Having worked out most of the bugs in migrating the Calypso installer to Ubuntu 9.10, I’m moving right along and bringing the test environment to Ubuntu 10.04 LTS. While alpha, it seems incredibly stable, and I feel much better target an LTS release. Also, most of the bug fixes being done in 10.04 apply directly to 9.10 installs.
Category Archives: Projects
Squishing Bugs
Today I got our very own Bugzilla server up and running. This should make life much easier!
http://www.shernet.net/bugzilla3
Calypso Installer
The Calypso Installer works with Ubuntu Server 9.10 and reaches version 0.2.0!
Better still, it’s using cn=config instead of slapd.conf and is officially welcomed into the 21st century.
Samba 3.4
Since it took me an embarrassingly long time to figure out why “use kerberos keytab” refused to work in Ubuntu 9.10, I’m posting here what my problem was.
It seems “use kerberos keytab” is deprecated (as noted in the release notes). The replacement is some variation of kerberos method =
If using the system keytab, that makes the option simply:
kerberos method = system keytab
Mail and Me
Email via the Calypso Mail Installer is up and in production. And to get that working for me, I have finally moved my account into Calypso. Talk about eating your own dog good. Pre-alpha dog food at that!
Fedora GDM
It turns out gdm in Fedora looks at /etc/pam.d/password-auth for authentication rather than /etc/pam.d/system-auth. Installer updated, and should now allow client logins via the login screen.
Calypso client working with Ubuntu
After a night of hacking, the calypso client installer now works with Ubuntu (at least 9.10, but should work with others). In fact, I’m logged in as a Calypso user to Karmic right now.
One thing of note: nscd is required to use sudo with pam-ldap in Ubuntu… that wasn’t a fun bug to track down, lol.
The marvel of the LoginContext
and the PrivilegedAction!
The Calypso Admin application is progressing well. I’m now able to modify all of the LDAP data for users (except the picture, that can wait for later). This is all done via credentials provided at login and stored in a LoginContext. PrivelegedActions are then performed as the authenticated subject.
eg:
Subject currentSubject = CalypsoadminApp.userContext.getSubject();
PrivilegedAction currentGetUser = new getUser(currentuser.getUid());
NamingEnumeration neUser = (NamingEnumeration)Subject.doAsPrivileged(currentSubject, currentGetUser, null);
What’s even more amazing is how well the people at JCraft have implemented LoginContexts in their native java ssh client. This will let me create a new context as [user]/admin, and run ssh commands like kadmin as that kerberos user with nothing more than:
session.setConfig("userauth.gssapi-with-mic", "com.jcraft.jsch.UserAuthGSSAPIWithMIC");
when run as a PrivilegedAction!
Living Dangerously
The Shernet LAN is now running Calypso 0.1.4 for DHCP and DNS. Hopefully this week I will get authentication for clients setup (need to update the script to work with Ubuntu), and I’ll be on my way to some real testing!
Summer work
You want DHCP with DDNS? Well, ya got it.
So far the fruits of the summer include:
calypso-client: registers a Linux client with the Calypso server
dhcp-installer: setups a calypso client server with DHCP with dynamic updating to PowerDNS with an LDAP backend.
Next up: Mail. Then I can move my network over to Calypso native 🙂