DevConf.cz 2018

"Kerberos has long been a demand of the enterprise environment, and there's a
lot for security-conscious developers to like that we often don't talk about.

I'll touch on what makes Kerberos nice from a security perspective, but the
focus of the talk will be on enablement: how can you use these cool features
in your software?

Some features, time permitting, that will be discussed include: OTP and second
factor support, public key authentication, SAML/SPNEGO and web logins, python
bindings, and, of course, the more traditional authentication/encryption
routes. Expect canned demos!

Very basic familiarity with Kerberos is expected (i.e., the first two
paragraphs of the Wikipedia article), but this talk won't go very far into how
Kerberos works internally."

"This talk will go through what Fleet Commander is (and, consequently, what Fleet Commander is *not* intended for), which are the solutions proposed by the project, how Fleet Commander interacts with SSSD and FreeIPA and, plans for the future and finally provide a Demo of the current state of the project."

"Samba AD is a free software implementation of Microsoft's Active Directory
solution. It took more than five years to port Samba AD to MIT Kerberos and now
it is a part of Fedora 27 release. However, the work does not stop here. Active
Directory is a complex set of technologies and one of driving factors behind
Fedora Server work is to make them easier to deploy and manage. The talk will
go into details what is needed to be done to make Fedora a preferred
distribution to deploy Samba AD."

"Eclipse Che is a browser-based IDE providing on-demand workspaces that include runtimes and IDEs. It is powered by a RESTful workspace server (with Docker, OpenShift of Kubernetes as underlying infra), plug-ins for languages, framework, and tools.


In this session, we will demonstrate how to boost the power of Eclipse Che with Keycloak to build a collaborative developer environment. We will also discuss how to manage teams, groups, organizations, and permissions for fine-grained access to APIs and resources.


[1] https://www.eclipse.org/che/
[2] http://www.keycloak.org/
[3] https://www.openshift.com/"

"Do you want to know how Smart Cards can help you improve security and work efficiently?
Smart cards are among us for decades, but they are still not widely used on daily basis by most of us, even though they provide significant advantages for both security and usability and all the tools are open source in Linux. Smart cards are no longer only credit-card sized cards, but also more practical USB dongles which are frequently combined with other features such as OTP or U2F, which can take this even further.
I will go through architecture of smart cards and show you how they can be used to simplify your work."

"Government, medical, financial, and other organizations need to track what users and administrators do on critical systems. Up to recording everything they see on the screen, the commands they execute, and files they access.

While there are many capable solutions for session recording, which can centrally collect, search and playback sessions, there is no such open-source code. All we have is script(1), sudo I/O logging, and TTY audit. This presentation will show an approach suitable for the modern enterprise, and will include a demo of centralized recording and playback.

The intended audience is developers, as well as system administrators and security officers responsible for maintaining critical systems and preventing insider attacks.

Short project intro: http://scribery.github.io"

"Authentication is a major component of security, but is often implemented as a password-based solution even though stronger and more secure alternatives exist.
This talk will explain the risks associated to password-based authentication, describe the advantages of two-factor authentication, and demonstrate how open source software such as FreeIPA (http://www.freeipa.org) can help deploy an infrastructure for Smart Card authentication with X509 certificates."