Archive for the 'apache' Category

Today: 04-Nov-2008: Fun with Kerberos

Today was a mostly ordinary day, though the day started with me buying Red Alert 3, so that wasn’t too bad – yay! Australia! A week behind the rest of the world! I could have pirated the game and had it faster and cheaper, perhaps even finished! But I digress, it was an ordinary day.

Today is Melbourne Cup day, being the first Tuesday of November, so we had a luncheon of sorts and a drawing for the horses. Didn’t win, the food was good, I’m $10 poorer and such is life.

I’ve been spending more time at work using my Mac as a primary machine. Since I’ve moved to Exchange from Domino (or Outlook from Notes), I’ve gotten Evolution on Linux mostly working (with the exception that it doesn’t automatically look up names for emails which is tedious) and Apple’s Mail and Address Book both playing nicely with Exchange. I do miss the fact that I had Notes on my Linux desktop and things mostly worked albeit slowly and consuming large amounts of memory, but it worked with all of the features available normally. Mail’s ability to due autocompletion is what is drawing me back to it as a client, which when you start writing emails is actually more useful than you would think. Its still not up to par with the Notes autocomplete which was quite cool and a lot more advanced than either Mail’s or Outlook’s (I get Outlook via Citrix).

I’ve also been trying out NetBean’s PHP Early Access through a nightly build (has the ability to create PHP projects from existing sources) and I’m impressed with it. I tried it out because I wanted to try out debugging with my PHP instance and the dated version of Eclipse I had (3.2) seems to have issues – more than likely my fault – and I don’t want to waste time on trying to fix something. NetBean’s installed and worked almost instantly, however it took me a while to find where I could change the params to get J! to route items properly. I managed to work out the bug that I was having without too much issue. I knew what it was but not where it was: turned out to be exactly what I thought, an assignment operator used instead of the append operator. The Subversion support seems to be a bit off and doesn’t work yet, so I’m not quite ready to ditch Eclipse yet – but I’ll try with later versions to see what I get.

I had a chat with the principal (we have principal, manager, director, CEO as our chain of command) about the projects that I’m doing and the ones I’m interested in so I’ll have to do some paperwork and business cases for the new projects and justify items. We’ve recently got a new manager who is trying to find where everything is so part of this is explaining everything so that he can get a grasp of the way the system works.

Then I spent the majority of the afternoon with one of the ITS guys working through how our Citrix boxes work with Flex profiles and the mandatory profiles filling in the gaps in his knowledge and how different parts of the system and why items might break or behave in a particular way. I think he’s worked out how it works and he’s even figured out why a few issues are happening. So nothing exciting but useful.

And finally I had fun with Kerberos. I built the Kerberos module on the SLES10 server, installed it, restarted Apache and tried to get it to work. On my Mac both Safari and Firefox requested a username and password instead of using a Kerberos token and IE6 in my Citrix session seemed to just go in a weird infinite loop. I slowly worked through my entire Kerberos configuration on the server until I got to looking at the keys. It turns out that the keys were created with the wrong virtual host name for the server which is causing the issues. The keys for the real server name actually worked fine when I got around to testing them which proves that everything will work once I get the keys. The last part is a fix to the Citrix system which for some reason think that the intranet site is actually on the internet, but I’m assured that this should be easy to achieve. Getting Kerberos up and running was pretty easy ignoring the faulty keys compared with some of the nightmares I’ve had getting items to play nicely together. I’ll probably add something to my guide (http://sammoffatt.com.au/jauthtools/Kerberos) on it, to help with items.

Who knows, I may have even figured this Kerberos thing out!

No comments

Fun with Subversion and Apache

October 03rd, 2007 | Category: apache,linux,opensource,subversion,web

I’ve been having some issues with getting my Subversion repository to play nicely. For some reason it started to randomly attempt to point to a repository called “error” which puzzled me a bit. A mailing list entry has set me up with a solution  (http://svn.haxx.se/users/archive-2004-06/1312.shtml) and it appears looking around a bit further and a few other people have had the issue as well. The basic problem is that somewhere the system is throwing an error, it appears a 500 which is an Internal Server Error. But this doesn’t seem to be the base cause since I feel this is actually being generated internally for some reason and bounced around. It happens that the reason why its bouncing here is because of an error directive somewhere is causing an error page to be looked for, and since by default we’re pointing to our errors being at /error, which Subversion tries to find a repository for because “SVNParentPath” is set with the Location set to the root (e.g. “”), we end up getting a strange error from Subversion. The vexing thing is that checkouts seem to have no issue, updates are fine but adding new files seems to have issues.

So the solution from the above as to add a redirect to another virtual host on the server:

RedirectMatch permanent ^/error http://pasamio.com/error

Another solution is to rewrite the ErrorDocument to make it return strings instead of page: 

ErrorDocument 400 "400 HTTP BAD REQUEST"
ErrorDocument 401 "401 HTTP UNAUTHORIZED"
ErrorDocument 403 "403 HTTP FORBIDDEN"
ErrorDocument 404 "404 HTTP NOT FOUND"
ErrorDocument 405 "405 HTTP METHOD NOT ALLOWED"
ErrorDocument 408 "408 HTTP REQUEST TIME OUT"
ErrorDocument 410 "410 HTTP GONE"
ErrorDocument 411 "411 HTTP LENGTH REQUIRED"
ErrorDocument 412 "412 HTTP PRECONDITION FAILED"
ErrorDocument 413 "413 HTTP REQUEST ENTITY TOO LARGE"
ErrorDocument 414 "414 HTTP REQUEST URI TOO LARGE"
ErrorDocument 415 "415 HTTP SERVICE UNAVAILABLE"
ErrorDocument 500 "500 HTTP INTERNAL SERVER ERROR"
ErrorDocument 501 "501 HTTP NOT IMPLEMENTED"
ErrorDocument 502 "502 HTTP BAD GATEWAY"
ErrorDocument 503 "503 HTTP SERVICE UNAVAILABLE"
ErrorDocument 506 "506 HTTP VARIANT ALSO VARIES" 

This also fixes the problems, though in a few more lines. This is perhaps the better solution as it wipes out the old ErrorDocument directives that were giving us some troubles and returns a straight string. The next simplest solution is of course to move the Subversion “SVNParentPath” from the root to its own path underneath the root, which is the solution that most people seem to go in for doing.

No comments