For enterprise usage, we need to integrate Kerberos for SnappyData. Do you have any documentation for doing that?
Thanks
SnappyData Enterprise supports LDAP for authentication but we now in the midst of adding support for kubernetes (coming in GA form soon) which will our primary mechanism to support a wide range of security options including using tickets(kerberos).
What security provider do you use for kerberos ?
Related
I plan to add HashiCorp support for dynamic database credentials for our micronaut applications. I noticed that micronaut-discovery-client may support this. In its configuration I found that key value backend is supported but there is no sign of support for dynamic database credentials. Can anyone share any info about this topic from experience?
Any help will be much appreciated.
Is it possible to use Google KMS with Mongodb server on Ubuntu 18.04 (GCP) to encrypt data at rest? What are the requirements? How is it done? I want to use mongodb encryption feature for additional security.
The documentation mentions KMIP protocol and does Google provide such service?
ps: I have installed Mongodb enterprise edition on my server along with other services such as backend.
From your comment and assuming your questions is on regards of how to use the KMS integration with MongoDB:
For a start, it is possible to use KMS with MongoDB. Google even provides an out-of-the-box solution of MongoDB Atlas to integrate with KMS via Market Place.
However, this integration is not available on Atlas M0, M2 and M5.
You can follow the same link for details on how to use the integration. If you have any specific question on this integration, please edit your question to include it.
Data on GCP is always encrypted at rest. You can optionally use your own KMS keys to encrypt the disks.
gcloud compute disks create encrypted-disk \
--kms-key projects/[KMS_PROJECT_ID]/locations/[REGION]/keyRings/[KEY_RING]/cryptoKeys/[KEY]
Wanted to check if ibm-eventstreams that I can deploy on IBM Cloud Private (ICP) 2.1.0.3, supports Kafka SASL authentication and ACLs applied to specific topics?
I was referring to this developerWorks article about Kafka ACLs:
https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/
Wondering whether it is available and supported with ibm-eventstreams.
If it is supported, are there any changes/enhancements to the ACL support that I see in the above doc? Is there any further documentation available?
Sorry, no - the current Tech Preview doesn't include any security or auth. (We're thinking hard about what the best way to do this would be though!)
I am looking to access a local instance of Couchbase Server through its REST API. The HTTP GET requests are sent from Java.
The problem I am currently running into has to do with authorization.
Specifically, I have managed to use Couchbase's Basic Authorization, but only by obtaining the hashed credentials (bG9jYWw6dHdlZXRzOnBBc3Mx in the example linked to above) by monitoring a Couchbase browser session using Chrome's developer tools and inspecting the request headers.
Now, another Couchbase article mentions that Couchbase uses SHA-1 in compliance with SCRAM. However, no mention is made of how to obtain the 'salt' and 'iterations' parameters from Couchbase. Which, I assume I need to go from the credentials to the challenge solution (i.e. hashed string)
So, the question is as follows: how to get from the credentials (user="local:tweets", pass="pAss1") (from the example of the first link) to bG9jYWw6dHdlZXRzOnBBc3Mx?
Thanks in advance,
Thomas
SCRAM SHA-1 support is only for the Data (K/V) service and only through certain Couchbase SDKs which use the memcached binary protocol. The Java SDK does have support for SCRAM SHA-1.
The REST interface you appear to be using is N1QL's API. That does not support SCRAM SHA auth.
If you're looking to give some other application HTTP access, my recommendation would be to write a small Java app with Spring Boot or the like and use the Java SDK from there. Then you have complete control over how auth is done at the REST interface. A colleague wrote one of these just the other day. Note that even in this case, the Java SDK won't be using SCRAM when running N1QL queries, but you can use that as a point of control.
Can someone please explain the major differences between IBM Tivoli Access Manager and Tivoli Federated Identity Manager?
Does TAM support SAML?
Updated Answer: SAML is now supported with ISAM v9.
The names and versions of the products have been updated/changed. Basically, TFIM and TAM are now old names and products. All of the functionality and code of TFIM has been rolled into to ISAM v9. ISAM v9 now has Web, AAC, and Federation components. (ISAM v8 did not have the Federation componentm ISAM 8 only had Web and Mobile)
ISAM 9 Web - reverse proxy that handles authentication/authorization to back-end web servers
ISAM 9 AAC (Advanced Access Control) - more advanced authorization functions tailored toward mobile devices like device fingerprinting, geolocation awareness, and IP reputation
ISAM 9 Federation - all the old TFIM code with updates
old Tivoli Access Manager (TAM) -> new IBM Security Access Manager (ISAM)
old Tivoli Federated Identity Manager -> new ISAM v9 Federation
I will elaborate a bit more since nzpcmad 's answer fails to address TFIM at all.
IBM Tivoli Access Manager ( now IBM Security Access Manager) handles the authentication and authorization part of your IAM infastructure.
IBM Tivoli Federated Identity Manager allows for federated and web Single Sign On. It can be used with ISAM, for example in a scenario that ISAM delegates the authentication part to TFIM for certain resources/cases.
ISAM does not speak SAML by itself, but it can leverage TFIM that does.
Other than that, you would have to ask something more specific in order to get concrete answers.
In general, an Identity Manager provisions users into an identity repository e.g. AD / LDAP. It also provides password self-service etc. The provisioning includes user attributes and roles.
An Access Manager provides authentication (using the identity repository) and authorization based on the users attributes, roles and credentials provisioned by the Identity Manager.