In the early 90s I was learning DOS and Unix. One thing I really liked about Unix was the concept of “symbolic links”. It meant you could install programs in their own directories and symlink the executable to somewhere in your $PATH. DOS couldn’t do that. So you ended up with horrendously long path names. And DOS had a 120 character limit. Ugh. So I wrote a TSR, called “exelink” which kludged it.
Just two weeks ago, I revisited my virtualization options with a view to making the system more reliable - primarily by using mirrored disks. In the end I stuck with a kludged up process for Citrix XenServer, but with a worry about how this would impact patching and upgrades. This week my XenCenter instance told me that 6.0.2 was out and I should upgrade. Now there are two ways to upgrade a XenServer; one is via the XenCenter console where it pushes the updates, the other is to boot off the CD and upgrade.
Two years ago I looked at some options for doing virtualisation at home. I decided on running Citrix XenServer. This has actually worked out quite well. So much so that I want to move some of my remaining physical hardware onto virtual. And here I run into a problem. XenServer doesn’t want to work nicely with mirrored disks. It’s expecting SAN or similar to provide the redundancy for disks. Now people have worked out options to convert a XenServer to a RAID disk, but I’m very very worried about how upgrades might break the OS partition.
People keep telling me how Windows 7 is so much better than XP. Eventually, at work, I get forced into using it. The first thing I notice is that the taskbar is now all icons, which you have to mouse over to see what windows each application has. And there’s no quick launch area any more; you can pin applications to the taskbar so they’re there. However, I like having the XP option of having a program bar for each running program.
Since those experiments, linode is now also providing native IPv6 so my linode was switched to the auto-provided address they provide. By default they only provide 1 IPv6 address but they allow rDNS to work, so I haven’t needed any more, yet! IPv6 speeds internationally are a lot faster as well. I did some speed tests to a site in a UK exchange (connected at 100Mbit/s). It would saturate my home FIOS connection, peaking for periods of time at 3.
Just for the lulz I fired up a CentOS VM (I knew that Citrix XenServer would come in handy!) and configured a tunnel to HE via that. I then configured a static IP6 address on eth0 and fired up radvd. My main Linux machine automatically picked up an address on that subnet and could ping6 to the outside world. I could also ssh from my linode directly to my main Linux machine (did I mention I need an IPv6 firewall?
My v-colo at Panix can be configured to use IPv6. Now it looks a little bit like Panix is kludging routing slightly (they give you a /96 but with a /64 netmask). It’s very possible that their router is just at the end of a HE tunnelbroker, since HE are an upstream provider to Panix. Enabling IPv6 on the v-colo was simple; I just enabled it on their “config” website and…it worked.
Not only have I been playing with Kerberos, but I’ve also been playing with IPv6. So, naturally, kerberos over IPv6 was a test I had to do. Now because I’m only playing with IPv6 I’ve been using different DNS names; so kdc.spuddy.org is on IPv4 but kdc.ip6.spuddy.org is on IPv6. So, test! $ telnet -a -f kdc.ip6.spuddy.org Trying 2001:470:1f07:dc4:3c46:1aff:fef4:d7a3... Connected to kdc.ip6.spuddy.org (2001:470:1f07:dc4:3c46:1aff:fef4:d7a3). Escape character is '^]'. [ Kerberos V5 accepts you as ``sweh@SPUDDY.
So I built a quick AD domain based on W2k3 R2. I created TESTDOM.AD.SPUDDY.ORG as my AD domain, and made my primary DNS delegate that part of DNS to the AD server. I was able to join an XP client to the domain. So far, so good! So then I built a CentOS 5.6 machine and configured it for Kerberos. set up krb5.conf: [libdefaults] default_realm = TESTDOM.AD.SPUDDY.ORG dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] # TESTDOM.
Disclaimer: I know nothing about Kerberos. I’m learning it all from scratch. I wanted to do some playing around with Kerberos (once I know Kerberos then I can look better at how to integrate with AD), so at home I set up a couple of CentOS 5.6 server VMs on my home network, built one out as a KDC (“yum install krb5-server”) and one as a Kerberos client talking to the KDC (krb5-workstation installed by default).
