About Adam Young

Once upon a time I was an Army Officer, but that was long ago. Now I work as a Software Engineer. I climb rocks, play saxophone, and spend way too much time in front of a computer.

8 Tone scale for that strange chord in Take The A-Train

You must Take the A Train…if you want to improvise over a standard. But this standard tune has a non-standard chord in Bars 3 and 4. If you are playing the “Real Book” version in C, the song starts with two measures of C Major 7, and then goes up a whole step to D. If we stayed in the Key of C, this would be a Dminor chord. Billy Strayhorn was much more creative than that, and he put in a chord rarely seen anywhere else: D7 b5.

Continue reading

Using mod_auth_gssapi via Podman

Kerberos is a cryptographically secure authentication mechanism in use in many large organizations. Developers may want to make their applications work with Kerberos while developing inside containers. Here is a quick proof-of-concept that shows how to set up a container to work with mod_auth_gssapi., the Apache module that makes use of Kerberos.

Continue reading

kinit with a service keytab

Remote services are not You; they do work on your behalf. When a remote service authenticates to another service, it should not impersonate you. If you use a keytab issued to your princial (say yourname@YOUNGLOGIC.INFO) you are not going to be able to log in to things using password; The IdM server only allows on or the other credential to be active at any given time. Even if you do use the Keytab, if you need to have it in two locations, you need to copy it. Which becomes a nightmare if it gets compromised. So, we want to make service accounts to work on our behalf. Here’s what I have so far.

Continue reading

Building (and running) a custom HTTPD container image

Having used Apache HTTPD for a good portion of my professional career, and being responsible for explaining how OpenShift works, I decided to try and build an Apache HTTPD container from scratch. For follow on work, I want to see the environment, so the container is essentially wrapping a mod_wsgi APP that dumps the environment. I took some trial and error to get it to run. Here is the end result:

Continue reading