authentication Archives

OAuth 2.0 and OIDC 2 of 2

July 22, 2023July 13, 2023 by Digi Hunch

I wrote a brief on this topic a while back. Now I need to configure OIDC in a few occasions I decide to dive deeper into the flows this time. As I stated in the last post, Nate Barbettini’s presentation from 2017 was awesome and I viewed it again. Slides are available here. Another great … Read moreOAuth 2.0 and OIDC 2 of 2

GitHub Action Gotchas

March 9, 2023January 27, 2023 by Digi Hunch

I started with GitHub Actions a couple years ago. Recently I came across a few interesting use cases while I was trying to setup Terraform workflow with GitHub actions. These use cases prompted me to make use some new features in GitHub Action. So I put them in a post here. Runners can assume IAM … Read moreGitHub Action Gotchas

Istio Authentication and Authorization

February 26, 2023February 5, 2022 by Digi Hunch

Applications running on Kubernetes platform seeks to offload common non-business features to the platform. Istio helps Kubernetes bridge that gap. It can enforce mTLS communication, which is known as Peer Authentication. It can help with two other things with the use of JWT token: when a web request presents a JWT token, it can validate … Read moreIstio Authentication and Authorization

NTLM and Kerberos protocols

January 27, 2023March 25, 2020 by Digi Hunch

This article explains how two most common authentication mechanisms (NTLM and Kerberos) work. Both authentication protocols are based on symmetric key cryptography. The protocols themselves are platform independent. NTLM Authentication NTLM is the default authentication protocol prior to Windows 2000 and still prevalent today as backup to Kerberos. It is based on challenge/response mechanism. User … Read moreNTLM and Kerberos protocols

Introduction to Authentication Frameworks (PAM and SSPI)

January 27, 2023March 24, 2020 by Digi Hunch

This article gives a very brief high-level introduction to PAM (Pluggable Authentication Module) and SSPI (Security Support Provider Interface) as authentication frameworks in Linux and Windows respectively. PAM The Pluggable Authentication Module (PAM) architecture provides a powerful abstraction for user IAM using pluggable authentication model Unix platforms. It defines a generic API for authentication and … Read moreIntroduction to Authentication Frameworks (PAM and SSPI)

OAuth 2.0 and OIDC 1 of 2

July 13, 2023March 14, 2020 by Digi Hunch

OAuth 2.0 and OpenID Connect (OIDC 1.0) are different but highly related protocols and they are often confused. When we talk about IAM (identity and access management), we should first distinguish between Authentication (AuthN) and Authorization (AuthZ): In a nutshell, OAuth 2.0 deals with authorization. OIDC is a layer later developed on top of OAuth … Read moreOAuth 2.0 and OIDC 1 of 2