Samba
OpenID
Samba | OpenID | |
---|---|---|
33 | 14 | |
913 | 976 | |
1.6% | 0.6% | |
10.0 | 9.2 | |
7 days ago | 11 days ago | |
C | C | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Samba
-
Homelab Adventures: Crafting a Personal Tech Playground
Samba
- Show HN: Git, from scratch, in Python, Spelled out
-
How do I go about hosting a shared drive for both Windows and Linux
The TLDR is that you create the filesystem on Linux/Raspberry Pi. Then you "export" that file system via some software to remote computers. You can use Samba (https://www.samba.org/) to create CIFS shares which can be mounted by either Linux or Microsoft Windows devices. There are of course other software/protocols you can use to export the filesystems like NFS, iSCSI, CEPHFS, etc; but these are a bit more complicated than what a novice can deploy. I would start with Samba/CIFS and then branch out once you get more experienced.
-
Go SMB Server?
You could try to use samba via cgo.
- The most common ways for two Linux laptops to share files?
-
Is there any r/rust library for "net use"?
I think you want a CIFS/SMB client? A quick search turned up smbc, which looks like it does what you want. All three crates are based on libsmbclient, which is a C implementation from the Samba project.
-
Are most companies moving away from on-prem AD in favour of Azure?
Remember kids, there is always Samba.
- Major Linux Problems on the Desktop, 2022 edition
-
Get linux samba shares to show up in windows again
I have a media server that runs ubuntu, and today I wanted to copy some files off of it from my windows laptop. But the samba shares weren't showing up in file explorer (but they showed up on fine on my macbook).
-
Lifelong PC guy about to buy M1 mini. Some questions
brew info samba samba: stable 4.16.0 (bottled) SMB/CIFS file, print, and login server for UNIX https://www.samba.org/ Not installed From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/samba.rb License: GPL-3.0-or-later ==> Dependencies Build: [email protected] ✔ Required: gnutls ✘, krb5 ✔ ==> Caveats To avoid conflicting with macOS system binaries, some files were installed with non-standard name: - smbd: /usr/local/sbin/samba-dot-org-smbd - profiles: /usr/local/bin/samba-dot-org-profiles ==> Analytics install: 1,477 (30 days), 3,287 (90 days), 6,917 (365 days) install-on-request: 1,459 (30 days), 3,246 (90 days), 6,863 (365 days) build-error: 5 (30 days)
OpenID
-
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
> that's irrelevant to the core developers
That's relevant to me! If I want Apache to act as an OpenID connect relying party, for example, I can just use mod_auth_openidc https://github.com/OpenIDC/mod_auth_openidc installing which is pretty much trivial and requires little work on my part:
sudo apt install libapache2-mod-auth-openidc
-
Ask HN: How to build site with payment, subscriptions, user login, registration
> I think today it would not be unreasonable to take a "microservice" kind of approach where auth is handled by some self-contained system through an API but practically you might want to be able to join stuff against your user table.
One option for writing less code yourself might be using something like Auth0 (cloud) or Keycloak (self-hosted) with some OpenID Connect library for your tech stack, or a Relying Party implementation altogether, like: https://github.com/OpenIDC/mod_auth_openidc
-
Never Update Anything
That's fair! Honestly, it's kind of cool to see how many different kinds of packages are available for Apache.
A bit off topic, but I rather enjoyed the idea behind mod_auth_openidc, which ships an OpenID Connect Relying Party implementation, so some of the auth can be offloaded to Apache in combination with something like Keycloak and things in the protected services can be kept a bit simpler (e.g. just reading the headers provided by the module): https://github.com/OpenIDC/mod_auth_openidc
Now, whether that's a good idea, that's debatable, but there are also plenty of other implementations of Relying Party out there as well: https://openid.net/developers/certified-openid-connect-imple...
