Fedora 15 krb5.conf
To get a Fedora 15 MIT Kerberos client to log into hosts with multiple PTRs using an older MIT Kerberos implementation (e.g. Debian Lenny), you need at least the following in your krb5.conf:
[libdefaults]
rdns = false
OSX software updates, fuck off and stop bothering me. I’m trying to make magic happen.
—
Matt Carroll on #mcollective
Originally quoted without “OSX software updates”, but that put an elitist spin on it, instead of conveying the despair of an Apple customer aspiring to productivity.
Renewing Kerberos tickets in Gnome3
UPDATED… Some smart arse in the office pointed out that you can change this more easily as follows:
- Click on your name in the top right of the screen.
- Click
System Settingsin the drop-down menu. - Click
Kerberos Authentication. - Type your preferred Kerberos principal into the
Kerberos Principaltext field. - Close the
Kerberos Authenticationwindow.
The original advice remains below as an exercise in humility.
With a large number of configuration utilities removed from Gnome3, I found it hard to adjust the principal that krb5-auth-dialog uses when refreshing my Kerberos ticket.
The principal I need to use is sheldonh/root@STARJUICE.NET. Unfortunately, krb5-auth-dialog defaults to sheldonh@STARJUICE.NET.
Happily, you can change this as follows:
- Install and run
gconf-editor. - Click to expand
/appsin the tree view on the left. - Scroll down and click on
/apps/krb5-auth-dialogin the tree view on the left. - Double-click on
principalin the detail view on the right. - Type your preferred Kerberos principal into the
Valuetext field and clickOK. - Close
gconf-editor.
Now when you click on “Get Ticket” in krb5-auth-dialog, you’re prompted for the password for your preferred principal.
The Myth of the One-Off
An argument that I regularly hear from people regarding the adoption of configuration management tools is that their systems are unique and comprised of many one-offs. In this article I will address the one-off myth and discuss why your systems are not beautiful snowflakes.
(Source: puppetlabs.com)
The Modernist believes in OR more than AND. Postmodernists believe in AND more than OR.
The best theory is inspired by practice. The best practice is inspired by theory.
— Donald E. Knuth
I just discovered VirtualBox’s guest control feature.
VboxManage.exe guestcontrol exec tophat \
/bin/uname --arguments "-a" \
--username sheldonh --password secret \
--wait-for stdout
This logs into a virtualbox called tophat as user sheldonh, runs /bin/uname -a and returns the process output:
Linux tophat 2.6.35.13-91.fc14.x86_64 #1 SMP ...
Cute!
Maybe Windows developers have a stronger sense of progress because Windows really has seen more progress. Unix began on the high-end systems of its day and has worked its way down. Windows began low-end hardware and has worked its way up.
— Software development and the myth of progress — The Endeavour
So, what happened? Why are you getting blocked today, based on utilization of a practice that was considered perfectly acceptable a few years ago?
It’s nice to see people outside the antispam community waking up to Google’s seriously broken attitude toward security. It means that it shouldn’t be long before they know that we know, you know?
