Brian Atkisson

Cryptography is something that technical folks either get excited over or completely tune out. There does not seem to be much of a middle ground. That said, cryptography is such an essential component of modern life that without it, the Internet and many, many companies would crumble. To make matters more complicated, cryptography is an area that is always changing. Today's modern crypto primitives might be broken before you drink your coffee tomorrow morning. Look at how quickly POODLE changed...

KeyCloak is the upstream project for the newly released Red Hat Single Sign On (SSO) product. The project and product goes well beyond a traditional SAML Identity Provider, supporting federation protocols such as OAuth 2.0 and OpenID Connect. While it is built upon JBoss EAP 7, both KeyCloak and RH-SSO are designed to be standalone systems for providing website authentication and authorization services. In fact, Red Hat believes in RH-SSO so much, that we just switched the authentication system for...

OpenShift 3 is all about Docker containers. More importantly, it is about management orchestration of containerized applications. Red Hat IT was a big consumer of OpenShift 2 and likewise, we are moving as many applications as possible to containers. OpenShift 3 is a big part of this strategy. On a personal note, OpenShift 3 is an incredible product. I even have it installed at home for various services :) Grant Shipley gave his talk on "making applications great again" using...

Yesterday, I did a live blogging post covering the Container Development Kit DevNation session. The CDK solves a fairly large problem, one that I have struggled with during my tenure as a Systems Administrator... giving developers a production-like environment. If you cannot tell, I'm a big fan of the CDK. It doesn't just give developers access to something approximating production, it also gives you an IDE combined with the tools to make you productive with the sandbox environment. However, I...

As a systems engineer, I enjoy building deploying production and pre-production services. These production services tend to be built at scale in a highly redundant architecture. The problem has always been how do we give developers a sandbox that matches production in all the ways that matters-- but without the pain (and love), overhead, compute and networks resources actual production environments require. Moreover, how does one snapshot this environment so it can be recreated at will. This has been a...

This is the second installment in a series about using Red Hat Identity Management (IdM) on Red Hat Enterprise Linux and Fedora (using the upstream FreeIPA project). As described in part 1 , IdM makes it very easy to build an enterprise-grade identity management solution, including a full enterprise PKI solution providing complete x509 certificate life cycle management. Most organizations start with a simple self-signed Certificate Authority (CA) certificate, perhaps generated using OpenSSL ; with a little configuration and a...

Red Hat Identity Manager (IdM), is designed to provide an integrated identity management service for a wide range of clients, including Linux, Mac, and even Windows. At its core, IdM combines LDAP, Kerberos, DNS, and PKI with a rich management framework. Frequently, IdM is described as "Active Directory for Linux". Although, to be fair, Active Directory is really just a management framework around LDAP, Kerberos, DNS and PKI -- all of which were well established in the unix community long...