Posts

Showing posts from 2008

The migration has begun

I have finally started migrate my VHS tapes to hard drive. Last summer, I reconnected my Audio/Video-equipment so it became possible to record videos from the VHS-player on my KISS EPG. Now when I had a few days of between X-mas and New Year it was time to start the migration. I can say this will take some time. My flow is: Play a VHS-tape on the VCR and record it on the KISS. Transfer the video file from the KISS-player to the Ubuntu file-server. Cut the video with Avidemux to remove garbage and some times split in episodes etc. Put the file in the right place in the directory structure. Well, it will take some time to migrate all VHS-tapes. Fortunately, it does not require any manual work most of the time.

Subversion and SSL

Have you tried to access an subversion-server using SSL in Ubuntu 8.10 (Intrepid)? I guess you get complains about certificate even if they are correct. It looks like this: svn list https://www.linuxalert.org/svn Error validating server certificate for 'https://www.linuxalert.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: www.linuxalert.org - Valid: from Wed, 25 Jun 2008 13:30:25 GMT until Thu, 25 Jun 2009 13:30:25 GMT - Issuer: Linux alert, Linkoping, SE - Fingerprint: e4:8f:b9:1b:f3:6c:f4:83:2a:1f:c6:9c:6d:cf:6a:4b:99:9e:22:1d (R)eject, accept (t)emporarily or accept (p)ermanently? I have my certificate installed. The solution was to install subversion and libsvn1 from backports in 8.04 (Hardy) . $ sudo dpkg -i subversion_1.5.1dfsg1-1ubuntu2~hardy2_amd64.deb libsvn1_1.5.1dfsg1-1ubuntu2~hardy2_amd64.deb (Reading database ... 226839 files and directories cu...

The story about the new server

Here is a story about two weeks of frustration installing a new server. I have never had that much problem installing a computer in my life and I have installed hundreds of them. A few weeks before I left Sweden for a three week trip in southern Africa I noted that I was out of disk on my server. I decided to wait by more disk until I got back home. Therefore I moved some data temporary to my workstation. When I got home a few weeks ago I ordered a new motherboard and hard drive. I decided to go for the brand new Intel mini-ITX atom based motherboard D945GCLF2 with 2GB memory and a Western Digital Green Power 1TB S-ATA drive . This made the new computer cheap and green. Misco delivered the stuff fast. When I had assembled the stuff it did not boot, the screen was black and I couldn't enter the BIOS-setup. I Removed all cables, including the hard drive. The mother board worked fine. Tested with another old S-ATA drive and it worked fine. It was with Western Digitals Green Power t...

Todays good news

Adobe has finally released a 64-bit version of the flash player. Still alpha but a step forward. Looking forward to see this in next Ubuntu. This will definitely make my workstation work better.

Donky runs Ubuntu 8.10

Ubuntu 8.10 is released and I have already installed it on my desktop. My server have to wait since I plan to upgrade the hardware so it becomes a 64-bit system and give it SATA-disks. The upgrading went smoothly.

Trim your Tiny Tiny RSS-reader

The more I use Hibernate in Java the more I love Storm in Python. It is so easy and light weight. A while ago I installed Tiny Tiny RSS on my Ubuntu server and is happy to use it as my RSS reader. First I thought it was slow, but it is easy to fix. Activate the expire module: a2enmod expires Create a file /etc/apache2/conf.d/expires: ExpiresActive On ExpiresByType image/x-icon "access plus 1 weeks" ExpiresByType image/gif "access plus 1 weeks" Finally restart your apache. Your webbrowser will now cache all icons and gif-pictures.

Paperbox

I have, like most of us, a lot of documents that can be hard to find. The folder system is not god enough. Some documents like those that is about the economy related to my house. I want to put them in two folders; the house folder and the economy folder. Of course, it can be done by links but it is not a good solution. I have for a long time thought about getting my own document management system. Unfortunately I haven't really understand what I wanted. Now I think I know, I want Paperbox .

Integrated web: Ubiquity

Damn Ubiquity is cool. Just take a look at this . Ubiquity is a mashup tool for Firefox. A very simplified description what it does is a cut and paste tool that understands meta data. If you mark an address and say map it you get a map over the address and can insert it into an e-mail. You can mark text on a page and get it replaced with in the page with an translated alternative.

