Kerberos

Lately, I've been playing with Kerberos, which is an interesting protocol designed to solve a number of problems with mutual authentication. In larger networks, it's very convenient to have a central authentication database so users can use their same credentials across many machines. This would ordinarily be a simple problem to resolve; however, workstations and other services can't be trusted. Since one rogue workstation can compromise everyone's credentials, you need a system to verify both the authentication server and the client, which is where Kerberos comes in. Kerberos uses a "ticket-granting-ticket" system in which users authenticate with a password to a centralized server, which gives them a token that can be used to prove their identity to any "Kerberized" service. This is extremely convenient for single-signon applications in which it's a pain to have to enter a password for each service; additionally, users can manage a single password for all applications ins a Kerberos realm without any security risks.

One thing I've found useful is Kerberized SSH access, which lots of large institutions (e..g. university departments) happen to offer. Ordinarily, you have to install a SSH key on all machines you'd like to use or remember a password for all of those; under best-practices use, users have encrypted keys that require a password at each use. Kerberos can maintain a more secure environment while generally being more convenient, since tokens last for 24 hours and can't easily be stolen like SSH keys. Also, if a key needs to be revoked, Kerberos can destroy all tokens at once, which is beneficial if you forget which servers your key is on.

If you happen to have Kerberos credentials, it's generally fairly simple to setup with SSH. I only needed to include this line in my $HOME/.ssh/config:
Host *
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
Getting a Kerberos token tends to only require running kinit user@REALM like such :
matt@badwolf> kinit user@ECE.VT.EDU
Password for user@ECE.VT.EDU:
matt@badwolf> klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@ECE.VT.EDU
  
Valid starting     Expires            Service principal
12/20/12 17:30:36  12/21/12 17:30:32 krbtgt/ECE.VT.EDU@ECE.VT.EDU
and then you can ssh without a password. You need to run kinit -R before your tokens expire if you don't want to have to enter a password to authenticate again. I've been meaning to daemonize this for convenience, but haven't had a need to lately. As a shameless plug, VTLUUG now offers free Kerberized shell accounts for those that come to meetings.

Unix Early Impressions

Well, an update has been up an coming for a long time. Despite the current time in terms of the semester, I want to begin my impressions and thoughts about Unix, Python, and everything we’ve learned from the beginning. Nothing really changes from what I would have written earlier in the semester, only there is an added benefit of looking at it from a more complete picture.

I began with a marginal knowledge in linux, strictly from a user standpoint. I had ubuntu dual-booted on an old laptop, but I served as nothing more than an experimental platform for when I wanted the system to boot up and shut down as quickly as possible. The lack of bloat was the best selling point at the time, but otherwise I wasn’t really making use of its benefits over windows at all. It was simply an OS.

As far as python, UNIX, and programming went, it was all really new to me. I had never really poked around the shell or any of the commands, as I had no reason to. If anything, it was pretty cool to see all the different things you could do exclusively through the shell, as well as the reasoning behind the invention of the mouse. As a sort of side tangent, mice are a relatively recent invention/adoption, so I had always wondered how files and systems were navigated before then. While it takes a little while to get used to, but for certain applications it is by far a more efficient method of file management, especially if already know where something is within your file tree. In any case, this class was a look at a side of computer usage that I see much more rarely.

Posted in Uncategorized

VI

Before I transferred to Virginia Tech, the ECE department forced us to do all programming on a Unix machine on campus that we ssh’ed to. We weren’t allowed to use any IDEs only text editors. I immediately started using emacs, and I got quite used to it. I never thought of using VI until the assignment I was given in this course. After my experiences with vi though I think I’ll stick to emacs and gedit. I make typing mistake way too often and fixing them seems to be too much of a hassle to fix. I know there are some die hard Unix fans and veterans who have no problem and adore it, but I guess it just isn’t for me.

Posted in Uncategorized

Happy holidays everybody

So my last two finals are tomorrow and this semester is just about all wrapped up. The final Unix project ended up being a lot messier and uncoordinated than I had expected, but, somehow two different games were spawned out of one group. It seemed like everyone was too afraid to step on each others’ toes to get anything done before the last few weeks, and by that time, it was just “hurry up and get it done” instead of “lets sit down and coordinate a plan of attack”.

