HOWTO Convert YubiRadius for Xen

This post introduces a series of posts on how to import YubiRadius, a Free Radius appliance implementing OTP validation, into Xen Open source Hypervisor.

Introduction

Yubico makes available a preconfigured appliance called YubiRadius that allows Authentication and Authorization using their Yubi Key token and implements the Radius protocol (which can be used by other devices to exchange AAA information).

This appliance is based on FreeRadius, Apache, Open LDAP and runs on a Debian Squeeze distribution.
The appliance is distributed in 2 different formats: OVF and VMware. This paper describes the process of transforming a VMware YubiRadius appliance in a fully functional para-virtualized Xen Domain U, in order to run on a Xen Dom0 installation. Soma knowledge of Linux/Unix is required but not exceedingly. All operations have been run on a Debian 6 host running Xen 4.01.

Process

As a first step ensure you have a fully functional Dom0 running. Please refer to http://www.xen.org and http://wiki.xen.org for documentation and howto accomplish these tasks. I can also recommend “Running Xen: a HandsOn guide to the Art of Virtualization”.
Once you have Xen Dom0 running on your hardware you are ready for the following:

  1. Create a functional DomU
  2. Extract Yubico’s appliance from the VMware image
  3. Build a .img useable by XEN
  4. Modify the content of your Yubiradius .img
  5. Create a .cfg Domain File
  6. Boot your appliance

Once again I installed my Xen host on Debian 6, I then realized that Yubico uses Debian 6 as distribution for their appliance which simplified everything for me. If you are starting from scratch I recommend going for Debian. As you can see in the Xen site, there are not too many Linux distro that directly support Xen.

About Fabio

Love of technology and flying have been the drivers of my life, more about me.
Tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Couldn't connect to server: Connection timed out (110)