Archive | Services

RSS feed for this section

HACKS Jabber/XMPP Server

Posted on 05 March 2009 by Shawn

A few weeks ago I set-up Openfire Jabber Server for HACKS. Really I set this up for Jason, he was looking for a server-side way to login to all his IM accounts and log a history. In any case, now it is up and anyone with a HACKS LDAP account can login. Just fire up a Jabber/XMPP client and use the JID <HACKS username>@hacks.arizona.edu with your LDAP password and you are in. It has most common transports enabled (AIM, Yahoo, Jabber, and ICQ) as well as the IRC transport. S2S is confirmed working with jabber.org, gtalk, and my domain (nocko.net).

For those that are interested it is running IgniteRealtime’s OpenFire Server 3.6.3 and it is running in tugarin.hacks.arizona.edu. If you are having trouble or you don’t have a HACKS LDAP account send me and e-mail (n...@hacks.arizona.edu). If you decide to use the service, give me a holla. My JID is nock@nocko.net .

Comments (0)

HACKS CA!

Posted on 04 January 2008 by admin

SSL is really neat. What sucks is that SSL certs cost monies and self-signed certs aren’t respected by browsers. Enter Shawn and I concocting a master plan where we create a CA for HACKS. Now, this does NOT mean you get free SSL certificates that validate in browsers out of the box. What it means is, you have a CA cert you can import into your browser and THEN when you use a HACKS issued SSL cert, you won’t get any “untrusted cert” alerts.

While I know this is pretty much non-news, I run some stuff under cover of SSL and I’m pretty stoked. I’ve attached the HACKS CA certificate to this post (strip the txt extension, Drupal is retarded). You download this file and then in your browser’s preferences (not going into detail here, be clever) you import it as a trusted CA, bingo bango, valid certificates fall from the heavens, or whatever.

By amichel

Comments (0)

Tags: , ,

New Hosts

Posted on 13 October 2007 by Shawn

Adam and I spent an evening working on some HACKS hosts on Tuesday.

Two more of the quad processor 700 MHz boxes are installed, LDAP auth enabled with the shared home directories. The hostnames are (temporarily) lizard1.hacks and lizard3.hacks [lizard2 is refusing to POST right now...]. This are destined to become part of the GP club shell cluster.

Feel free to login and look around. Note: I added Quota to the home directories to prevent a single user from hosing the partition. I split the free space equally among the members. This was mostly a test and can be changed, but each user ended up with ~17.3G.

Comments (0)

Tags:

LDAP HA Cluster is Operational

Posted on 09 October 2007 by Shawn

In order to ensure continued reliability for the LDAP directory server. I have configured the DNS cluster with a new service IP served by all the machines. Kiyo and Bahamut are now read-only slave servers to Smaug.

If the master fails, the others will answer read request and allow auth to continue to function. All machines and the main website have been updated to use the new dns entry ldap.hacks.arizona.edu->150.135.84.4 . Please update any applications that use Smaug directly to query the service address to take advantage of the new fault tolerance.

Comments (0)

Tags: , ,

HACKS SVN & Trac Up

Posted on 12 September 2007 by admin

HACKS Subversion server (https://svn.hacks.arizona.edu/repos/) is online and running — you’ll need to use your HACKS ldap username/password to checkout and commit projects. Additionally, we have an integrate Trac install (http://trac.hacks.arizona.edu/) available so you manage your project(s) online with a customizable wiki.

For more information about subversion: http://subversion.tigris.org/

For more information about Trac: http://trac.edgewall.org/

By leingang

Comments (0)

Tags: ,

HACKS Jabber

Posted on 08 September 2007 by admin

HACKS now has a Jabber server. It’s hooked to the LDAP server, so if
Shawn made you an LDAP account, you can log in to Jabber as well. I’d
recommend Psi .11RC2 (psi-im.org) for a quality jabber client.

Info:

  • jids are (loginname)@scatha.hacks.arizona.edu
  • SSL is required, but *NOT* on the alternate port
  • Compression is available, but not required

You should get a “Members” group on your list by default. I’m not
clear at the moment exactly how it works as far as showing you the
status of people in Members, so you’ll just have to see. You may need
to request authorization for everyone. I don’t know. It’s a HACKS
project, so it can’t be completely finished or understood, only pretty
much working.

By amichel

Comments (0)

Tags:

What is LDAP?

Posted on 05 September 2007 by Shawn

There has been a lot of talk about LDAP since we decided to roll it out for central HACKS authentication.

