Two years ago I looked at some options for doing virtualisation at home. I decided on running Citrix XenServer. This has actually worked out quite well. So much so that I want to move some of my remaining physical hardware onto virtual.
And here I run into a problem. XenServer doesn’t want to work nicely with mirrored disks. It’s expecting SAN or similar to provide the redundancy for disks. Now people have worked out options to convert a XenServer to a RAID disk, but I’m very very worried about how upgrades might break the OS partition.
People keep telling me how Windows 7 is so much better than XP. Eventually, at work, I get forced into using it. The first thing I notice is that the taskbar is now all icons, which you have to mouse over to see what windows each application has. And there’s no quick launch area any more; you can pin applications to the taskbar so they’re there.
However, I like having the XP option of having a program bar for each running program.
Since those experiments, linode is now also providing native IPv6 so my linode was switched to the auto-provided address they provide. By default they only provide 1 IPv6 address but they allow rDNS to work, so I haven’t needed any more, yet!
IPv6 speeds internationally are a lot faster as well. I did some speed tests to a site in a UK exchange (connected at 100Mbit/s). It would saturate my home FIOS connection, peaking for periods of time at 3.
Just for the lulz I fired up a CentOS VM (I knew that Citrix XenServer would come in handy!) and configured a tunnel to HE via that.
I then configured a static IP6 address on eth0 and fired up radvd. My main Linux machine automatically picked up an address on that subnet and could ping6 to the outside world. I could also ssh from my linode directly to my main Linux machine (did I mention I need an IPv6 firewall?
My v-colo at Panix can be configured to use IPv6. Now it looks a little bit like Panix is kludging routing slightly (they give you a /96 but with a /64 netmask). It’s very possible that their router is just at the end of a HE tunnelbroker, since HE are an upstream provider to Panix.
Enabling IPv6 on the v-colo was simple; I just enabled it on their “config” website and…it worked.
Not only have I been playing with Kerberos, but I’ve also been playing with IPv6. So, naturally, kerberos over IPv6 was a test I had to do.
Now because I’m only playing with IPv6 I’ve been using different DNS names; so kdc.spuddy.org is on IPv4 but kdc.ip6.spuddy.org is on IPv6.
So, test!
$ telnet -a -f kdc.ip6.spuddy.org Trying 2001:470:1f07:dc4:3c46:1aff:fef4:d7a3... Connected to kdc.ip6.spuddy.org (2001:470:1f07:dc4:3c46:1aff:fef4:d7a3). Escape character is '^]'. [ Kerberos V5 accepts you as ``sweh@SPUDDY.
So I built a quick AD domain based on W2k3 R2. I created TESTDOM.AD.SPUDDY.ORG as my AD domain, and made my primary DNS delegate that part of DNS to the AD server.
I was able to join an XP client to the domain.
So far, so good!
So then I built a CentOS 5.6 machine and configured it for Kerberos. set up krb5.conf:
[libdefaults] default_realm = TESTDOM.AD.SPUDDY.ORG dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] # TESTDOM.
Disclaimer: I know nothing about Kerberos. I’m learning it all from scratch.
I wanted to do some playing around with Kerberos (once I know Kerberos then I can look better at how to integrate with AD), so at home I set up a couple of CentOS 5.6 server VMs on my home network, built one out as a KDC (“yum install krb5-server”) and one as a Kerberos client talking to the KDC (krb5-workstation installed by default).
Because of who we are and what we do, a number of people who post to newsgroups like to hide themselves; use anonymous names, try to stop archives from retaining messages and so on. I, personally, am open with who I am and what I am but this doesn’t mean I decry the attempts of others to maintain anonymity.
One such attempt is the use of X-No-Archive: headers in newsgroup postings.
Many of us are geeks who like to play with technology “because it is there”. We might want to try out a new OS, or a new piece of software. Maybe install a beta version of something, or be able to test a client-server setup. Historically that has meant having one (or more) test machines, configured as multi-boot. In 2002 I spent $600 on a Celeron 1200Mhz machine with 256Mb RAM and a 40Gb disk for precisely this purpose; it multi-booted into XP, NetBSD, Solaris 86, Fedora… at that point I ran out of primary boot partitions.
