The World of a Penguin

I have for several years had a kerberos/ldap Single-Sign-On (SSO) solution active on my home computer network. One part that had not been integrated is my Apache httpd web-server. I started to take a look on activate this at Christmas. It was easy to get Kerberos working for the webserver on my Ubuntu server. This assumes you have ssl working on your web-server for the area you want to password protect. Install the libapache2-mod-auth-kerb from Universe. Activate the module with the command: sudo a2enmod auth_kerb Add the following to the directory configuration in apache you want to protect using kerberos. AuthName "Realm" AuthType Kerberos KrbAuthRealms MYREALM Krb5Keytab /etc/apache2/http.keytab Require principal@MYREALM KrbServiceName HTTP/www.MYDOMAIN.org Require valid-user Change MYREALM and MYDOMAIN to values that fits you. Connect to the kerberos admin server and create a new principal and a keytab including this principal. If you use MIT Kerberos, do like this. S...

Except from having a terrible cold this week I have been at two seminaries. The first one was Red Hat and JBoss Value² Tour. Red Hat clearly show that they have entered into the offices of managers, CEOs, CIOs, VPs etc. They also show that they want to lock you in as any other vendor, but they can defend themself that at least the source is open. From a commercial and organizational perspective I think they do one important thing wrong. They are still not shipping proprietary drivers such as wireless, graphic cards, codecs etc. This means that as a system manager one must still handle these things to give the users a pleasant drive on the desktop. Here is an area where other providers such as Suse and also Ubuntu have done a tremendous job. On the other hand Suse trie to lock us in with Yast, even if it is open source, which makes it harder to manage from central point. Ubuntu on the other hand lack of kerberos/ldap/AD integration in main, which is a demand in many organizations. Red H...

Yesterday, I attended a local Ubuntu user groups meeting about OpenAFS . OpenAFS is a network file system like NFS. AFS was developed by IBM , but they open sourced it a few years ago. The Swedish university KTH have developed their own variant called Arla . Several major universities are using AFS, like KTH, Stanford and CMU . The first question you may ask your self is Why AFS instead of NFS? The normal NFS versions is 2 or 3. These versions is bad when using them over internet or large WAN. If you use the normal Unix security mechanism, its insecure. Finally, if a file area moves from one file server to another you have to remount it on each client mounting it. AFS solves these problems. Are there any drawbacks? Unfortunately, yes. You must have a kerberos server and it is more complex to set up than NFS or SMB. An AFS system consists of three different components; File server, database server and client. All three can be running on nearly any operating system. Clients are the ...