Category Archives: Calypso

Samba 3.4

Since it took me an embarrassingly long time to figure out why “use kerberos keytab” refused to work in Ubuntu 9.10, I’m posting here what my problem was.

It seems “use kerberos keytab” is deprecated (as noted in the release notes). The replacement is some variation of kerberos method =
If using the system keytab, that makes the option simply:
kerberos method = system keytab

The marvel of the LoginContext

and the PrivilegedAction!
The Calypso Admin application is progressing well. I’m now able to modify all of the LDAP data for users (except the picture, that can wait for later). This is all done via credentials provided at login and stored in a LoginContext. PrivelegedActions are then performed as the authenticated subject.
eg:

Subject currentSubject = CalypsoadminApp.userContext.getSubject();
PrivilegedAction currentGetUser = new getUser(currentuser.getUid());
NamingEnumeration neUser = (NamingEnumeration)Subject.doAsPrivileged(currentSubject, currentGetUser, null);

What’s even more amazing is how well the people at JCraft have implemented LoginContexts in their native java ssh client. This will let me create a new context as [user]/admin, and run ssh commands like kadmin as that kerberos user with nothing more than:

session.setConfig("userauth.gssapi-with-mic", "com.jcraft.jsch.UserAuthGSSAPIWithMIC");

when run as a PrivilegedAction!

Summer work

You want DHCP with DDNS? Well, ya got it.
So far the fruits of the summer include:
calypso-client: registers a Linux client with the Calypso server
dhcp-installer: setups a calypso client server with DHCP with dynamic updating to PowerDNS with an LDAP backend.

Next up: Mail. Then I can move my network over to Calypso native 🙂