I am also on the fence about using mod_security with Apache, because I know for a fact that Cloudflare would be a better option for that, but at the same time self-hosting is nice and I don't have anything too precious on those servers that a sub-optimal WAF would cause me that many headaches. I guess it's cool that I can, even down to decent rulesets: https://owasp.org/www-project-modsecurity-core-rule-set/ though the OWASP Coraza project also seems nice: https://coraza.io/
-
I Love Laravel (2022)
In my eyes, that felt like something that should be separate from any given app or back end API, so in my case I use mod_auth_openidc: https://github.com/OpenIDC/mod_auth_openidc with Keycloak: https://www.keycloak.org/
My back end/app just gets a few headers that say who an authenticated user is, if they are logged in. When I need to log in or create a user, I can just direct them to the Keycloak SSO portal, where they can also use social login.
It's using OpenID Connect without the insanity of dealing with the low level logic.
-
Keycloak SSO with Docker Compose and Nginx
I did something similar, though picked Apache with mod_auth_openidc, which is a certified Relying Party implementation: https://github.com/OpenIDC/mod_auth_openidc
In other words, I can protect arbitrary applications through my reverse proxy and require either certain claims/roles, or simplify auth to the point where my downstream app/API will just receive a bunch of headers like OIDC_CLAIM_sub, OIDC_CLAIM_name, OIDC_CLAIM_email through the internal network, not making me bother with configuring OIDC libraries for all of my APIs and configure them in each stack that I might use, but rather contain all of that complexity in the web server.
Basically:
user <==> Apache (with mod_auth_openidc) <==> API (with OIDC_ headers, if logged in)
- What Is OIDC?
-
Easy to use OpenID Connect client and server library written for Go
otherwise connections would randomly drop. I was looking for other ways to make development a bit easier and also settled on mod_auth_openidc, which is an Apache module that lets it act like a Relying Party and handle lots of the heavy lifting (protecting endpoints, refreshing tokens etc.) for me, and lets me work with just a few headers that are passed to the protected resources: https://github.com/OpenIDC/mod_auth_openidc
It works, but I'm still not happy - I realize that there are many types of attacks that have historically been a problem and that certain OpenID Connect flows try to protect against, in addition to the fact that if I wrote my own security code it'd almost certainly be worse and have vulnerabilities (in the words of Eoin Woods: "Never invent security technology"), and it's a good thing to follow standards... but the whole thing is such a pain. Both OpenID Connect, Keycloak and configuring mod_auth_openidc.
Right now I'm moving permissions/roles from Keycloak back into the app DB, with references to the Keycloak user IDs, because I don't want to have to work with the Keycloak REST API every time I want to change what a user can or cannot do in the system, in addition to permissions which might only apply conditionally (one user might be related to multiple organizations, having different permissions in the context of each).
Regardless, it's nice that there are more pieces of software out there to choose from!
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
-
Password protect a static HTML page
> The user experience with basic auth is not so good.
Apache actually also has an OpenID Connect module, which you can enable to have it work as a relying party: https://github.com/zmartzone/mod_auth_openidc
Basically, the actual UI will be handled by another system that you might be using, for example, in my case that might be a self-hosted Keycloak instance: https://www.keycloak.org/
I'd say that Keycloak is a pretty good solution in general, because it does some of the heavy lifting for you, maybe its shorter release cycle not being the best thing ever, though. I think IdentityServer also tried to fill this niche, but they went full on commercial recently, without OSS offerings.
-
SSO - For Plex, Emby and AudioBookShelf etc... How are you exposing these for remote access?
E.g. for Apache httpd there's mod_auth_openidc available.
What are some alternatives?
Nextcloud - ☁️ Nextcloud server, a safe home for all your data
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
syncthing - Open Source Continuous File Synchronization
LDAP Account Manager (LAM) - LDAP Account Manager
minio - MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license.
easy-rsa - easy-rsa - Simple shell based CA utility
Pomerium - Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
ownCloud - :cloud: ownCloud web server core (Files, DAV, etc.)
BounCA - BounCA is a web tool to generate self-signed SSL certificates and setup a key infrastructure
Seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
OSIAM