Showing posts from August, 2008

Organizing Kerberos-based infrastructure

SSO (Single Sign-On) is a good method for organizing enterprise-level IT infrastructure. It can reduce TCO (Total cost of ownership) of user management, allowing to create/modify/delete user accounts in one place without changing configurations of servers and client workstations. Let's consider Kerberos as a basis for SSO in an enterprise infrastructure in details: Log in to a workstation. Most UNIX-based OS provide authorization mechanism for logging into a workstation using Kerberos PAM modules. Windows OS-based workstations can login only to domain controller, and doesn't support standard Kerberos servers by default due to Kerberos extensions by Microsoft. But there is a bypass way - use Samba PDC with Kerberos and OpenLDAP integration (Article in Russian, I'll translate and publish it in the blog after setting up such infrastructure on my servers). Servers.Firewall: NuFW (see corresponding article).Email: postfix, sendmail.IM: openfire.Web: apache.Proxy: squid.Ftp: Pro…

Mail Dispatcher version 0.3 is released

New release of Mail Dispatcher introduces major changes in internationalization and usability of the product.Parsing mail messages was added and now they are shown in required encoding. Also a user can select preferred encoding for messages preview.Selecting dates ranges was added and now a user can select required date interval for downloaded messages. Mail Dispatcher uses special algoritm for selecting messages based on binary searching.For more information, visit site:

Daemonize a script

Sometimes it is required to start script as daemon (for example Django site in development mode), and I want to provide guidance how to do it in Fedora 9.First, it is required to write auxiliary bash-script for running necessary script (let's call it ''): #!/bin/sh cd /path/to/site/ nohup python runserver --noreload > site.log & echo "${!}" > /var/run/ In this script I changed directory to site location, and ran it via 'nohup' command. Also I took PID of created process via '${!}' to manage it later.This script should be run under root privileges and should be checked via 'ps aux | grep python' for equality of PID of running process and stored in /var/run/ everything is fine, let's move forward and create init-script (let's call it 'site'): #! /bin/sh # Startup script for site # # chkconfig: 2 96 04 # description: site service # Source function library. . /etc/rc.d…