Thursday, November 29, 2012
Tuesday, November 27, 2012
SUSE11 Kerberos
To access to KDC in local mode
kadmin.local
Create the SPN user
addprinc -randkey HTTP/bpmpsvip.soro.com@SORO.COM
Create the keytab
ktadd -k /tmp/bpmpsvip.kt HTTP/bpmpsvip.soro.com@SORO.COM
configure the kerberos conf file /etc/krb5.conf
[libdefaults]
default_realm = SORO.COM
clockskew = 300
# default_realm = EXAMPLE.COM
[realms]
SORO.COM = {
kdc = waskerb.soro.com
default_domain = soro.com
admin_server = waskerb
}
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.soro.com = SORO.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
clockskew = 300
external = sshd
use_shmem = sshd
}
to start kerberos server
service krb5kdc start
to start kerberos admin
service kadmind start
to check log files
tail -f /var/log/krb5/krb5kdc.log
use kadmin.local to connect to the local database. Does not require anything to be started.
use listprincs to list principles
kadmin.local: listprincs
HTTP/bpmpsvip.soro.com@SORO.COM
K/M@SORO.COM
bpmspn@SORO.COM
kadmin/admin@SORO.COM
kadmin/changepw@SORO.COM
kadmin/history@SORO.COM
kadmin/waskerb.soro.com@SORO.COM
krbtgt/SORO.COM@SORO.COM
use kadmin to connect to the kerberos server.
You may find that the server rejects the request if you do not come in over the correct interface.
Check the interface by doing a netstat -na | grep 750
udp 0 0 192.168.71.128:750 0.0.0.0:*
Shows that the admin interface is listening on 192.* but when we ping the hostname waskerb we see its configured for 127.*
vi /etc/hosts
192.168.71.128 waskerb.soro.com waskerb
check the configuration by accessing the admin database
kadmin -p kadmin/admin@SORO.COM
Type in
listprincs
If you get an error about list principle privileges you are not authorised......
To give permissions to your users to do things in the database (be careful) setup the following ACL:
vi /var/lib/kerberos/krb5kdc/kadm5.acl
This privilege gives the ability to list users
kadmin/whalem@SORO.COM ADMCIl
restart the kadmin
service kadmind restart
more details can be found
Now have a go at kinit to get yourself a token!
kinit -p kadmin/whalem@SORO.COM
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: kadmin/whalem@SORO.COM
Valid starting Expires Service principal
11/27/12 19:02:15 11/28/12 05:02:15 krbtgt/SORO.COM@SORO.COM
renew until 11/28/12 19:02:15
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
kadmin.local
Create the SPN user
addprinc -randkey HTTP/bpmpsvip.soro.com@SORO.COM
Create the keytab
ktadd -k /tmp/bpmpsvip.kt HTTP/bpmpsvip.soro.com@SORO.COM
configure the kerberos conf file /etc/krb5.conf
[libdefaults]
default_realm = SORO.COM
clockskew = 300
# default_realm = EXAMPLE.COM
[realms]
SORO.COM = {
kdc = waskerb.soro.com
default_domain = soro.com
admin_server = waskerb
}
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.soro.com = SORO.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
clockskew = 300
external = sshd
use_shmem = sshd
}
to start kerberos server
service krb5kdc start
to start kerberos admin
service kadmind start
to check log files
tail -f /var/log/krb5/krb5kdc.log
use kadmin.local to connect to the local database. Does not require anything to be started.
use listprincs to list principles
kadmin.local: listprincs
HTTP/bpmpsvip.soro.com@SORO.COM
K/M@SORO.COM
bpmspn@SORO.COM
kadmin/admin@SORO.COM
kadmin/changepw@SORO.COM
kadmin/history@SORO.COM
kadmin/waskerb.soro.com@SORO.COM
krbtgt/SORO.COM@SORO.COM
use kadmin to connect to the kerberos server.
You may find that the server rejects the request if you do not come in over the correct interface.
Check the interface by doing a netstat -na | grep 750
udp 0 0 192.168.71.128:750 0.0.0.0:*
Shows that the admin interface is listening on 192.* but when we ping the hostname waskerb we see its configured for 127.*
vi /etc/hosts
192.168.71.128 waskerb.soro.com waskerb
check the configuration by accessing the admin database
kadmin -p kadmin/admin@SORO.COM
Type in
listprincs
If you get an error about list principle privileges you are not authorised......