I bought 128K of memory 1990

I just found out that I bought some memory in Mars 1990. I paid 200 Swedish kronor for 128Kbyte of memory. Yes it is k as in 1024. A quick look tells me that I can buy mor than 1GB DDR-2 memory for the same amount of money. Thats more than 8000 times more memory for the same money. 128Kbyte is: 8 seconds of MP3-music. less than the amount of cache your CPU has. (probably) ... well ... Not much!

Ubuntu on Eee 900

I installed Ubuntu, Eee-edition, on my Eee 900. One strange thing happened when I booted from my USB-memory to start the installation. The bootprocess halted. I removed the splasch to see what happened. Same thing again and I didn't get any clue. I removed the USB-stick and put it in another USB-port. Then suddenly the boot continued. The rest of the installation get smootly thanks to the instructions at Ubuntu-eee project site . I love that I now have the same environment on my Eee as on my desktop.

10K RPM hard disks

I would like to have a 10K RPM hard disk in my workstation. IT would speed up compilations and other things that reads a lot from disk. But the 10K hard disks are still very expensive. Why? A 250GB SATA-disk 7.2K RPM and 16MB cache cost 395 swedish kronas. Just over €40. The cheapest 10K disk, which is only 75GB, cost SEK 1095 or about €116. 75GB would be enough on my client. But why three times the cost of another decent disk. It is not that I can't afford it. Just that it is more fun to by a 1TB-disk or more RAM for those money.

Mee have Eee

I have finally got an Eee 900. I am happy. The question is: Install Ubuntu or keep preinstalled Lin ux?

Java webstart not working on 64-bit

The 64-bit saga continues . Todays discovery is that Sun does not provide a webstart-plugin for 64-bit Linux environment, in my case Ubuntu 8.04 (Hardy Heron). My plan was to poke around the 1.0.0 release of OpenDS for a few minutes and see what you get when running their 60 seconds installation from You Tube.

Defense your web server

Afraid of hackers, spammers, script kiddies will take over your Web-site? Want to be a bit safer? In Ubuntu there is an Apache module called mod_defensible who's aim is to block well know attacking sites to reach your web server. The module locks up every host that access your site and check if it is in a blocking database on the net. If thats the case the host will get Error 403 Forbidden, i.e. your server can not be reached. I have been using a similar tool for ssh for a while called deny host . I did not know about mod_defensible until today when I saw a how to for Debian on the how to forge. There are some small differences installing it between Debian and Ubuntu 8.04 (Hardy Heron). The main difference is that it is included in universe. So here is a quick instruction how to install mod_defensible. Login to your webserver and become root using sudo -s Install mod_defensible: apt-get install libapache2-mod-defensible Activate the module: a2enmod defensible Create a configfil...

64-bit computing

I have used 64-Ubuntu for a few month now. I seriously thought about using a 64-bit Linux one and a half year ago. Back then one needed to fix a lot of things to get it work nice, i.e. fixing flash. Have things been better? Yes. Are they good? Definitely no. On a modern Ubuntu version you can get flash work with no trix. Its still not 64-bit., which I have written about earlier . Most codecs in the video-players works as well. But there are several other problems. I have also written about Google Web Toolkit and 64-bit Linux, which was a bit of a hassle. We also have several binary drivers that is 32-bit only. Today I want to install Google Gears . Guess what? It does not support 64-bit, except if you use the ugly ndiswrapper solution. All new processors from AMD and Intel are 64-bit, except Intels new Atom processor. This must mean that most of the computers used today supports 64-bit. So why doesn't we get 64-bit support in our software?

Circles in PostGIS

Image
OGC and PostGIS has no data type to represent a circle. Instead one use ST_Buffer(geom, distance) to get a geometry that covers the area within the distance to geom . So if geom is a point you get a circle. But it does not return an exact circle. The circle is approximated represented by a polygon using eight points. One can increase the precission by adding a third argument to ST_buffer that is the number of points in the polygon returned. The unit for distance depends on what SRID is used. But what if you have a geometry that you know is a circle created with the method above? There is no exact method as far as I know, but her comes a good approximation. First we want the origo of the circle. ST_Centroid(geom) comes to handy. It returns the centeroid point of the geometry, in this case the origo of the circle. To get the radius we pick out the first point in the polygon returned by ST_Buffer with PointN(ExteriorRing(geom),1) . We need to call ExteriorRing to get the polygon of...

