Just for the lulz I fired up a CentOS VM (I knew that Citrix XenServer would come in handy!) and configured a tunnel to HE via that. I then configured a static IP6 address on eth0 and fired up radvd. My main Linux machine automatically picked up an address on that subnet and could ping6 to the outside world. I could also ssh from my linode directly to my main Linux machine (did I mention I need an IPv6 firewall?
My v-colo at Panix can be configured to use IPv6. Now it looks a little bit like Panix is kludging routing slightly (they give you a /96 but with a /64 netmask). It’s very possible that their router is just at the end of a HE tunnelbroker, since HE are an upstream provider to Panix. Enabling IPv6 on the v-colo was simple; I just enabled it on their “config” website and…it worked.
Not only have I been playing with Kerberos, but I’ve also been playing with IPv6. So, naturally, kerberos over IPv6 was a test I had to do. Now because I’m only playing with IPv6 I’ve been using different DNS names; so kdc.spuddy.org is on IPv4 but kdc.ip6.spuddy.org is on IPv6. So, test! $ telnet -a -f kdc.ip6.spuddy.org Trying 2001:470:1f07:dc4:3c46:1aff:fef4:d7a3... Connected to kdc.ip6.spuddy.org (2001:470:1f07:dc4:3c46:1aff:fef4:d7a3). Escape character is '^]'. [ Kerberos V5 accepts you as ``sweh@SPUDDY.
So I built a quick AD domain based on W2k3 R2. I created TESTDOM.AD.SPUDDY.ORG as my AD domain, and made my primary DNS delegate that part of DNS to the AD server. I was able to join an XP client to the domain. So far, so good! So then I built a CentOS 5.6 machine and configured it for Kerberos. set up krb5.conf: [libdefaults] default_realm = TESTDOM.AD.SPUDDY.ORG dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] # TESTDOM.
Disclaimer: I know nothing about Kerberos. I’m learning it all from scratch. I wanted to do some playing around with Kerberos (once I know Kerberos then I can look better at how to integrate with AD), so at home I set up a couple of CentOS 5.6 server VMs on my home network, built one out as a KDC (“yum install krb5-server”) and one as a Kerberos client talking to the KDC (krb5-workstation installed by default).
Because of who we are and what we do, a number of people who post to newsgroups like to hide themselves; use anonymous names, try to stop archives from retaining messages and so on. I, personally, am open with who I am and what I am but this doesn’t mean I decry the attempts of others to maintain anonymity. One such attempt is the use of X-No-Archive: headers in newsgroup postings.
Many of us are geeks who like to play with technology “because it is there”. We might want to try out a new OS, or a new piece of software. Maybe install a beta version of something, or be able to test a client-server setup. Historically that has meant having one (or more) test machines, configured as multi-boot. In 2002 I spent $600 on a Celeron 1200Mhz machine with 256Mb RAM and a 40Gb disk for precisely this purpose; it multi-booted into XP, NetBSD, Solaris 86, Fedora… at that point I ran out of primary boot partitions.
In my spare room I have what I grandiously like to call a library. (By library I mean approx 112ft of bookshelf space, on 3 of the 4 walls). What does any library need? A computer! Internet access, ability to print, access files etc. I have a random vision of the future of having my eBooks managed “somehow” (plug the eBook reader in, download the book(s) I want…). Nothing high powered; possibly playing youtube videos would be the hardest thing this computer would need to do.
