Is it still possible to deploy to meteor.com and protect it using a password?
When I search for this I find things like
$> mrt deploy -P example.meteor.com
but that doesn't work. I guess something has changed here and I get the impression this feature is removed
Meteor no longer supports deploying with a password directly, and for good reason!.
All publishes are linked to a Meteor developer account. These give:
Ability to allow other users to have access to your apps
Abililty to see all sites you have
Ability to publish without putting in your password every time
(In future) more fine grained permissions options (I'd imagine, considering galaxy's commercial target base).
Simply meteor login, or publish your app like you would normally to kick off the signup process. You can meteor logout to switch to another account.
After you deploy your app, you can see the sites you are authorized with meteor list-sites.
Related
I am have AWS EC2 Server with my App Backend and Database there.
My new developer needs to upload few things in the Database and update Backend code but I don't want to give him the PEM.
He needs to SSH
Whats the best possible way to do it? I was thinking of creating an IAM User for him - but I only want him to give SSH Access, so permission would that be? I could only find a general full permission EC2 which would also give him permission to edit the Security Group and things like that.
I do trust him well, but I just don't want to give him full access in general.
What can I do?
Why not allow your developer to connect using session manager.
If you use this he can access the environment either in his browser or via the AWS CLI.
He should be able to mimic a regular session but without having the key, then when he's done you remove the permissions of the server. You can also enable logging to check the history of his sessions actions.
If you want to update code you should at some point take a look at using code deploy to have the code automatically rolled out without even accessing the server.
We've got an install of Azure Devops server that currently authenticates against our active directory server and authentication works, but it appears to do so by means of browser basic authentication (the browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such that users that have never logged in, actually get a login page... not just the basic authentication prompt in the browser.
I appreciate any input, I've used and administered azure devops in the cloud for a LONG time, but the devops server stuff I'm new to.
NOTE: I've played with IIS settings for authentication (enabling and disabling basic authentication and forms auth etc, but nothing really seemed to help there)
it appears to do so by means of browser basic authentication (the
browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such
that users that have never logged in, actually get a login page... not
just the basic authentication prompt in the browser.
What's the login page do you mean?
1.If you mean the login page to connect to TFS web portal, as I know using basic prompt with username+password is the only appraoch.
Web Portal:
Only logic page:
2.But if you mean something used for authentication when accessing the code. I think you must be familiar with PAT which is widely used in Azure Devops Service. IIS Basic Authentication is not recommended. You can check Enabling IIS Basic Authentication invalidates using Personal Access Tokens and Use the TFS Cross Platform Command Line with TFS using basic authentication or personal access tokens (PATs).
Hope it helps to resolve your puzzle :)
So after lots of research, I found that in the differences between azure devops server and azure devops services documentation. In this documentation it states that it uses windows authentication, and you will never be presented with any login experience.
I'd vote that this should be something that be configured to show a login screen, as sometimes we want to log in as users other than the users we logged into the machine as.
So my goal is to create a Rundeck job that runs on a schedule and isn't run as my personal user, or any "regular" user, but rather a bot user. Ideally this bot user wouldn't have login access and restricted permissions for security reasons, but would be able to run certain jobs. I've tried searching, but the only information I'm finding is about how to create a "regular" user in Rundeck. Even if I go down that route of creating the bot user as a "regular" user, to use it, you need to pass in either the login credentials or an API token. An API token would be fine, if it could be generated and pulled in on the fly. However, that is not the case, the API has an expiration itself. If there is something I'm missing, please let me know. I'd love to get this working.
Rundeck Version: Rundeck 3.2.1-20200113
Rundeck Cli Version: 1.1.7
You can set the following configuration in your rundeck-config.properties file (usually at /etc/rundeck/ directory):
rundeck.api.tokens.duration.max=0
This will disable your maximum period, you can see this in the official documentation here.
With that, your "bot user" can do it through API / RD CLI as you wrote.
Try using webhooks https://docs.rundeck.com/docs/manual/12-webhooks.html
You can trigger a job by making a http-request
The way I've implemented bots is as a user who is a member of a 'bot' user group, with ACLs that lock down that group as required. Any passwords required for the scheduled job are loaded into the key storage of the bot user.
With this approach you still need someone who knows the bot credentials to login as them and set passwords/SSH keys, but that's a one-off. Is that what you're trying to avoid?
The one annoying thing I've found is that a scheduled job always seems to run as the last user to edit the job - so I grant edit access to bot users and make sure to set/reset the schedule after any edit by a normal user. Hoping to address this through https://github.com/rundeck/rundeck/issues/1603, you might want to give it a 👍.
I'm using moodle 2.7 ,i need to use LDAP authentication for allowing users to login using external LDAP server(with their username and password).i have tried with the apache directory studio.But i got "Invalid login" error.But the login details were correct.
Please suggest me with some other LDAP server and how to add user details in that server and do authentication in moodle.
FusionDirectory is a reasonable alternative. It's based on OpenLDAP and it's pretty well documented.
Assuming that you're in a Linux environment, you can install it relatively easily/quickly via SSH. Once the download is complete, follow the on-screen instructions which is not that wildly different from setting up any odd CMS/LMS. The default URL is yourdomain.url/fusiondirectory.
When that's all done and dusted, you'll be taken back to the login page where you can sign in for the first time using the credentials you created during the set up process.
You can use your dashboard to add users/groups.
Once you've got a few users in there, it's now time to jump back to Moodle. Hop over to Site Admin -> Plugins -> Authentication -> Manage Authentication and enable "LDAP Server" then open up its settings. Fill in the details of your LDAP server such that it matches the details of the FusionDirectory.
This will set up the connection, but you will finally need to set up a cron job to regularly sync your databases together. Jump to SSH or cPanel->Cron jobs (Whatever option you prefer) and run the following crontab:
wget -q -O /dev/null https://yourdomain.url/auth/ldap/cli/sync_users.php
It's up to you how frequently you choose to set it.
HTH.
I've got pretty much the same question as: Jabber Openfire server v3.6.0a+ - how do I use Hybrid authentication?
But when I followed the instructions there, and I go into the Admin interface > Users and Groups > Create New User, I get the following message:
Not allowed: the user account system is read-only.
That tells me that the system is trying to add to the LDAP structure, and not to the database. Does anyone have a working config that allows both LDAP and Database users to login, and to be able to create Database Users?
I believe in the latest version of Openfire, settings are pulled from the database but not the openfire.xml file. Unfortunately, there's little documentation on their site.
OK... so I have been looking for how to do this for 6 months now. And not more than 15 mins after I post this question, I find the link here:
http://community.igniterealtime.org/message/204225
Also, the settings are now saved in the databsae, so the openfire.xml is irrelevant for these settings.