Bits, Bytes, and Words

I have observed that I haven't written in this blog for nearly a month. Not much has happened in the area of this blog. Some more colleges has start using Linux on their desktop. Currently I am developing an "failsafe" system for emergency handling in Java/JEE/Spring. I am now working on the second generation. I have updated a lot of crypto keys as a follow up to the nasty openssl-bug in Debian/Ubuntu. Today I listened to a talk by Martin Fowler and Jim Webber about middleware and Enterprise Service Buses (ESB). A talk well worth listen to if you are working in or close to the SOA world.

Adobe, where is the 64-bit flash player?

Adobe has today released a beta of version 10 of their Flash-player. As opposite to earlier flash version, the Linux player is released at the same time as for the other operating systems. That is good news. But I still miss a 64-bit version of the Flash-player for Linux. Adobe, give us a 64-bit flash-player for Linux Now. Worth mention is that Adobe is listing Ubuntu as supported Linux.

Python, GTK and threads

Note to self: Before start threading a Python GTK-program call gtk.gdk.threads_init() otherwise will strange thing happen. The call must be done before gtk.main().

After the OOXML chaos in Sweden

As a result of the OOXML voting chaos here in Sweden has the Swedish standardization institute now changed its rules. At the OOXML voting several new members attended in the last minutes before the vote after being promised marketing money from big daddy Microsoft. Sweden did not vote in ISO because of this. In the future must a member have been member for at least three weeks in the working group to be able to participate in the voting. Sources in swedish: NyTeknik , Computer Sweden

The art of combining security and usability

I am thinking about the art of combining security and usability which in most cases does not exist. Security experts are trying to do everything so secure that nobody can use it or wants to use it since it to complex. If people use it they does everything they can to find workarounds which tends to create new security holes. On the other side of the ring are the usability experts that totally ignores the need for security. What most people miss is that these two types of experts need to cooperate. The usability experts can hep the security experts to design usable secure solutions and vice versa. A usable secure solution is much more secure than a non usable secure system. The usable system will help the user to do the right thing and not encourage them to use their energy to find unsecure workarounds. Which side of the ring will take the initiative?

Ldap-server when upgrading

We have a public holiday here in Sweden today. I have celebrated that by upgrading my server to Ubuntu 8.04 (Hardy Heron), the last of the computers I take care of. Of all five computers I have upgraded to Hardy this was the only one I got some problems with. The server runs, among other things, a ldap-server to authorize users. During the upgrade I noticed that the ldap-server were turned off and I got time out when looking up some accounts. The upgrade took therefore very long time. I edited my /etc/nsswitch.conf and removed all lookups to ldap. When the upgrade was finished I added it again and everything seems working perfect again.

Google Web Toolkit in an Linux 64-bit environment

I have started to take a closer look at Google Web Toolkit (GWT). It looks very nice giving me the possibility to debug AJAX-clients and removing the need for quirks for different browser (read MS IE). Unfortunatly GWT is only shiped as 32-bit and I am running a 64-bit Ubuntu 8.04. The SVN-repository of GWT include some pre-compiled libraries which are compiled for 32-bit Linux. The easy way is to download and install a 32-bit Java from Sun. Following the GWT getting started got me up and running. But I wanted to use my usual Eclipse in 64-bit version. So I started Eclipse and imported my lab project according to the instructions. Then it was time for some settings. First, add the 32-bit Java as an JRE to Eclipse: Open the Window menu and select Preferences. Select Java and then Installed JREs in the tree menu to the left. Select add and pointed out where you installed your 32-bit Java and closed all the dialogs. Now its time to connect the GWT-project to the 32-bit Java. Right click...

One more computer to Hardy

We visited my mother in law this weekend. The main reason was to attending a party in Stockholm, but since Ubuntu 8.04 (Hardy Heron) was released on Thursday I took the chance to upgrade her computer. I have actually nothing to write about it since there were no problems and no surprises. Worth mention is that here Computer is a 1GHz Celeron with 256MB memory.

Ubuntu 8.04 is here

Congratulation to us and nice work! I have been running Hardy Heron (the beta) on one computer at home for a while.I upgraded my workstation at work before I left for the day. So I have tree computers to go before all is on latest and greatest. How much have you seen about XP SP3 compared to all articles about Ubuntu 8.04?

Microsoft Office 2007 Fails OOXML Conformance Tests

Groklaw has an interesting article about that MS Office 2007 does not comply with the ISO 29500 standard (OOXML) and fails the OOXML conformance tests. On the other hand does OpenOffice conform with the other ISO-document standard ISO 29300 (ODF). So we have one standard that noone complies with and onte that some complies with. Where will this end? A better news is that South Africa is adding up to the group of countries that accept ODF as a national standard. Lat week was it Brazil .

