Main | June 2012 »

May 31, 2012

SA Lisa Team Goals *initial list*

We've completed the initial listing of three Team Lisa Goals, specifically:

- Standard ticketing communication responses
- Professional improvements
- Forward facing and transparent communications

Detailed information for each entry can be located on the Team Lisa web portal, at this link: https://wiki.umms.med.umich.edu/x/sJCABw

Posted by cdgrieb at 11:56 AM | Comments (0)

May 30, 2012

Managing Kerberos Credentuals for Xgrid

So, one of the issues we've encountered in the past regarding Xgrid and scripting out job progress and information results from the fact that Xgrid uses LDAP and Kerberos for EVERYTHING, which means you'll a ticket to do anything. We've whipped out a simple script that does this (admittedly, this is a hack, but it works for temporary usage...):
---------------------------------------------------------------
if ( $ARGV[0] eq "-k" || $ARGV[0] eq "--k" )
{

open PASS, "/path/to/encrypted/pass/krb5.pass" or die $!;
while ()

my $cipher = new Crypt::Blowfish "my key";
my $plaintext = $cipher->decrypt($_);
chomp($plaintext);
my $krb5_princ;
Authen::Krb5::init_context();
$krb5_princ = Authen::Krb5::parse_name('pcastuser');

my $krb5_sprinc = Authen::Krb5::sname_to_principal(
"myserver.com",
'xgrid',KRB5_NT_SRV_HST
);
my $cc = Authen::Krb5::cc_default();

Authen::Krb5::get_in_tkt_with_password(
$krb5_princ,
$krb5_sprinc,
$plaintext,$cc
);

}
---------------------------------------------------------------
This allowed us to extract a listing of submitted Xgrid jobs (e.g, Podcast Producer) for MTube migration.

Posted by cdgrieb at 09:56 AM | Comments (0)

Nested LDAP groups and coSign....

We've noticed a specific issue with MCommunity, coSign, and nested LDAP groups - essentially, they don't work in some situations. For example, the following coSign entry should allow individuals from the 'm1' and 'm2' LDAP groups to authenticate....
-----------------------------------------------------------------
require ldap-group cn=g1,ou=User Groups,ou=Groups,dc=umich,dc=edu
require ldap-group cn=g2,ou=User Groups,ou=Groups,dc=umich,dc=edu
-----------------------------------------------------------------
However, only direct users are allowed access, in addition to one or two folks from the nested groups. We're not positive if this is a result of UMOD group translations, LDAP naming conventions, or something else...more investigation forth coming...

Posted by cdgrieb at 09:22 AM | Comments (0) | TrackBack

May 29, 2012

OpenSSL certificates and the NetScaler

Reminder to self: all OpenSSL fronted web-services should contain matching copies of the SSL Key, cert, and PEM files - failing to upload the certificates to the web-server will break coSign, etc, when the certs actually expire. Whoops.

Posted by cdgrieb at 02:35 PM | Comments (0)

WordPress and RHEL 5

So, we've had a few issues with WordPress and RHEL 5.0, specifically recent builds of WP requiring a minimum of PHP 5.2.4. A quick query against the rpm database on a RHEL 5 system reveals the following php packages:
----------------------------------------------------
[cdgrieb@ginkgo ~/Downloads]# rpm -qa | grep 'php'
php-gd-5.1.6-34.el5_8
php-mcrypt-5.1.6-5.el5
php-pdo-5.1.6-34.el5_8
php-common-5.1.6-34.el5_8
php-5.1.6-34.el5_8
php-mbstring-5.1.6-34.el5_8
php-cli-5.1.6-34.el5_8
php-mysql-5.1.6-34.el5_8
----------------------------------------------------

Obviously, PHP 5.1.6 will only get you antiquated support for WP, so we've decided that all existing WP blogs should be migrated to RHEL 6, at least.

Posted by cdgrieb at 11:35 AM | Comments (0)