I have a Kerberos-authenticated network connected to Active Directory as the KDC. AD is case-insensitive but case-preserving, so clients might log in to my web server using principals in any number of cases; they might be danny or DANNY or Danny. So, to make applications on my sane Linux platform – where differnet characters are actually different – I wrote a quick mod_perl authorization module to force the case down.
The module – at /srv/www/html/test_auth/perl/Danny/loweruser.pm – looks like:
package Danny::loweruser;
use strict;
use warnings;
#use Apache2::Access;
use Apache2::RequestRec;
use Apache2::Const -compile => qw(OK HTTP_UNAUTHORIZED);
sub handler {
my $r = shift;
$r->user( lc $r->user() );
return Apache2::Const::OK;
}
1;
And the Apache config looks vaguely like this:
PerlSwitches -I/srv/www/html/test_auth/perl
#PerlResponseHandler ModPerl::Registry
PerlAuthzHandler Danny::loweruser
AuthType basic
AuthName "Auth test"
AuthBasicProvider file
AuthUserFile "/srv/www/html/test_auth/userdb"
Require valid-user
Yeah, everything is in one directory. That’s not a secure way to do things; it’s a way to quickly test and easily clean up later. :)
I was testing with a PHP page that printes $_SERVER[“PHP_AUTH_USER”], so I’ve consequently pulled out most of my hair, because that stupid variable pulls from the HTTP headers instead of what the web server actually provides; it stays upper-case. The REMOTE_USER key is what I really wanted from the array. What I get from that is that PHP documentation is evil and anyone who uses PHP_AUTH_USER should be banned from writing code.
Actually, I’m not entirely clear on how PHP_AUTH_USER is getting set, and it’s late enough that I’m not going to dig in to it. This will work properly with anything that actually uses REMOTE_USER, per “everything since the 90’s except for PHP”, so it’ll be fine for what I actually needed.
Just a quick post because I couldn’t find anything on this in a quick Google search.
I was in the process of migrating data in a replicated volume from one machine to another when the destination machine was interrupted (it was actually rebooted by an automated process kicked off by another admin; that’s what poor communication gets you). Then the destination machine wouldn’t boot. This machine mounted several gluster volumes from localhost, but glusterd wouldn’t start, which caused the boot process to hang on mounting.
Read the rest of this entry »
So, Linux iptables has a couple of modules which allow you to distribute traffic across multiple hosts. But there isn’t any good documentation I can find which correctly explains how to use them. I figured it out, so I’m going to share. :)
Read the rest of this entry »
I keep my CFEngine policy (and some other similar things) in a Subversion repository.  The progression from unit test to integration test to production is handled by using tags.  Basically, the integration test policy is the trunk, unit tests are done by branching the trunk, and promotion to production is done by tagging a revision of the trunk with a release name (monthly_YYYY_MM.POINT). But this discussion doesn’t need to be just about that approach; my solution should work for pretty much anyone who needs a directory to match a portion of a subversion structure.
Read the rest of this entry »
So, I’ve been considering getting some original-style Chevelle SS wheels for a ’70 Chevelle. Well, technically it’s a ’71, but I like the’70 wheels. A few companies make 15×7, 15×8 and 15×10 wheels that look like the original 14s, so I can get actual modern tires. This post on Chevelles.com suggests that a 15×10 with 5.5 inch backspacing can fit a 295/50R15 under the stock rear wheelwell. That’s an 11.2″ wide tire, which should be adequate. :) I’d like to find a Firestone Wide Oval or Goodyear Polyglass or similar reproduction tire, but it looks like just running a BFG Radial T/A will be the most likely way to get that size.