LDAP stands for Lightweight Directory Access protocol. LDAP is a protocol for exchanging objects over a variety of links. LDAP does not specify how the information is stored. So, an LDAP server is just a computer that takes formatted text objects and presents them over a socket in an organized way.

The primary uses for LDAP are central authentication, online phone books, and cryptographic keyservers.

Examples of LDAP servers @ the University of Arizona include NetID (authentication server for many campus services including e-mail, WebReg, employee link, …), UA Phonebook (ldap.arizona.edu; an online phonebook containing information about students, faculty and staff).

While the physical storae of the data is unregulated by the LDAP standards docs, the logical representation is tightly governed. Schema are defined that restrict and mandate what types of objects may/can exist in the directory.

When manually interacting with an LDAP compatible server, you use a file called an ldif. An ldif file defines an instance of an object and describes its place in the directory looks like this (a user object):

dn: cn=Shawn Nock,ou=members,dc=hacks,dc=arizona,dc=edu
givenName: Shawn
sn: nock
cn: Shawn Nock
uid: nock
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
mail: n...@hacks.arizona.edu
userPassword: deadbeef(password hash)deadbeef
shell:/usr/local/bin/bash
home: /home/nock

Description of terms (for an object of type posixUser):
cn= “Common Name” The name of the object instance
ou= “Organizational Unit” A container for objects
dn: “Distinguished Name” Describes where the object exists in the directory heirarchy. In the above example: Theobject named “Shawn Nock” exists in a container called “members” in the directory “dc=hacks,dc=arizona,dc=edu”
sn: “Surname” Last Name
givenName: First Name
objectClass: The object type. The above object inherits the requirements for a person (inetOrgPerson; allowing surname, givenname, mail), posix account (means the object get a uid [login name] userPassword [login password], login shell, home directory, etc.) and “top” a basic toplevel object which all objects inheirit (allows common name and distinguished name)

Once in the directory, HACKS uses a PAM (pluggable authentication module) to query the directory for a uid (login name) and compare the psasword for login to multiple machines. Assuming the password is correct, the server can pull all the relevant information (where the users home directory is , what shell they like, etc. and use it to customize their environment.

For example, the main web site uses uid and userPassword to authenticate a user and pulls in mail to allow the user to be contacted through a web form. given and surnames are used to mark a post by a user so others know who posted it.

More information about LDAP can be found from various sources on the internet. Try searching for OpenLDAP (the name of the LDAP server/client software HACKS uses).

Comments (0)

Tags:

LDAP @ HACKS

Posted on 04 September 2007 by Shawn

*UPDATE: You can now change your LDAP password from any Linux host that uses LDAP auth using the passwd command (Aliera; FreeBSD does not work)*

It is finally available! Currently aliera, tugarin, and the HACKS website are available for users that are registered in our ldap. You can even change your LDAP password (and preferred e-mail address) from the home page!

I hope to add everyone to the directory at the meeting tomorrow. be warned though, I will probably be configuring tugarin as the new aliera, so there may be some periods where LDAP is unavailable. During this transition I also hope to escape form the majordomo managed listserv on to a more modern mailman based one.

Comments (0)

Tags: ,

Fast Times @ HACKS

Posted on 09 June 2007 by Shawn

A lot of work has been going into the room lately… Two new four post racks hold 0.75T of Fast FC storage, 11 new servers (4-way and 8-way), fibre channel switches.

The Xen Virtualization environment in nearing completion, several VMs are already in service: norbert.hacks (MySQL) & prothero.hacks (LDAP Auth Server). Creating a new virtual server is as easy as cp (1) and editing the conf file.

Work has begun on the new clustered computing environment. Currently 8x 4-way 700MHz Xeon boxes. The Head node has 250GB of Dual Channel SCSI RAID5 storage. It will be sharing this with the other nodes via NFS. Not to far along on this project, yet…. but good things seem to be just around the corner.

Comments (0)

Tags:

HACKS Virtualization Environment

Posted on 09 June 2007 by admin

HACKS has rolled out Xen virtualization in order to facilitate easy provisioning of servers to club members.

Hardware:

  • 2x 8-way 700Mhz Xeon; 4GB RAM
  • 1x 8-way 550Mhz Xeon; 6GB RAM
  • 500GB Fibre Channel Multipath SAN storage
By admin at 2007-06-09 11:39

Comments (0)

« Previous Entries

Links

Recent Posts

Meta

Tags