LISA is for sure is sort of event where every geek will find himself like home. It is really good feeling to be surrounded by people who know stuff and enjoy technology everyday.
So LISA09 took place between 1 and 6th of November, 2009 in lovely Baltimore, MD. I chose to follow more the tutorials (trainings) path. Got five tutorials – one bad, two medium and two nice ones. The problem with tutorials is that sometimes they are very basic which I really didn’t expect to be a case on such event.
Read more…
Already three weeks back from Lisa, and after some gentle stimulation trying to write down my experiences of this event. For the people who don’t know LISA, LISA is the Large Installation System Administration conference, a whole week of talks, trainings and workshops about various subjects all related to the work of unix admins in big IT environments.
From what I understood from people who had been here previously, the attendee list was a lot smaller than previous years. But still, there were more than enough people to share a talk with. It was good to have the opportunity to talk to people working at some big and very known companies like Yahoo, Pixar etc. But also I met some people who worked for less know companies (at least for me) but maybe even more interesting companies, for example, the national democratic institute. A non-profit organization facilitating democracy in countries where democracy isn’t that natural as in most western countries. I don’t think a lot of system admins have to worry about problems like militia stealing servers from your datacenter.
The first 5 days I followed a set of trainings, some days training for the whole day, some days a morning and an afternoon session. In general I was a bit disappointed by the trainings, they covered a lot of basic stuff, a whole day can be a very long sit for just 2 new bits of information. But a few sessions were quite interesting and/or entertaining.
Read more…
Similar as OpenSSH Authentication Using Kerberos, but now Transparent Kerberos Authentication via Apache against Active Directory using mod_auth_kerb. This enables SSO from IE and Firefox on Apache, IE and Firefox configurations to enable this are also described in the document.
Abstract: The Apache authentication module mod_auth_kerb allows Apache to authenticate users against a Kerberos KDC including one from ActiveDirectory. Kerberos itself can be fairly complex to set up. This guide will attempt to show the specific steps required to make this possible as well as discuss security limitations specific to the interoperability matters. This guide assumes a basic understanding of Kerberos V and that the Active Directory domain controller is properly configured prior to starting this process.
Technical Analysis: Apache with mod_auth_kerb and Windows Server
An interesting paper on how to authenticate against Active Directory using Kerberos and OpenSSH. This will enable SSO capabilities between Linux and windows, if used in combination with an Kerberos enabled SSH. And maybe even 2-factor authentication if combined with smartcards, haven’t tested this but should be working in theory if you use an SSH client from windows at least.
Components used:
On linux:
- openssh
- openssh-server
- samba-common
- samba-client
- krb5-workstation
- krb5-libs
On Windows:
OpenSSH on Linux using Windows/Kerberos for Authentication
Putty With Kerberos
Every once in a while, I resort to one of the many “what’s my IP” type websites to lookup which external IP address I’m currently using. These sites have their uses for both professional, as well as personal purposes. Many of these sites provide a lot more information than I’m really after. In the end, I only want to see my current external IP address.
All the well intended, but known, technical and geo-location info presented by the numerous “what is my IP” sites tends to draw away attention from what you’re after and it doesn’t really play well with tools like ‘curl’ or ‘wget’.
There used to be a simple site I used, which just returned just your IP address located at http://www.whatismyip.org/, but this one also grew a lot of fat. Yesterday, I once again found myself looking for an external IP address, on a server with ‘curl’ and ‘wget’, and decided it was time I rolled what I was looking for myself. This turned into an extremely simple mod_python based scriptlet, which provides a no frills “What’s My IP” service, returning nothing more than a “text/plain” response with your current IP address.
This service is running on my recently upgraded employee rack server at Schuberg Philis at http://ip.yppy.eu/. For me it provided useful and I hope other people also find this ‘less is more’ service of use. And yes, I will keep it clutter free.
Have a look at this script from Stephane Chazelas appeared in the Appendix A of a very old version of the “Advanced Bash-Scripting Guide”.
#!/bin/bash
# obj-oriented.sh: Object-oriented programming in a shell script.
# Script by Stephane Chazelas.
person.new() # Looks almost like a class declaration in C++.
{
local obj_name=$1 name=$2 firstname=$3 birthdate=$4
eval "$obj_name.set_name() {
eval \"$obj_name.get_name() {
echo \$1
}\"
}"
eval "$obj_name.set_firstname() {
eval \"$obj_name.get_firstname() {
echo \$1
}\"
}"
eval "$obj_name.set_birthdate() {
eval \"$obj_name.get_birthdate() {
echo \$1
}\"
eval \"$obj_name.show_birthdate() {
echo \$(date -d \"1/1/1970 0:0:\$1 GMT\")
}\"
eval \"$obj_name.get_age() {
echo \$(( (\$(date +%s) - \$1) / 3600 / 24 / 365 ))
}\"
}"
$obj_name.set_name $name
$obj_name.set_firstname $firstname
$obj_name.set_birthdate $birthdate
}
echo
person.new self Bozeman Bozo 101272413
# Create an instance of "person.new" (actually passing args to the function).
self.get_firstname # Bozo
self.get_name # Bozeman
self.get_age # 28
self.get_birthdate # 101272413
self.show_birthdate # Sat Mar 17 20:13:33 MST 1973
echo
# typeset -f
# to see the created functions (careful, it scrolls off the page).
exit 0
