Since My development now needs to target F14, not F13, I figured I start using a F14 virtual machine, but leave my F13 VM alone, just in case I needed something off of it. Well, it turns out I do need something off of it. But why should I have to wait for it to boot in order to see it? I can mount it loop back, right…
(reposted from the mailing list)
The FreeIPA project team is pleased to announce the availability of the Beta 1 release of freeIPA 2.0 server [1].
The book “On Intelligence.” is one of the most intriguing I’ve read in a long time. I read it as context to understand Dilpeet George’s thesis which is based around the concept of “Hierarchical temporal memory.” or HTM for short. HTM is a mathematical model of a learning machine based on the organization of the neocortex of the mammalian brain. HTM is a tree, with a complex interface between the nodes. At the bottom of the tree are the sensors: touch, light, sound, smell. At the top it the hippocampus, which seems to have its own rules. The focus in HTM is the nodes between root and leaf.
Here’s the short version, what I did on F14.
yum -y groupinstall "Development Tools" git clone git://git.fedorahosted.org/freeipa.git cd freeipa yum install -y `grep BuildRequires: ipa.spec.in ` make all rpms yum localinstall --nogpgcheck -y dist/rpms/*rpm yum -y install bind-dyndb-ldap #Dogtag is broken on F14. There is a workaround. ln -s /usr/share/java/xalan-j2-serializer.jar /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar ipa-server-install -U -r ` hostname | tr '[:lower:]' '[:upper:]'` -p freeipa4all -a freeipa4all -u admin --setup-dns --no-forwarders
This is the first time code has been released since I joined the project. While it ai’n’t done yet, I’m still proud of how far we’ve come. Below is the release from the FreeIPA devel list.
The below is my notes on how DNS is used. This document is neither accurate nor authoritative, just meandering. You’ve been warned.
From what we are seeing and what I’ve read, the browser seems to send a JSON request with no Auth info, and then the whole SPEGNO handshake takes place, turning what should be a single request response into (at a minimum) two. It seems to me that we should be able to avoid that after the initial auth has taken place.
Is there any way to cache SPEGNO information such that successive JSON RPC calls provide the needed information automatically, instead of requiring multiple round trips per request?
Any Fedora people worked with this stuff and know how to optimize it? Do I need to revert to a Cookie based approach?
I want, instead, the series that I was promised as a pre-teen boy back when the original movie came out. The series I never got. Let’s review:
Here’s a little ditty I wrote to get patches in the format we use for the FreeIPA mailing list:
Kerberos doesn’t tell you who you are. Seems like a funny thing, but when you use Kerberos Auth on the web, the browser has not way of telling you “this is the principal that you are using.” For the UI in FreeIPA, I need to display just thins information. To find it, I have to look to the server to tell me.
Thus begins my study of FreeIPA plugins. I wrote a simple plugin, the whoami plugin, that did just what I needed. I returned the Principal in the summary, and all was good.
Now I need more. I need to know the role groups of which the current user is a member. This information is on the user object already. So, good-bye whoami plugin: we are going to add your behavior to the user plugin, where it belongs.
The key piece of information that made this work possible was how to get a breakpoint to stop the code and let me step through it. The trick, probably old hat to the Pythonistas out there, but new to me was this simple line:
import pdb; pdb.set_trace()
Without that, none of the breakpoints I’d set would get executed, maybe due to threading or something. Not sure, but with this, I was able to determine that what I needed to do was to modify the filter.
I ran the lite-server like this:
./lite-server.py
Which is actually preferable to running it like this
python -m pdb lite-server.py
As you don’t have to type cont, and the debugger is still activated by the breakpoints.