To give permissions to your users to do things in the database (be careful) setup the following ACL:
vi /var/lib/kerberos/krb5kdc/kadm5.acl
This privilege gives the ability to list users
kadmin/whalem@SORO.COM ADMCIl
restart the kadmin
service kadmind restart
more details can be found
Now have a go at kinit to get yourself a token!
kinit -p kadmin/whalem@SORO.COM
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: kadmin/whalem@SORO.COM
Valid starting Expires Service principal
11/27/12 19:02:15 11/28/12 05:02:15 krbtgt/SORO.COM@SORO.COM
renew until 11/28/12 19:02:15
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Now get a service ticket for a particular service!
kinit -S HTTP/bpmpsvip.soro.com@SORO.COM -p kadmin/whalem@SORO.COM
waskerb:/ # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: kadmin/whalem@SORO.COM
Valid starting Expires Service principal
11/27/12 19:09:49 11/28/12 05:09:49 HTTP/bpmpsvip.soro.com@SORO.COM
renew until 11/28/12 19:09:49
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Wednesday, November 21, 2012
Tuesday, November 20, 2012
Was ip binding
WebSphere Application Server Version 6.1
This article explains how Websphere binds to ip addresses. Note that using different IP addresses for different application servers may mean they cannot be on the same node
Tuesday, November 13, 2012
WebSphere Problem Determination Application
The webSphere problem determination application is useful to hone your problem determination skills.
article
article
BPM Performance Scratch Pad
Starting here will be a scratch pad for BPM Performance tuning articles and tools.
Alphaworks is always a good place to start for new technologies
article
SIB Performance Monitoring
article
WebSphere Application Server Performance Tuning Toolkit
article
aritcle
Heap and Thread Anlayzer
article
Java Health Centre
article
Database Performance Tuning
article
BPM Performance Tuning Guide
article
Alphaworks is always a good place to start for new technologies
article
SIB Performance Monitoring
article
WebSphere Application Server Performance Tuning Toolkit
article
aritcle
Heap and Thread Anlayzer
article
Java Health Centre
article
Database Performance Tuning
article
BPM Performance Tuning Guide
article
J2SE SIB JMS Client
WAS 7+
A nice article on what to do to connect J2SE apps to the SIB
article
WAS 6
A nice presentation on how to access the WebSphere SIB from a J2SE client
article
Another presentation when the client is a JEE Application Client
article
Troubleshooting WAS8
If you get the problem
Caused by: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine
at java.net.PlainSocketImpl.socketConnect(Native Method)
There is a bug in WAS explained here
You will also need to ensure that the SIB Bus endpoint is configured for remote connections.
And you will also need to create the QCF connection with the username and password of a valid user that is authorised to connect!
These jars can be found in the %WAS_HOME%/plugins directory
com.ibm.ffdc.jar
com.ibm. ws.security.crypto.jar
%WAS_HOME%/runtime
com.ibm.ws.sib.clean.thin.jms.jar
com.ibm.ws.ejb.thinclient.jar
public class ConnectionTest {
public static void main(String[] args) {
Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
props.put(Context.PROVIDER_URL, "corbaloc:iiop:192.168.1.11:2809");
try {
InitialContext ic = new InitialContext(props);
QueueConnectionFactory qcf= (QueueConnectionFactory) ic.lookup("javax.jms.QueueConnectionFactory");
try {
qcf.createConnection("jmsuser","password");
} catch (JMSException e) {
e.printStackTrace();
}
} catch (NamingException e) {
e.printStackTrace();
}
}
}
A nice article on what to do to connect J2SE apps to the SIB
article
WAS 6
A nice presentation on how to access the WebSphere SIB from a J2SE client
article
Another presentation when the client is a JEE Application Client
article
Troubleshooting WAS8
If you get the problem
Caused by: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine
at java.net.PlainSocketImpl.socketConnect(Native Method)
There is a bug in WAS explained here
You will also need to ensure that the SIB Bus endpoint is configured for remote connections.
Buses > PROCSVR.IBMBPMNode01Cell.Bus > Security for bus PROCSVR.IBMBPMNode01Cell.Bus > Permitted transports
And you will also need to create the QCF connection with the username and password of a valid user that is authorised to connect!
