Satya's blog - 2009/09/

Sep 02 2009 10:32 Rails with Shibboleth headers

Phusion Passenger 2.2.3 (although I'm running 2.2.4 or 2.2.5, via gem) has a mis-feature where it sets the environment variables on startup only. This means every request to Rails gets the same set of environment variables.

Shibboleth recommends not turning on request headers (don't do ShibUseHeaders On), as that's slightly insecure. They say use the environment variables instead. In Rails terms, ENV['Shib-EduPerson-Principal-Name'].

But these two things together means every Rails request thinks it's being made by the same person!

So, turn Shibboleth headers on (ShibUseHeaders On) and use request.env['HTTP_SHIB_EDUPERSON_PRINCIPAL_NAME'] instead. Sigh.

Update: I almost wish I could do Rails-style simple_format in Perl.

Last updated: Sep 02 2009 10:38

Tag: geeky bug

Sep 27 2009 15:56 LDAP/Kerberos login with local accounts

Suppose your organization uses LDAP authorization, and maybe kerberos, and you have a Debian-based box with PAM (Pluggable Authentication Modules). Then, in /etc/pam.d/, you need:

# /etc/pam.d/common-auth :
auth    sufficient      pam_unix.so nullok_secure
auth    sufficient      pam_krb5.so use_first_pass
auth required pam_deny.so

# /etc/pam.d/common-password :
password   required   pam_unix.so nullok obscure min=8 max=16 md5

# /etc/pam.d/common-session :
session required        pam_unix.so

Only the pam_krb5 line is required, the rest are provided for completeness.

Tag: geeky sysadmin

Sep 27 2009 16:52 James in MSTS
If you've got a kid who is into Thomas the Tank Engine, and you have Microsoft Train Simulator, you can go grab the James (or any other steam engine) model from the web. But to get it into MSTS, you need a consist file (James.con) which contains the following. Paste into Notepad, and save it with the other consist files.
SIMISA@@@@@@@@@@JINX0D0t______

Train (
	TrainCfg ( james
		Name ( "James, 10 passengers" )
		Serial ( 4 )
		MaxVelocity ( 58.11520 0.20534 )
		NextWagonUID ( 19 )
		Durability ( 0.10500 )
		Engine (
			UiD ( 0 )
			EngineData ( james5 james )
		)
		Wagon (
			WagonData ( ScotsCar1 Scotsman )
			UiD ( 12 )
		)
		Wagon (
			WagonData ( ScotsCar1 Scotsman )
			UiD ( 11 )
		)
		Wagon (
			WagonData ( ScotsCar1 Scotsman )
			UiD ( 18 )
		)
		Wagon (
			WagonData ( ScotsCar1 Scotsman )
			UiD ( 17 )
		)
		Wagon (
			WagonData ( ScotsCar1 Scotsman )
			UiD ( 16 )
		)
		Wagon (
			WagonData ( ScotsCar3 Scotsman )
			UiD ( 15 )
			Flip ( )
		)
	)
)

Tag: trains

Sep 30 2009 10:39 JRuby on Rails with Sybase

Got Sybase*? Got Rails? You're skewered. But you can do it with JRuby and jTDS. Assuming Ubuntu 9.04, but any deb-based system should do.
*(or MSSQL, or SQLServer, whatever the heck it's called)

Get jruby1.1 (or whatever the latest is). This also might drag in 90+ other dependencies. You don't have a choice. Get libjtds-java. Get the following gems: activerecord-jdbc-adapter jruby-openssl

sudo apt-get install jruby1.1 libjtds-java
sudo jruby -S gem install rails activerecord-jdbc-adapter jruby-openssl 

jruby -S: installs the gems into the jruby system instead of the ruby (or cruby, for C) system.

Start a jrails (my term for JRuby on Rails) app by doing: jruby -S rails jdbctestapp

Edit config/database.yml to read something like:

development:
  adapter: jdbc
  url: jdbc:jtds:sybase://server:4100/;TDS=5.0
  database: mydatabasename
  username: foo
  password: bar
  driver: net.sourceforge.jtds.jdbc.Driver

Assuming you know how to handle the database.yml file. For MSSQL, change 'sybase' to 'sqlserver' and set TDS=8.0 (or remove the TDS thing altogether, including the semi-colon).

And then, the best-kept secret of the internet: Add this line, or similar, to your environment.rb file:

require '/usr/share/java/jtds.jar'

That's right, the full path to the jtds jar file (you can find it with dpkg -L libjtds-java|grep jar).

Tag: rails