Slanger is an open source server implementation of the Pusher protocol written in Ruby.
It requires Redis to run, where it keeps the global state to be shared between multiple Slanger instances.
If Redis is configured via redis.conf to use authentication, where should I set up the Slanger to know the Redis password?
I tried to read the Slanger documentation, but I haven't found it.
Inside the Slanger source code I found this connection creation, passing a string parameter, which looks like a host address:
Is there some way of passing the password together the host, like a connection string or editing the source code to do it?
I solved the problem doing the following:
vi /etc/redis.conf
Then searching requirepass (using / and n to search and navigate) and uncommenting it, replacing forbared (default password) to the choosen password.
Then on Slanger initialization I found that I can pass a connection string with an empty username and the choosen password (I am using Redis 3.x, according the documentation the username is available on some new versions features), as example a connection string using the password "foobared":
slanger --app_key your-pusher-key --secret your-pusher-secret --redis_address redis://:foobared#192.168.1.222:6379/0
Related
I need to setup remote admin console on tcp(not unix socket) for tarantool.
According to documentation it is provided with console module.
And I added this to my tarantool config:
console.listen("0.0.0.0:3313")
Then I can connect to it via telnet or using tarantoolctl connect.
But I'm not pleased that it is not password protected. Yes I've read the docs.
Is there some possibility to get protected console with password?
The correct way to administer tarantool remotely, with authentication is by opening a regular binary port like this:
box.cfg({listen=3301})
And then connecting to it with tarantoolctl:
tarantoolctl connect admin:password#127.0.0.1:3301
So, connect to the instance through the same host:port you'd use to connect with, say, Python or PHP client.
The console module you refer to isn't meant to be used over TCP. It has support for TCP, but it's essentially plaintext, without any authentication. It is only meant to be used by local user who has root account.
To make a flow and controller services environment agnostic(So that moving from dev-stage-prod would be easy), I am using variables/Expression language for passwords and usernames. And plan to read them the passwords/usernames from a custom.properties file or in process group variables.
Not very comfortable in typing out the password directly in either. So would like to use some form of encryption and later decrypt it in the needed processors.(Can NIFI decrypt it in memory for all processors?)
Example : If am using a JDBC connection pool and the password for connecting to the DB through controller service be “badPassword”.
In custom.properties file,
my.password.for.JDBC.connection.pool = badPassword
And in the controller service for Password the value would be ${ my.password.for.JDBC.connection.pool }
The same example could be applied for different processors like FTP, SFTP or to invoke http processor where there is a Basic Authorization token.
Is there way to encrypt it and enter the encrypted password in the custom.properties file or in the process group variables and decrypt it in the corresponding processor.
There is an open Jira for this feature, and with the upcoming Apache NiFi Registry effort, the flow versioning will allow for promotion of flows between dev/test/prod environments with referenced variable credentials. At this time, however, the variable registry values (your custom.properties values) cannot be encrypted.
We call DirectoryEntry.Invoke("SetPassword",newpwd) to change the password of a local user, but the new password is not being used immediately when doing Windows Authentication to a remote SQL server. It does get used after a reboot, but that's not really an option for me here. How can I make it take effect without rebooting? I need currently running processes on the client to begin using the new password immediately.
The environment is two Windows 7 Embedded systems, call them 'server' and 'client', and there is no domain, but they are both in the same workgroup. We use the same username on both systems. There are multiple servers out there with different passwords (computed based on various things). When we need to switch to use a different server, we change the password locally. The change itself is successful, but SQL accesses from client to server fail with
SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.
and
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
But as soon as client reboots it can access server's database successfully.
SQL Express 2008 on both systems, configured to use only Windows Authentication.
Wireshark shows me the SMB2 NTLMSSP_AUTH packet with what looks like the usual info although I don't know how to decode the security blob. Otherwise it matches the packet from a successful session. In the failure case this packet is followed by an SMB2 response with STATUS_LOGON_FAILURE and a missing security blob. I can only think that the client presents some kind of hash of the password in that security blob and the server is finding that it doesn't match its own password hash - or something like that.
Changing the environment ('Use Active Directory', 'Use Kerberos', etc.) is unfortunately not an option for me here. Also, these are consumer touch-screen kiosks, where no human ever knows the password, and wouldn't have a keyboard to enter it anyway.
ADD: FYI, The changing of the password is done thus:
DirectoryEntry directoryEntry = new DirectoryEntry(string.Format("WinNT://localhost/{0}", username));
directoryEntry.Invoke("SetPassword", newPassword);
ADD: Made that parameter new object[] {newPassword}, and called .CommitChanges(), because those look like correct things to do. No change in behavior.
I am not able to login with AWS ec2 Bitnami instance.
I have created new keypair for the ec2-instance and i have converted the keypair into ppk with the puttygen.
I have tried to use the login with the different user name like bitnami, ec2-user, ubuntu, root but i cant get any success i have read many blogs amazon document, bitnami document but and apply there that process but still not get success.
I have created new user group and provided access for the ssh, http, https with there defult port.
Server Details.
Instance type : m1.small
Description : https://bitnami.com
Status : available
Platform : Ubuntu
Image Size : 10GB
Visibility : Public
bitnami-magento-1.9.0.1-0-linux-ubuntu-12.04.4-x86_64-ebs
Whenever i am trying to login with the ssh i get the error message.
Disconnected: No supported authentication methods available (server sent: publickey)
Help is very much appreciated.
Thanks
This looks like your public key file is got some issue. I am guessing it should be the puTTY bug which requires an extra newline character at the end of the key file.
When creating the public key, open it in puTTYgen and copy and paste (this will make the key to be formatted in one line along with a newline) it to your authorized_keys and try to login.
For more information, read a similar question
I work as a student web developer for my computer science department and I've been asked to look into a modification of our password reset procedure for linux accounts. Currently users will log in with their university credentials (via Active Directory) and after being authenticated they get a temporary password through email which they are forced to change as soon as they log in. This way eben if the temporary password it intercepted there is a very short time span in which it could even be used.
Now the idea has been posed that instead of using a temporary password that we might allow the user to pick a new permanent password and set it directly through the web utility. It is my understanding that https is more of "the best we have" than "a great way to secure information". Are there any other avenues I can explore for securing the new password so that we can feel comfortable implementing such a system?
Basically, if you communicate with a server over HTTPS and the private key of the server isn't exposed to someone else, you can be sure that anything you transfer (e.g. the new password) can only be decrypted by the server. Additionally the server certificate assures, that the server you are communicating with, really is the server you want to communicate with.
So, using HTTPS provides authentication and prevents eavesdropping.
If you are working with Active Directory, it is my understanding that the Password Modify Extended Operation (which requires the existing password) is not supported. Therefore, the password must be changed with the LDAP modify request. One solution would be to use the UnboundID LDAP SDK with a web application to execute the LDAP modify with the new password. The modify request should be transmitted over a secure connection, or a non-secure connection promoted to a secure connection using the StartTLS extended operation.
see also
AD password change
Using ldapmodify - this article is about the command line utility ldapmodify but the concepts are useful.