About Ubuntu on BBC:s website

Each time we get close to a new Ubuntu release I notice an increasing number of articles in non Open Source media. This time I found an interview with Mark on BBC . Mark mention deployment of 50 000 Ubuntu desktops at the French police and 500 000 Ubuntu desktops in the Spanish education system.

Red Hat giving up the desktop?

What does this mean? Are Red Hat giving up and saying that they have lost the battle of the Linux desktop to Ubuntu and Novell/Suse? Relative to the state of the art Linux desktop at the given time I think that Red Hat 7 was a better desktop than latest Fedora is.

The state of Open Source in Swedish public sector

For two days, I have attended a conference about using open source in the public sector in Sweden. I held a talk about developing GIS-applications using open source, using applications such as PostgreSQL with postgis, geoserver etc. There were several talks that included reports about the state in the other nordic country. Very simple is the political system in Denmark promoting open standards, Norway and Island promoting use of Open Source. In Finland and Sweden are the politicans doing nothing. One keynote was held by the swedish minister for Infra structure. The speach was a huge disapointment with no indication at all where they want to go. She were not even willing to answer questions. The sky is not totally black. The city of Sundsvall told that they had developed a system for communication between school and parents released it open source and then purchased the maintanence in competition between suppliers. In this way can the follow the swedish law about public purchasing (LOU...

Tell the world that Ubuntu is easy to upgrade

I am reading an article on the Swedish news site IDG about pro and cons between re-install and upgrading Ubuntu. The attached forum shows a clear doubt to upgrading. I meet the same opinion and lack of knowledge at work when talking about how easy it is to upgrade Ubuntu/Debian, in fact that it is as easy as do a security update. People do not believe me. Why? My guess is that MS Windows, commercial Unix such as Solaris, True64 and RPM-based Linux distribution have an upgrading scheme between releases that differs from security upgrades. You need to reboot the machine on a CD run a special upgrading program and hope that everything goes well. Most of the time you get a very crapy result whith lost configuration, broken application etc. Some OS (read MS Windows) are more or less impossible to upgrade to new releases, a new installation is the only option. It is time for a information campain about how easy it is to upgrade between Ubuntu releases. If it was not so easy it would be impo...

U3

Some companies are smarter than other. U3 is not one of them. U3 provides technology to make an USB-memory stick to act as an CD-ROM. That may be be good or as other describes it; another way to distribute malware. Anyway, my wife got a U3-enabled USB-stick from work. Curious as I am I wanted to disable the U3 part. I find U3:s uninstall page. It asked why I want to remove it. I selected the alternative that I run Mac or Linux and then took the download button. Guess what? I got a MS Windows program. So why does they provide me with an alternative "Mac or Linux"?

Unsubscribe

I do not understand why it is so common that people writes to a mailinglist and ask how to unsubscribe? If they were capable to subscribe, why are they not capable to read the footer in each mail: -- ubuntu-users mailing list ubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users The exampel above is from the ubuntu user list but it is quite common on other lists too. Are you one of the people I talk about? Then check some mails from the list you want to unsubscribe for instructions before you ask/complain on the list.

Adobe joins Linux foundation

The Swedish news site IDG.se writes that Adobe has joined Linux Foundation. Linux Foundation has also sent a press release . I hope this means that Adobe had come to the concussion that their Linux implementation is crap and that they need to optimize it and make an 64-bit release available. It would also be nice if they provide us Linux users with a Shockwave player. I have not too much hope since Adobe does not mention that they have joined Linux Foundation on their site . Why is Adobe flashplayer crap on Linux today? Well take a look on the CPU-usage when you viewing a page with Flash content. For now am I using Gnash instead to play flash content on my Ubuntu machines.

Say hello to Donkey

Donkey, my new computer , is up and running with Ubuntu Hardy Heron. The computer is named Donkey. Everything seems working soothly and fine. The computer is fast. I am now able to run Compiz for the first time. The new Gnome gives a fresh new feeling. The only bad thing in the Ubuntu beta is that some of my firefox-plugins does not work, yet. I have done some optimization of the memory settings in bios. According to memtest gave it about 4% of performance boost.

