Lamarr#Adminstuff|Adminstuff]] (for things we care more about), [[Equipment/Tanenbaum|Tanenbaum]] and [[Equipment/Flowers|Flowers]] (screen tree things)
* logging into [[Lamarr#Chomsky|chomsky]] (the multi-user shared Linux environment), [[Lamarr#Services|Services]] (for things we care a bit about), [[Lamarr#Adminstuff|Adminstuff]] (for things we care more about), [[Equipment/Tanenbaum|Tanenbaum]] and [[Equipment/Flowers|Flowers]] (screen tree things)
* You can spin up vm's on [[lamarr]] with virt-manager
* You can spin up vm's on [[lamarr]] with virt-manager
* spacenet/spacefed (see below)
* spacenet/spacefed (see below)
Line 31: Line 31:
=== Why is the NTLMv2 hash so bad? ===
=== Why is the NTLMv2 hash so bad? ===


The hash it uses is not very good: [https://en.wikipedia.org/wiki/MD4 MD4], and just hashes the password (i.e., no [https://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]), this means that if someone hacks the ldap server and gets a list of hashes then it's trivial to use an offline dictionary of hashed password (aka a rainbow table) to find peoples passwords.
The hash it uses is not very good: [https://en.wikipedia.org/wiki/MD4 MD4], and just hashes the password (i.e., no [https://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]), this means that if someone hacks the LDAP server and gets a list of hashes then it's trivial to use an offline dictionary of hashed password (aka a rainbow table) to find peoples passwords.


=== I use the same password everywhere, should I use it for the SSHA and NTLM hash's? ===
=== I use the same password everywhere, should I use it for the SSHA and NTLM hash's? ===
Line 73: Line 73:
</nowiki>
</nowiki>


(you'll need to be on jessie, or something else with a newish version of ssh).
(you'll need to be on Debian release jessie, or something else with a fairly modern version of ssh).
Retrieved from ‘https://wiki.london.hackspace.org.uk/view/Special:MobileDiff/48738