February 2005 Archives
I noticed in last night's rawhide changelog that MIT Kerberos v1.4 has been merged.
MIT Kerberos v1.4 was released at the end of Jan 2005, and I note couple notable new features:
- Finally MIT Kerberos libraries get thread safetly.
- The ftp and telnet daemons can now be configured to *require* encryption.
After creating the GL550 I've developed an appreciation for some of the "it's nice to work on" features of Heimdal that MIT Kerberos lacks such as readline support, GNU or GNU-like getopts support, less commands that require interactivity, and friendly interfaces for those that do. Many of the command line tools have saner defaults such as telnet requesting Kerberos authentication and encryption by default. The use of the -l switch to kadmin instead of a separate kadmin.local binary strikes me as more elegant as well.
Heimdal also has an interesting protocol encapsulation mode that lets clients communicate with the KDC over HTTP on port 80 (and also HTTP proxy support). This would be helpful for roadwarriors behind filtering firewalls that would otherwise block the normal Kerberos UDP port 88 traffic.
Unfortunately the kadmin protocol was never codified as a standard so a Heimdal kadmind daemon must be connected to with a Heimdal kadmin client.
It also bears mentioning that while I can appreciate the technical merits of Heimdal, I was less than impressed in how SUSE implemented it and integrated into their distro. The main warts are:
- All heimdal binaries installed under /usr/lib
- Only a single SysV init script for all daemons even though some daemons are only appropriate on a master or slave.
- No /etc/xinet.d/ files for the Kerberized telnet, ftp (and friends) daemons
- No SysV init script (or alternatively xinetd script) at all the for the propogation daemon that should run on slaves
- Kerberized replacements for telnet, ftp and other clients are not in the $PATH (first in the $PATH) by default. This should be implemented via a /etc/profile.d/kerberos file.
- The YaST kerberos_client module doesn't support more than one KDC and will mangle an existing correct /etc/krb5.conf if it has more than one KDC defined.
I reported these bugs to SUSE but I never heard anything back. It appears their bugzilla is not visable to outsiders so I have no way of knowing if the bugs are being acted on or ignored.
I wrote a patch to Planet ( a blog aggregator) to implements filtering based on category. This was my first Python hacking to add a new feature to an existing code base. Yah!
It will only filter based on the "primary category" as that is the only category information available in the RDF feed.
We will need this functionality when deploying the Planet on the main Guru Labs web page.
I just submitted the patch to the main developers. Hopefully they'll accept it and in the future we can just use a stock Planet install.
I have been looking for a good PalmOS based blogging utility to run on my Treo650. Category support is a must because of the Planet and the ability to upload pictures stored on the internal memory or on the SD card would be very nice.
So far, MO:BLOG seems to be the best.
A little bit slow maybe, but Guru Labs is finally getting on board the blogging bus.
We hope that this will be a useful way for our partners, customers, and friends to tap into the fun 'Guru' atmosphere.
In the course of doing what we do, namely teaching advanced Linux classes and writing courseware manuals, we discover and gain insight on very interesting stuff!
Historically, this info was just passed back and forth on private internal mailing lists. Now we are going to make this info public via our newly installed blog server.
We are encourging all our Guru instructors to blog freely. Since most have Treo 650s picture phones, there should be some interesting impromptu and mobile blogging activity as well.
We hope to enjoy the ride. See you on board!