Entering new ground

Today did my parts that I ordered other day for my new computer arrived. At the same time did my copy of Donald Knuths "The Art of Computer Programming" arrive. It's heavy. I have started assemble the computer by removing the old parts from the case. I have decided to install the beta of Ubuntu Hardy Heron 64-bit edition right away. Why wait? And now to something completely different... Last two days have I attended a course in PostGIS . PostGIS is an addition to PostgreSQL to get spatial capabilities, which is used for geographical systems. Teacher for the course was one of the developers of PostGIS, Mark Cave-Ayland, and one of the Postgres developer, Magnus Hagander. I am more and more impressed of Postgres and PostGIS capabilities the more I learn about it. Another fun thing I have observed is that my colleagues have begun to buy computers, wipe out Windows, and install Linux, often the Ubuntu taste. We will soon conquer the world.

New computer ordered

Or to be more corrects; parts to build a new computer. My idea is to have one desktop computer and one cheap small laptop like EeePC . I ordered: A new silent power supply Motherboard Gigabyte GA-MA770-DS3 AMD 770 chipset AMD Athlon 64 X2 4800+ 2.5GHz 4GB RAM PC6400 CL4 DVD burner Dual-layer ATI HD 2600 Pro graphics card I will use an old box and old screen I already has. My priority was to get something not to expensive that is upgradeable to some extent. The motherboard can have 16GB of memory. I hope this will work smoothly with Ubuntu Linux.

R.I.P.

It is my duty to inform you all that Pluto, my dear MSI S271 Laptop with Ubuntu has past away after an accident earlier this week . My attempt to bring Pluto to life has failed. He can't get any new power. I had hoped that his life should not end so fast.

Don't drop your laptop

Monday evening I accidentally dropped my laptop on the floor. At a first glance everything worked. But yesterday I observed that I was running on battery and that it did not charged. I checked the power adapter and it worked. First I run a new backup before further investigations. Afterwards I started unassemble the laptop. When I finally saw the power connector the positive poles sold were broken. When I dropped the laptop the power connector must have taken the hit. Today I started glue the plastic parts of the connector. Later I will solder the connector. I can only hope it will work. Wish me luck! Until the laptop is fixed I have to use my wifes laptop Piglet which also uses Ubuntu.

Ant stupidity

Hereby I nominate ant to the challenge of most stupid build environment. Why? Its function for tar files together does not preserve the rights on the files as all normal tar-programs does. If it were on windows I can understand it, but not on Linux/Ubuntu. Theres a work around where one can say that this file has these rights and those files has some other rights. But why make it so complicated? Well there is some kind of motivation for it; Java does not support file permissions. This is the big drawback with write once, run everywhere. One cannot take advantage of different Operating systems features. By the way... The world has been a better place, at least according to all Vista fans. M$ start shipping SP1. I am sad for them their world only gets better less than ones a year. Mine and all other ubunteros world gets better every six month.

Help to peer review patents

In the February issue of Communication of the ACM there is an article about a site for peer reviewing Patents. The site is caller Peer to Patent . The idea with the site is to give the sites community a chance to point out prior art and other relevant information about new patent applications. To get the details about the process the site has an instruction video and tutorial. Behind the site stands New York Law School. I thinkthe idea of the site is very good and it will hopefully increase the quality of granted patents. I guess the inspiration to the community is partly is from the Open Source community.

End of windows desktop

After to much problems with my MS Windows-computer at work, I decided to start using our new Linux clients. It is based on Fedora 8 64-bit. My first impression was that it worked pretty well, but I need to use Citrix to access some applications such as document management system and time reporting. One of my duties is to develop a new website using the CMS-system Polopoly. When I started my development environment I run out of memory. Due to that the Fedora installation was 64-bit it needs more memory which was foreseen by the people that develop the new client platform and no one wanted to give me more memory. So I ended up installing a 32-bit Ubuntu 7.10, which was no big deal. I installed it on a HP laptop 6910p which so far seems to works nice. Flipping internal and external monitor works great., but I have not tested Wireless and Bluethooth yet. Since I mentioned Polopoly. We reported a bug last week that we could not upload pictures when using a PostgresSQL database. The answer...

At the Monks before IT-support

This is one of my favorite video clips which I today found sub-titled in English. It also illustrates todays problem and maybe also why it is so hard for people to learn a new software or change from Windows to Linux. It is originally from Norwegian television.