Its been a very busy semester that kind of left me dreading the upcoming semester, because I can see my GPA slipping steadily downward as the material gets more complicated and the expectations are raised. Fortunately I have a few weeks to recharge and see my family over the holidays. Hopefully I come back to VT feeling refreshed and motivated for whatever comes my way next semester. Happy holidays to anyone that ends up reading this.

Posted in Uncategorized

Review of A Project

I decided to review the high low card game project because I am very into card games like poker and blackjack and thought it would be interesting. I ran the code in C++ and it worked just fine. I thought it was interesting that you won or lost double what you bet in the first place because that is not what most games do, but that was a design choice. I thought an interesting twist to the normal game was to have seven as being its own option where you could win ten times the amount of money that you bet on it. Overall it was a well formatted project because every function was entitled properly explaining what it did. Additionally, there were comments throughout the code that added insight into what each section was supposed to do if there was any confusion. The only problem I saw was that there were a couple of simple spelling errors, but other than that it was sound.

Posted in Uncategorized

Goodbye Unix?

Well the semester is coming to a close and our Unix class is about to end. So that leaves me with the question, how much am I going to be using Unix now? I’m so familiar with windows I can’t imagine myself switching over. I have my hard drive partitioned so I don’t plan on removing it, but I do wonder if I will use it much now. I was also using Unix in ECE 3574 when we were developing with Qt. Maybe I’ll use it in future classes? I’m sure it’ll come up somewhere.

Anyways I really enjoyed this class and I can definitely see the benefits of using and being familiar with Unix. Hopefully I will continue to use it and stay familiar with it even if it’s not a necessity. Well this is blog post number ten so goodbye everybody!

-K.I.S.S.

Posted in Uncategorized

The year

I had no idea what to expect from this course when the semester first began. I understood that the whole course took place on line so I figured it would be a set of memorize and regurgitate assignments but I have been pleasantly surprised. The class assignments have been both interesting and challenging in a design oriented way. The one discrepancy I do have is the lack of structure regarding assignments. I understand that as engineers we are expected to be able to scour the web and educate ourselves for assignments but I believe there was too much of this happening in this class. If more resources had been provided to us regarding each assignment then we could have developed a more deep and certain understanding of different topics without the wasted hours wondering which of the multitude of ways available on the web, to solve our problem, the instructor would prefer we use. Besides this issue which only occurred a portion of the assignments this semester has been a great learning experience and has opened my eyes to a new philosophy with many good reasoning.

Posted in Uncategorized

Assignment relevance

In the following fall I plan to begin work as an IT consultant for Deloitte. Up until recently I had no intentions of entering this field but have recently become enthralled by the opportunity. I have began to read articles and forums regarding the different kinds of programming languages, hardware, and operating systems commonly used in enterprise systems that help companies operate efficiently. This has all brought me to the conclusion that I wish we had been more formally introduced to these topics through out our undergraduate studies. I am the type of person who needs to know a topics worth before becoming fully invested in learning that topic. In the case of our Unix class I wish that we had spent more time discussing Unix and Linux’s roles in the business IT world are today. I would have liked to see assignments more realistically correlated to real life examples. I tried to do my assignment in such a way and I believe that students will find it interesting. When there is a solid understanding of how the current assignment could make you more competitive in a work environment then I believe the passion with which that assignment will be completed is greater.

Posted in Uncategorized

xi. The End

So the semester is wrapping up and I am finished with all my assignments for the Unix class. I started off being extremely unfamiliar with Unix and Ubuntu. Now that the semester is through, I can say that I am pretty confident with a lot of the basics with Unix. I have learned so much whether it was from practice problems, homework questions, or written assignments. I am looking forward to practicing more Unix on my own from this point on.

Final Post

And now, this will be my 10th and final post. For someone who has never wrote a blog or even a journals, writing this was very interesting.

So, I have finished looking at some of the project. The one I have decided to try was the The Walk Dead Text Based Game. I tried to do some of the other ones such as HighLow and Galaga but for some reason, the makefile did not work for me. The game I did try however, was very interesting. It did not have any GUI to it, so there was a lot of reading if you wanted to play the game. When I have more time, I will try some of the other projects as well. I was a little disappointed that the other two that I tried did not work, but I’m hoping that the other projects will work with no problem.