SystemThis site runs its own certificate authority for the purpose of client and server authentication using TLS/SSL. At the moment certificates generated by the certificate authority are used to secure the web server (most pages on the web server are also available through HTTPS), in the future we will also configure our SIP servers to use TLS and issue client certificates that can be used in SIP user agents. How to apply for a certificateThe instructions below should work on Linux (or any POSIX compatible system) with OpenSSL installed. LDAPi-based Authentication and AuthorizationAll iptel.org hosts (virtual and physical) are configured to authenticate users against a central LDAP database. This way we do not have to replicate accounts across all hosts and password changes are propagated to all hosts. LDAP ServerThe LDAP server is running at 192.168.0.67, backup ldap server is 192.168.0.86. Never use domain names when configuring critical services like PAM and NSS on LDAP, always use the IP address. This ensures that the service will be available even if the DNS system is down. Search base is dc=iptel, dc=org, this is configured in /etc/ldap/ldap.conf for LDAP tools.  |
Navigation |