Today I got our very own Bugzilla server up and running. This should make life much easier!
http://www.shernet.net/bugzilla3
All posts by adam
pfSense
It’s a great router. Really. But here’s what you need to know: If you’re connecting two subnets, it’s really helpful to check the “Bypass firewall rules for traffic on the same interface” box under Advanced. There’s 4 hours I’ll never get back.
Upgrades!
Lots of new toys here at Shernet. The SAN and VMware server have both been upgraded to dual-core 64-bit systems. And they actually have some memory now! This should give us some working room to get a better test lab up, and hopefully make more progress towards a release.
Calypso Installer
The Calypso Installer works with Ubuntu Server 9.10 and reaches version 0.2.0!
Better still, it’s using cn=config instead of slapd.conf and is officially welcomed into the 21st century.
Samba 3.4
Since it took me an embarrassingly long time to figure out why “use kerberos keytab” refused to work in Ubuntu 9.10, I’m posting here what my problem was.
It seems “use kerberos keytab” is deprecated (as noted in the release notes). The replacement is some variation of kerberos method =
If using the system keytab, that makes the option simply:
kerberos method = system keytab
Mail and Me
Email via the Calypso Mail Installer is up and in production. And to get that working for me, I have finally moved my account into Calypso. Talk about eating your own dog good. Pre-alpha dog food at that!
Fedora GDM
It turns out gdm in Fedora looks at /etc/pam.d/password-auth for authentication rather than /etc/pam.d/system-auth. Installer updated, and should now allow client logins via the login screen.
Calypso client working with Ubuntu
After a night of hacking, the calypso client installer now works with Ubuntu (at least 9.10, but should work with others). In fact, I’m logged in as a Calypso user to Karmic right now.
One thing of note: nscd is required to use sudo with pam-ldap in Ubuntu… that wasn’t a fun bug to track down, lol.
The marvel of the LoginContext
and the PrivilegedAction!
The Calypso Admin application is progressing well. I’m now able to modify all of the LDAP data for users (except the picture, that can wait for later). This is all done via credentials provided at login and stored in a LoginContext. PrivelegedActions are then performed as the authenticated subject.
eg:
Subject currentSubject = CalypsoadminApp.userContext.getSubject();
PrivilegedAction currentGetUser = new getUser(currentuser.getUid());
NamingEnumeration neUser = (NamingEnumeration)Subject.doAsPrivileged(currentSubject, currentGetUser, null);
What’s even more amazing is how well the people at JCraft have implemented LoginContexts in their native java ssh client. This will let me create a new context as [user]/admin, and run ssh commands like kadmin as that kerberos user with nothing more than:
session.setConfig("userauth.gssapi-with-mic", "com.jcraft.jsch.UserAuthGSSAPIWithMIC");
when run as a PrivilegedAction!
Living Dangerously
The Shernet LAN is now running Calypso 0.1.4 for DHCP and DNS. Hopefully this week I will get authentication for clients setup (need to update the script to work with Ubuntu), and I’ll be on my way to some real testing!