Subversion, Fedora, PAM, winbindd, Apache and NT4 Authentication

In order to get a Subversion source control server running via Apache HTTP server on Redhat/Fedora Linux, with no separate user authentication, I had to get the Apache server on the box to authenticate the Subversion svn URL against a Windows network. In this case that meant an NT4 Windows domain. There's a few tricks to this that took awhile to figure out. Here's an outline of the process to get Apache to protect the resource using Windows network login and passwords...

0. Install the Apache module mod_auth_pam.

1. Connect the Linux host to the Windows domain. From the menus, select: Administration -> Authentecation -> Authentecation -> Winbind

Configure winbind and and click the "join" button. Note that this required the Windows administrator's username and password.

2. Edit the system's services and enable winbindd to run on startup

Now these commands should work:

wbinfo -u
wbinfo -g
wbinfo -a \\%;

For example:

wbinfo -a XYZ\\jsexton%my_password

should successfully authenticate jsexton against the NT domain XYZ.

3. Setup PAM's http configuration. Here's the use of pam_permit.so. Without this, PAM will check for a valid local account and fail. You'll find references out there to having to make /etc/shadow readable by the httpd for this reason. But using the permit option avoids this problem. This took awhile to figure out because I was using myself as a test and I do in fact have a local account. What I didn't realize was that it was not smart enough to deal with the leading Windows domain on the username. User "jsexton" existed on the linux box, but "XYZ\jsexton" did not. Not having to enter the Windows domain with the username when logging in would also solve the problem, but I don't see how to make that happen in the winbindd setup, for an NT domain.

File /etc/pam.d/http

#%PAM-1.0
auth       sufficient pam_winbind.so debug
#account    required pam_winbind.so debug
account    required     pam_permit.so

4. Set Apache to load PAM:

File /etc/httpd/conf.d/auth_pam.conf

LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so

5. Protect a sample directory:

File /etc/httpd/conf/http.conf

Alias /test/ "/test/"
<Directory "/test">
   AllowOverride None
   Allow from all
   Order Deny,Allow
   AuthType Basic
   AuthName "AUTH TEST"
   AuthPAM_Enabled on
   Require valid-user
</Directory>

Now loading http://localhost/test/ should ask for a name and password and authenticate against the Windows domain (note the trailing slash on the URL). Enter the Windows domain in the username with one back-slash, ie "XYZ\jsexton". Watch /var/log/messages and /var/log/httpd/error_log for information. The exact location of some of these files may vary on your system.

Colbert

http://tv.msn.com/tv/article.aspx?news=279894&GT1=7703

"Stephen Colbert announced his candidacy for president on "The Colbert Report" on Tuesday night, tossing his satirical hat into the ring of an already crowded race.

"In a guest column for Maureen Dowd in Sunday's New York Times, Colbert wrote: "I am not ready to announce yet — even though it's clear that the voters are desperate for a white, male, middle-aged, Jesus-trumpeting alternative."

http://en.wikipedia.org/wiki/Pat_Paulsen

http://www.paulsen.com/
(Have a look at the editorials section)

Now that we don't have equal time rules, it's a lot easier for comedians to run for high office, and Colbert is definately funnier then the rest of the candidates (except for John McCain, that guy cracks me up!).

Shocking Story! Vista is Junk!

http://vista.blorge.com/2007/10/12/dutch%E2%80%99s-consumers%E2%80%99-union-asks-free-copies-of-xp-for-vista-victims/

"In a recent meeting between the Dutch Consumers. Union (Consumentenbond) and Microsoft Netherlands, the consumer organization asked for free copies of Windows XP for members who were having problems with Vista. Microsoft, of course, refused.

"The refusal has led Consumentenbond to call on consumers to explicitly ask for Windows XP when purchasing a new computer and for shops to provide free Windows XP packages to those dissatisfied with Vista."

Changing the Message Displayed on HP Printers

http://kovaya.com/miscellany/2007/10/insert-coin.html

"This little perl program allows you to set the "Ready Message" on HP printers to whatever you'd like.

...

"You can think up your own funny, confusing or scary messages. My personal favorite is "INSERT COIN" which fits perfectly on the small LCDs. You can even sit in sight of the printer and change the message while watching the reaction of your victim."

Everyone should do this. Right away.

So When's the Big Sale on Wallstreet?

I was thinking about the stock market...

What they call a bull market has officially entered a 5th year. The average length of a bull market is 3 1/2 years, so it's doing well. I think, as many do, that '08 is going to be good - really good. But what worries me is that after that, beginning sometime in late '08, I have no idea what could happen. I'm thinking at some point I'll move a lot of money out of stocks.

I think what Alan Greenspan has said is ture. Bull markets (bubbles if you like) end naturally for internal reasons at any moment. Whatever happens to be happening in the world at that moment will get blamed for it.

http://www.pbs.org/nbr/site/onair/transcripts/071010_gharib/

"The issue is once you get to the point where the speculative fever breaks, which it does on its own for internal purposes, what happens to be standing there at the point of the break, whether it be somebody making a speech, whether it is a weather change, whether it is some form of event, it will become the cause of the next decline. But the cause is essentially internal. It`s the internal dynamics of booms and busts or bubbles and bursts. It`s human nature. It`s not something which we can do very much about."

