scadblog

I was in a haze this morning and don’t quite recall what change I made to my PAM configuration to allow local users with local passwords to log in should their kerberos passwords fail. I’m pasting my system-auth conmfiguration here just in case I don’t get a chance to diff it against the original.

auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_krb5.so
auth required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_krb5.so

I’ve learned something new about Samba connections today. I always assumed that the ports Samba, CIFS, etc. use for incoming connections were 137-139 TCP. In actuality only 139 needs to be open for TCP; 137-138 need to be able to talk over UDP. Without this subtle distinction I was getting some odd behavior from all sorts of clients attempting to connect, most notably a Mac client was giving error code -43. But I’ve seen Windows cry about this too in the past, so its an important distinction to make when configuring your firewall and Samba services.

Here’s a neat little open source application project I stumbled upon today that’s neat from the ‘Financial Engineering’ half of my department:

“A web-based prediction market (Idea Futures) system. In prediction markets, the commodities traded are claims about future events; the market price gives a consensus probability about the event’s likelihood of coming true.”

Idea Futures Sourceforge Project Page

To license your copy of Mathematica purchased from Software Sales you first need to install the software. The software will generate a key which you can take to Wolfram’s website. Entering it in to the site will automatically send an email to Software Sales with the corresponding access key. When prompted you can then provide that access key to the program.

I’ve been configuring apache for the past few days and I’ve been tapping in to a number of features. First, I have a number of redirects to other machines that are necessary. In the past I would have created a local account and used some html with a forward embedded to get the users to the new machine. However, Apache’s ProxyPass statement seems better suited to the job, and it involves a lot less clutter. To forward all requests for ~user to another machine entirely I did the following. In httpd.conf or your virtual.conf file add:

ProxyPass /~user/ http://hostname/
ProxyPassReverse /~user http://hostname

This takes all forwards for an address requested with the trailing slash. I found that without the trailing slash though it was unable to redirect properly. It was then time to dive into the rewrite_mod. Adding the following to my conf files:

RewriteRule ^/~([^/]+)$ /~$1/$2 [R]

Automatically rewrote any request for a tilde+user directory and added the trailing slash. Finally, attracted to the power of rewriting URLs, and remembering my recent entry on Apache+Kerberos authentication, I decided to write RewriteRule that actually worked to redirect to https.

RewriteRule ^/~user(.*)$ https://192.168.0.87/~user$1 [L,R]

Using the SCPlugin for the Finder when using Subversion for version control is really user-friendly. Unfortunately the installation is not. The instructions leave out the fact that you need to enable the Finder integration via an Preference Pane that’s added as part of the Plugin’s installation. Once that is enabled you also need to point it to the svn binary. Unfortunately the dialog won’t let you navigate to any of the hidden system folders. To update the location via the command line you can give the following command, pointing to your svn client install (mine was installed via Fink, thus the /sw/bin location):

defaults write org.tigris.SCPlugin svn_executable /sw/bin/svn

To manually update the locate database in Mac OS X, run the following:

sudo /usr/libexec/locate.updatedb