Archive for the ‘Uncategorized’ Category

Mangling Apache2 usernames with mod_perl

No Comments »

I have a Kerberos-authenticated network connected to Active Directory as the KDC. AD is case-insensitive but case-preserving, so clients might log in to my web server using principals in any number of cases; they might be danny or DANNY or Danny. So, to make applications on my sane Linux platform – where differnet characters are actually different – I wrote a quick mod_perl authorization module to force the case down.

The module – at /srv/www/html/test_auth/perl/Danny/loweruser.pm – looks like:

package Danny::loweruser;

use strict;
use warnings;

#use Apache2::Access;
use Apache2::RequestRec;

use Apache2::Const -compile => qw(OK HTTP_UNAUTHORIZED);

sub handler {
my $r = shift;
$r->user( lc $r->user() );
return Apache2::Const::OK;
}

1;

And the Apache config looks vaguely like this:

PerlSwitches -I/srv/www/html/test_auth/perl


#PerlResponseHandler ModPerl::Registry
PerlAuthzHandler Danny::loweruser

AuthType basic
AuthName "Auth test"
AuthBasicProvider file
AuthUserFile "/srv/www/html/test_auth/userdb"
Require valid-user

Yeah, everything is in one directory. That’s not a secure way to do things; it’s a way to quickly test and easily clean up later. :)

I was testing with a PHP page that printes $_SERVER[“PHP_AUTH_USER”], so I’ve consequently pulled out most of my hair, because that stupid variable pulls from the HTTP headers instead of what the web server actually provides; it stays upper-case. The REMOTE_USER key is what I really wanted from the array. What I get from that is that PHP documentation is evil and anyone who uses PHP_AUTH_USER should be banned from writing code.

Actually, I’m not entirely clear on how PHP_AUTH_USER is getting set, and it’s late enough that I’m not going to dig in to it. This will work properly with anything that actually uses REMOTE_USER, per “everything since the 90’s except for PHP”, so it’ll be fine for what I actually needed.


gluster replication peer failure

No Comments »

Just a quick post because I couldn’t find anything on this in a quick Google search.

I was in the process of migrating data in a replicated volume from one machine to another when the destination machine was interrupted (it was actually rebooted by an automated process kicked off by another admin; that’s what poor communication gets you). Then the destination machine wouldn’t boot. This machine mounted several gluster volumes from localhost, but glusterd wouldn’t start, which caused the boot process to hang on mounting.
Read the rest of this entry Ľ


statistical packet distribution with iptables

No Comments »

So, Linux iptables has a couple of modules which allow you to distribute traffic across multiple hosts. But there isn’t any good documentation I can find which correctly explains how to use them. I figured it out, so I’m going to share. :)
Read the rest of this entry Ľ


Keeping a directory in sync with SVN

No Comments »

I keep my CFEngine policy (and some other similar things) in a Subversion repository. ¬†The progression from unit test to integration test to production is handled by using tags. ¬†Basically, the integration test policy is the trunk, unit tests are done by branching the trunk, and promotion to production is done by tagging a revision of¬†the trunk with a release name (monthly_YYYY_MM.POINT). But this discussion doesn’t need to be just about that approach; my solution should work for pretty much anyone who needs a directory to match a portion of a subversion structure.

Read the rest of this entry Ľ


Chevelle wheels

No Comments »

So, I’ve been considering getting some original-style Chevelle SS wheels for a ’70 Chevelle. Well, technically it’s a ’71, but I like the’70 wheels.¬† A few companies make 15◊7, 15◊8 and 15◊10 wheels that look like the original 14s, so I can get actual modern tires.¬† This post on Chevelles.com suggests that a 15◊10 with 5.5 inch backspacing can fit a 295/50R15 under the stock rear wheelwell.¬† That’s an 11.2″ wide tire, which should be adequate. :)¬† I’d like to find a Firestone Wide Oval or Goodyear Polyglass or similar reproduction tire, but it looks like just running a BFG Radial T/A will be the most likely way to get that size.


Parking

No Comments »

“Pulling through the space” fail.

PIXI2011-04-23-151746

PIXI2011-04-23-151707


Pizza delivery

No Comments »

Just out of curiosity, does “no parking: fire zone” have an implicit “unless you’re a pizza guy” in MO? Or maybe he just didn’t like the way the parking spot *6 paces away* looked…

Logic

This has bugged me for a while now. Several eateries have credit card equipment which is smart enough to print “merchant copy” and “guest copy”. But almost none of them can seem to omit the signature line, which is really the only difference; the only reason to differentiate between the two. Why in the world would a programmer do extra work to actually make the receipts *less* user-freindly?


Speling

No Comments »

Spelling is an important skill, even if you sell gloves.

Oof!

As it turns out, it s just as annoying to have your air suspension switch fail in the “too low, need more air” position as it is to end up in the “too high, remove air” position. :/

Bouncy ride home…


Lunch

No Comments »

There are a number of things I like about my wife. The way she always arranges my food in some way is one of those (the fact that she makes me food is another). It’s a little thing, but I appreciate it. :)


Interior

No Comments »

95 Caprice wagon