These jars can be found in the %WAS_HOME%/plugins directory
com.ibm.ffdc.jar
com.ibm. ws.security.crypto.jar
%WAS_HOME%/runtime
com.ibm.ws.sib.clean.thin.jms.jar
com.ibm.ws.ejb.thinclient.jar
public class ConnectionTest {
public static void main(String[] args) {
Hashtable
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
props.put(Context.PROVIDER_URL, "corbaloc:iiop:192.168.1.11:2809");
try {
InitialContext ic = new InitialContext(props);
QueueConnectionFactory qcf= (QueueConnectionFactory) ic.lookup("javax.jms.QueueConnectionFactory");
try {
qcf.createConnection("jmsuser","password");
} catch (JMSException e) {
e.printStackTrace();
}
} catch (NamingException e) {
e.printStackTrace();
}
}
}
Monday, November 12, 2012
WebSphere JNDI lookup - thin client
In order for your java application to do JNDI lookups to WebSphere you must include the jar file:
%WAS_HOME%\runtimes\com.ibm.ws.ejb.thinclient_8.0.0.jar
%WAS_HOME%\runtimes\com.ibm.ws.ejb.thinclient_8.0.0.jar
Sunday, November 11, 2012
Clonezilla configuration on Linux
The clonezilla website does not adequately explain how to setup clonezilla. These instructions explain how to install clonezilla on a USB stick
1. Format your USB stick with a fat partition.
2. Mount the USB Stick
3. download clonezilla iso
4. Mount the clonezilla iso
mount -o loop cz.iso /media/cz
5. Make the USB partition bootable - BE CAREFUL MAKE SURE YOU GET THE RIGHT PARTITION
cd /media/cz/utils/linux/
./makeboot.sh /dev/sdb1
say yes to ALL of the questions asked!
6. copy the contents of the iso on the loop disk to the USB stick (my USB stick mounts under /media/clonez
make sure your usb stick is mounted!
cp -R /media/cz/* /media/clonez
You now have a clonezilla bootable USB stick!
1. Format your USB stick with a fat partition.
2. Mount the USB Stick
3. download clonezilla iso
4. Mount the clonezilla iso
mount -o loop cz.iso /media/cz
5. Make the USB partition bootable - BE CAREFUL MAKE SURE YOU GET THE RIGHT PARTITION
cd /media/cz/utils/linux/
./makeboot.sh /dev/sdb1
say yes to ALL of the questions asked!
6. copy the contents of the iso on the loop disk to the USB stick (my USB stick mounts under /media/clonez
make sure your usb stick is mounted!
cp -R /media/cz/* /media/clonez
You now have a clonezilla bootable USB stick!
Thursday, November 8, 2012
Tuesday, November 6, 2012
Monday, November 5, 2012
iPad Killer? Coming soon: review of the Ployer MOMO 7 IPS
iPad killer? Coming soon a review of the momo ployer 7 Android Tablet.......watch this space!
The momo ployer 7 in not an iPad killer, but at only £100 its a very nice device; let down by just a few niggles.
The device is small and fast! Fitting easily into the palm of the hand.
Applications are responsive and the 1GB of RAM means that there is sufficient space for multitasking.
The screen is bright and the content is clear! Movies display well on the device, with no jumping or freezes. Though it does not have Gorilla Glass, relying on a screen protector to keep the screen scratch free.
Android 4 is really nice and really does match the ipad capabilities. Whether you choose Android over iPad is little more than personal choice.
The biggest issue with the momo 7 is the input from the microphone, which is not great. A bit of feedback, possibly because the input feed is set too high? Which impacts voice quality in Skype and other applications.
This aside, the device, is nice to use and more than capable for the daily commute, when you just want to read a book, watch a film or listen to some music.
The momo ployer 7 in not an iPad killer, but at only £100 its a very nice device; let down by just a few niggles.
The device is small and fast! Fitting easily into the palm of the hand.
Applications are responsive and the 1GB of RAM means that there is sufficient space for multitasking.
The screen is bright and the content is clear! Movies display well on the device, with no jumping or freezes. Though it does not have Gorilla Glass, relying on a screen protector to keep the screen scratch free.
Android 4 is really nice and really does match the ipad capabilities. Whether you choose Android over iPad is little more than personal choice.
The biggest issue with the momo 7 is the input from the microphone, which is not great. A bit of feedback, possibly because the input feed is set too high? Which impacts voice quality in Skype and other applications.
This aside, the device, is nice to use and more than capable for the daily commute, when you just want to read a book, watch a film or listen to some music.
Thursday, November 1, 2012
Subscribe to:
Posts (Atom)
