Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-03-25

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:14 pcypher joined #openam
00:20 pcypher joined #openam
03:52 ilbot3 joined #openam
03:52 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 12.0.0 is out! OpenAM 11.0.3 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
07:11 KermitTheFragger joined #openam
07:43 aldaris joined #openam
08:55 balo_ joined #openam
09:14 aldaris joined #openam
10:22 pdpi joined #openam
10:52 KermitTheFragger sort of on/off topic insight question; Why on earth does MIT Keberos always do a reverse DNS lookup?
10:52 KermitTheFragger was it intentionally made this way so that it can botch setups with a CNAME or something?
10:52 KermitTheFragger or is there some sort of security trace of?
10:54 KermitTheFragger They even have documentation about it: http://web.mit.edu/kerberos/krb5-1.13/doc/admin/princ_dns.html and then also make a case for using CNAME's....and then they make it work differently by default :-)
10:56 aldaris joined #openam
11:19 aldaris joined #openam
11:34 KermitTheFragger when one uses SPNEGO (Windows Desktop SSO) with OpenAM in an auth cahin and you define SPNEGO as sufficient and an other thing as required below that. I would expect to OpenAM to 'fallthrough' if SPNEGO fails
11:35 KermitTheFragger however it will display a "authorization failed!" message
11:35 KermitTheFragger and then only the "loading..." text remains
11:35 KermitTheFragger is that expected behavior?
11:35 KermitTheFragger wait i think im being silly...
11:40 KermitTheFragger yes, its official, i was being silly
11:49 MegaMatt joined #openam
11:54 aldaris joined #openam
12:15 aldaris joined #openam
12:56 MegaMatt joined #openam
14:25 boolman joined #openam
14:26 boolman When I acticate openam on my apache2 server, my backend becomes unavailable. because of it is sending unwanted headers
14:27 boolman tips?
14:28 asyd your backend? apache2 is acting as reverse proxy?
14:29 boolman No, I'm using mod_fastcgi
14:30 boolman so sending to a socket, which is a perl script. and that send backend requests to localhost:50000
14:30 asyd what the exact error you have?
14:31 boolman when I have openam enabled, requests to the backend doesnt look the same. I can see headers that shouldnt be there
14:32 boolman eg: Filter: members >= id=USERNAME,ou=user,dc=domain,dc=tld
14:33 asyd well, you can use mod_header to remove them, but i think if  your application failed because it receives unexpected http headers,
14:33 asyd there is something wrong:)
14:33 boolman asyd: I tried with mod_header but it didnt seem to work. I could still see the headers
14:34 asyd hm which apache version?
14:34 boolman Apache/2.2.22
14:34 boolman I tried with Header unset Filter and HeaderRequest unset Filter
14:35 boolman globally in the vhost-file
14:35 asyd just curious, try to load openam module before mod_header
14:35 boolman hm, why?
14:36 asyd if mod_header is executed before openam module, it can removes header that doesn't exist :)
14:36 asyd can NOT
14:36 boolman i will try
14:37 asyd i don't remember if order works on 2.2
14:38 aldaris I don't think the agent sets headers like Filter by default
14:38 aldaris and even if it sets headers usually those headers have HTTP_ prefix
14:38 asyd well, first time I see it, but i never test latest agents
14:39 boolman asyd: it didnt work
14:39 boolman aldaris: I can only see them as Filter when I use tcpdump/tcpflow
14:40 asyd are you sure you're not tcpdump agent communication with openam?
14:41 aldaris not even that would use Filter header
14:41 aldaris so this is the traffic from Apache2 to the fastcgi thing?
14:42 asyd s 5
14:42 asyd oups, sorry
14:42 boolman I am listening on the traffic from the perl-script to the backend
14:44 boolman hm when I listen on the http traffic I dont see that header, maybe it is the openam agent?
14:48 aldaris the agent injects http headers within the request processing flow, normally those headers are not visible in any kind of trace (since they are internal to Apache)
14:48 aldaris if Apache acts as a reverse proxy, then those headers should become visible between Apache and the proxied endpoint
14:52 boolman aldaris: okey, in my case I'm doing a rewrite to     FastCGIExternalServer /tmp/file.fcgi -socket /tmp/fastcgi.socket
14:54 aldaris apologies but this doesn't mean much to me, I haven't used fastcgi/cgi too much
14:54 asyd boolman: have you try to simple cgi that display all http headers?
14:59 boolman asyd: do you mean a script to just print headers?
14:59 asyd yeah
15:12 boolman asyd: I dont see any wierd headers
15:13 boolman http://pastebin.com/rHAf11bi
16:06 aldaris joined #openam
16:25 aldaris joined #openam
16:32 pcypher joined #openam
17:04 pcypher joined #openam
17:31 aldaris joined #openam
17:50 pcypher joined #openam
17:53 aldaris joined #openam
18:01 pcypher joined #openam
19:22 pcypher joined #openam
19:48 pcypher joined #openam
20:08 pcypher_ joined #openam
20:14 pcypher joined #openam
20:17 pcypher joined #openam
20:21 pcypher joined #openam
21:10 aldaris joined #openam
21:38 aldaris joined #openam
22:18 pcypher joined #openam
22:42 aldaris joined #openam
22:46 pcypher_ joined #openam
22:47 pcypher_ joined #openam
23:04 pcypher joined #openam
23:41 pcypher_ joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary