No matter what I changed, something kept setting the hostname on my vm to federate.cloudlab.freeipa.org.novalocal. Even forcing the /etc/hostname file to be uneditable did not prevent this change. Hunting this down took far too long, and here is the result of my journey.
Continue reading
My sons play Minecraft. I recently decided to let them play head to head on the same server. Aside from the financial aspect (I had to buy a second account) it was fairly straightforward running the server. The one thing that tripped me up was a firewall rule that prevented a remote client machine from connecting to the server. Fix was pretty simple.
During the years I worked as a Web application developer, it seemed like every application had its own authentication mechanism. An application developer is thinking in terms of the domain model for their application whether it be eCommerce, Systems management, photography, or weblogs. Identity Management is a cross cutting concern, and it is hard to get right. Why, then, do so many applications have “user” tables in their databases?
Continue reading
I had a handful of machines enrolled in a demo cluster. About half of them got shut down, and now I can’t SSH into them via Kerberos tickets. Here is my debugging notebook.
First hack at a script to open the ports needed by FreeIPA. On Fedora 18, running Firewall D, I ran the below script. Comments and corrections welcome.
(To the tune of Yesterday, With apologies to all four Beatles and most sys admins)
Latency
It’s the signature of HPC
that is why it’s running endlessly
your process gates on Latency
This one, well
is embarrassingly parallel
that is why its running fast as hell
the render farm works just as well
Why’s it running slow
don’t you know the bottleneck
demands for some commands
will dictate your architect ect ecture
Here’s the scoop
This one’s nothing more than data soup
that you’re running through an endless loop
You probably should try Hadoop
(This might be the only one I tag as both Lyrics and Networking)
The Java bindings for the Network Security Services (NSS) Library is called JSS. NSS provides a key management scheme that is different enough from both standard Java and OpenSSL that trying to do standard Java Socket operations using the Apache HttpClient requires a little bit of extra work.
The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA
version 2.0.
FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
and command-line administration tools.
I’ve posted this before, buyt now that I have better source code formatting, I’ll repost. This converts a mac address to a link only IPv6 address.
Continue readingFreeIPA makes Kerberos a lot less painful.