Everybody talks about FOSDEM

It is one week to FOSDEM and every body talks about going there. I had in my plan to go there, but unfortunately it does not fit my schedule. I must say I am quite jealous about it and can only hope that I can attend it next year.

A printer to mother in law

I wrote yesterday that I thought to buy a laser printer . My brother in law told me that I could take the one he had standing in the cellar and try it out. So I will go there and fetch it some day. This weekend we visited my mother in law in Stockholm. We decided to visit Mediamarkt on our journey. When we told my Mother in law that, she asked us to buy her a printer for about €80. We found a HP Deskjet F4180 All in one that we bought for her. It has a built in scanner and copier. In her apartment I connected it to her Ubuntu 7.10 (Gutsy Gibbon) machine. The computer said "I found a printer you may start to use it" or something equal to that. Then we were up and running. Both printing and scanning worked out of the box. I wrote some small instructions for my mother in law how to print photos and use the scanner. In reviews I have read about the printer people complain about that it is hard to install ... in MS Windows. I do not understand it, run Linux/Ubuntu and there are ...

Time for a laser printer?

I'm thinking about buying a laser printer as a complement to my ink printer. The reason is that laser printers costs less per printed page. I'm only interested in a black and white printer and will still use my ink printer for color prints. I have invested some time to look around among the cheapest printers for a around €100. All manufactures ships their printers with a toner filled to something between 25% and 50% of what a new toner includes. An a new toner costs close to the same as a the printer. The smallest difference between a new toner and the printer was about €10. That is ridiculous. So far I have found one manufacture that ships a full toner cassette with new printers ant that is Canon. Unfortunately Canon is not the best supplier to support Linux and Ubuntu with printer drivers. Linux printing database list the Canon LBP 2900 as not supported. But in mater of fact Canon say they support Linux to this printer. So who is telling the truth? After some googling I hav...

Nokia acquires Trolltech

As all of you may already be aware of, Nokia want to acquire Trolltech . The Norwegian company Trolltech are behind Qt-toolkit, which is used for KDE, and the mobile platform Qtopia . My big question is what this will mean for Linux on mobile phones? Will Nokia start shipping Linux-phones? Is this a response to Googles Android -platform? Nokias Internet-tablets N770, N800, and N810 uses Gtk/Gnome as their toolkit. Will Nokia continue to be involved in Gnome? What will this mean for the Maemo community, which is the platform for the tablets? A lot of questions, and only time can tell the answers.

Three PostgreSQL books

I have for a long time been in the MySQL camp when it is about Open Source databases. It may depend on several different reasons, such as I am a Swede, it filled my needs etc. Of course, I have been using PostgreSQL at different occasions but not much. This fall we started a project at work were we use GIS-data (geographic-data). MySQL only support a flat surface and can only do geometric queries using boxes, not arbitrary surfaces. That was not good enough for us. We took a look at PostgreSQL and its addition PostGIS . This was exactly what we needed. Today I stumbled up on a three volume( 1 , 2 , 3 ) reference guide of Postgres which is a nice complement to Postgres already terrific documentation . Best of all, take a look at the bottom of the pages with the Postgres books and you will find an online version of them.

Securing passwords

I have now walked throw all sites where I had the same password and changed them to individual passwords. Yes I know I had been a bad boy using the same password on several places. At the same time I changed password for some systems where the password was pretty old. To remember my passwords I use Revelation and the complementary Revelation Gnome Taskbar app to make it easy to get a password when I need it. What I miss with Revelation is a Java application for my mobile phone which I can sync my passwords to from my Ubuntu laptop.

Kerberos and LDAP over the web

I have for several years had a kerberos/ldap Single-Sign-On (SSO) solution active on my home computer network. One part that had not been integrated is my Apache httpd web-server. I started to take a look on activate this at Christmas. It was easy to get Kerberos working for the webserver on my Ubuntu server. This assumes you have ssl working on your web-server for the area you want to password protect. Install the libapache2-mod-auth-kerb from Universe. Activate the module with the command: sudo a2enmod auth_kerb Add the following to the directory configuration in apache you want to protect using kerberos. AuthName "Realm" AuthType Kerberos KrbAuthRealms MYREALM Krb5Keytab /etc/apache2/http.keytab Require principal@MYREALM KrbServiceName HTTP/www.MYDOMAIN.org Require valid-user Change MYREALM and MYDOMAIN to values that fits you. Connect to the kerberos admin server and create a new principal and a keytab including this principal. If you use MIT Kerberos, do like this. S...