I hereby claim:
- I am vincentbockaert on github.
- I am vincentbockaert (https://keybase.io/vincentbockaert) on keybase.
- I have a public key ASCmdGWZqElaR93s9a_wo4YhlFfwk2fVVk88MKDFxUGs5wo
To claim this, I am signing this object:
Vincent Bockaert vincentbockaert
🏠
vincentbockaert
/ keybase.md
Created
May 26, 2024 12:25
vincentbockaert
/ sectigo-record-get.sh
Last active
April 23, 2024 12:35
script to know in advance the records Sectigo Certificate Authority expects to be in place for DNS acme cname validation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| read -p "Enter the PEM cert: " pem_cert | |
| tempfile=$(mktemp) | |
| openssl req -in cert.csr -out $tempfile -outform DER | |
| acme_sectigo_cname_key=$(md5sum $tempfile | awk -F' ' '{print "_"$1}') | |
| acme_sectigo_cname_value=$(sha256sum $tempfile | awk '{print substr($0,1,32) "." substr($0,33,64)}' | awk -F' ' '{print $1".sectigo.com."}') |
vincentbockaert
/ Yubikey-PAM-Fedora-Linux.md
Last active
November 9, 2022 20:59
Use a Yubikey with PAM on Fedora Linux
Goal: enable passwordless authentication for our logins as well privilege escalations (sudo). Alternatively, you can swap out the "sufficient" in the PAM-file edits to "required" to require your Yubikey on top of your password.
⚠️ Messing around in PAM files is hazardous, especially when going the "require" route: Be sure, to not lock yourself out (keep a failsafe terminal at the ready and use 2 yubikeys if you want to require the usage of a Yubikey)!
Note: this should also work with other WebAuthn capable devices, but I haven't been able to test this