DRM and Record Labels

Speaking of bad ideas, get a load of this:

http://www.sfgate.com/cgi-bin/blogs/sfgate/detail?blogid=19&entry_id=21013

I just can not believe eBay. I really can't. A couple weeks ago I got another slick "catalogue" in the mail from Macy's - er - I mean eBay. This one was personalized with my ebay login. "Hello jsexton", or some such. Gee, they know my name, I'm sooo impressed. Then it goes on to hype merchandise that I have no interest in what so ever. My eBay rating is nearly 1,000. I've bought and sold on eBay a lot over many years. And yet the best they can do with this information is use my login name to try to sell me brand new, name brand goods that have nothing to do with my interests - which they know! It's frustrating watching eBay waste their market leading position.

Clouds

I think this is much bigger news than it appears on the surface. I think this is the beginnings of the future of technology, er, I mean the Googture of technology.

http://www.informationweek.com/research/showArticle.jhtml?articleID=202400042

"Google(GOOG) and IBM(IBM) on Monday announced an initiative to advance large-scale distributed computing by providing hardware, software, and services to universities.

"The two companies aim to reduce the cost of distributed computing research, thereby enabling academic institutions and their students to more easily contribute to this emerging computing paradigm."

Google.com

GOOG is over $600/share and just going crazy.
Everyone says the sky's the limit and I'm inclined to agree. The company is doing everything right and they completely dominate their market. And here's a sign Google is strong - the MS-FUD machine. Me-too, late to the party, no meaningful product on the table, Microsoft is attacking Google. Ballmer is saying that Google reads your email! Shocking!

http://www.crn.com/software/202300583

Ya, well Microsoft Vista reads your hard drive. Whatever...
Maybe it's just the "New Economy".

Har!

http://www.reuters.com/article/internetNews/idUSL2779608320070927?feedType=RSS&feedName=internetNews

"The Internet is killing off the art of telling jokes and now the average Briton only remembers and recycles the same two jokes, a new survey showed on Friday.

"Up to 75 percent of those surveyed by Loaded Magazine admitted they spent up to an hour a week at work sending humorous e-mails."

Bikes on Hawthorne

http://bikeportland.org/2007/09/27/pdot-releases-latest-bike-count-report/

Bicycles represent 18% of all vehicles on Portland's Hawthorne Bridge and 11% of vehicles on the four bicycle friendly Willamette River bridges.

Bicycle traffic in Portland has more than doubled since 2001.

Energy

http://www.wired.com/science/planetearth/magazine/15-10/ff_plant_4tech

Wind

Geothermal

Solar

Synfuel

http://www.wired.com/science/planetearth/magazine/15-10/ff_plant

"Unfortunately, passing chemistry class doesn't mean acing economics. Scientists have long known how to turn trees into ethanol, but doing it profitably is another matter. We can run our cars on lawn cuttings today; we just can't do it at a price people are willing to pay."

http://www.wired.com/science/planetearth/magazine/15-10/ff_plant_renew

"We've got only a few decades to save the world: Somewhere between 2030 and 2050, if current trends persist, atmospheric CO2 levels will hit 500 parts per million, temperatures will rise 2 degrees, and the Greenland ice cap will begin turning to slush, causing sea levels to rise 20 feet."

http://www.nytimes.com/2007/09/25/washington/25nuke.html?ex=1348372800&en=ac936439741767c7&ei=5088&partner=rssnyt&emc=rss

"In a bid to take the lead in the race to revive the nuclear power industry, an energy company will ask the federal Nuclear Regulatory Commission on Tuesday for permission to build two reactors in Texas.

"It is the first time since the 1970s and the accident at Three Mile Island that an American power company has sought permission to start work on a new reactor to add to the existing array of operable reactors, which now number 104."

!

Oh for gosh sakes Bush is an idiot!

http://duggmirror.com/celebrity/NO_your_other_right_hand_pic/

The man has armies of handlers and trainers, the best, this should never happen - Cripes!!

Skype

http://www.reuters.com/article/internetNews/idUSN0128731720071001?feedType=RSS&feedName=internetNews

"NEW YORK/SAN FRANCISCO (Reuters) - EBay Inc said on Monday it would cut as much as $1.2 billion off the $4.3 billion potential price it agreed to pay for Web-based phone-calling service Skype two years ago.

"The writedown on the value of the deal came as eBay said Skype co-founders Niklas Zennstrom and Janus Friis had resigned as executives, and marks a tacit admission of lackluster returns from Skype since eBay acquired it two years ago."

Not long ago I started using Skype. Although its functions overlap with those provided by many simular systems, it works well, and I like it. I've used eBay for many years as a buyer and a seller. It has some problems, but it works OK.

Whoever thought eBay should aquire Skype and start operating an IP phone company should really be looking for another job. It makes no sense at all, and eBay has proved this by finding no synergy, at all, and now by making little money on the whole thing. It never did make any sense.

File under "duh"...

14,000

DOW 14,000 today. Will it close over? I doubt it... But it should be a good day. This is the start of the 4th quarter. Q4 is frequently good. We have the "Santa Claus" rally coming up, and an election where people know we'll be getting rid of an idiot (money doesn't play ideology). Plus, the economy is fundamentally strong. It'll take off as people realize that the housing hype is 90% just the whining of a single industry looking to be bailed out.