Tuesday, July 17, 2012

MySQL based authentication for SVN

Our company has been using SVN as it's primary source control system. In order to provide secure access to it's repository, SVN was configured to use HTTP based authentication using Apache server's WebDAV module (dav_svn in this case). With this configuration, a password file is created using htpasswd command, which consists of login credentials of all the users. Though it seems pretty straight forward, it has a some limitations that can't be avoided. One of such limitations is that there is no way the end users can change their passwords easily. The only option they have is to call the IT guys if they forget their passwords or the passwords initially assigned to them are really hard to remember.

We were hence decided to find some tool(s) to make end users life easier. During our research, we found that SVN can be authenticated using MySQL database. Since we already have a bug tracking tool using MySQL, our findings provided an additional benefit to the solution that we were looking for - we can have a Single Sign-on setup for SVN and a bug tracking tool.

Once we started digging up how to implement MySQL based authentication for SVN, we landed on a page on Rob Peck's blog. He shared his experience using mod_authnz_external, an Apache module, which allows authentication to be done using any script or program running on existing system. Such external script can be considered as a glue code, according to Rob. Based on his tutorial, we started setting up the environment to test our scenario as a proof of concept.

The configuration

A virtual machine instance was established with the following components;
  • Ubuntu Server 64-bit (version 11.10)
  • Apache (version 2.2.20)
  • MySQL (version 5.1.58)
  • SVN (version 1.6.12)
  • PHP (version 5.3.6)
In order to match our current configuration, SVN server was then configured to use HTTP based authentication. After that, the following steps were performed;

1. Installing and configuring mod_authnz_external

Instead of getting binaries from third party websites, source was compiled after downloading the latest version of the module (mod_authnz_external-3.2.6, at the time of writing this blog). Installation was done by following the step by step instructions from the site - http://code.google.com/p/mod-auth-external/wiki/Installation

2. Sample MySQL database

A sample database similar to shown below was created.  Password was not encrypted in order to make everything as simple as possible.

Figure 1: Sample Database

3. The glue code (PHP script)

Among various modes of mod_authnz_external, pipe mode uses pwauth format, where it passes the username and password to stdin separating each with a newline. It then uses exit codes to return back to Apache server, which can be used to determine if the login was valid or not. With this information, it is easy to write a script which takes username and password as inputs and then query them against the MySQL database to check if user exists or not and return the exit code accordingly.

Figure 2: PHP script talking to the database

4. Updating dav_svn.conf

The final step is to modify Apache's configuration file to talk to mod_authnz_external. However, in order keep everything simple, dav_svn.conf file was modified in our case. The detail on how to modify configuration file can be found at  - http://code.google.com/p/mod-auth-external/wiki/ConfigApache22

The sample dav_svn.conf looks like as below;
Figure 3: Configuring Apache to talk to mod_authnz_external
Now it's time to restart Apache and SVN starts authenticating using MySQL database.

Saturday, April 07, 2012

Cleanup Mac OS X Lion Launchpad

I've been using Mac OS X Lion for a while and I learned a lot about this operating system. One of best features of Lion is a Launchpad. Basically, Launchpad show all the applications that are installed in the Applications folder. Whenever you make an Alias of any application, Launchpad shows duplicate icon of the same application. It continues to show the duplicate icon even if you delete or move the alias. However, surprisingly enough, there is no way that you can delete the icon from Launchpad.

In such case, the only way you can clean-up Launchpad by resetting it and restoring in it's original state as mentioned below. You will however loose all your previous setting like folders etc in Launchpad.
  • Fire up a Terminal window and go to your home folder if you are not already in it. (This can be done by the command $ cd ~)
  • Go to Library/Application Support/Dock folder.
  • Trash all the .db files.
  • Restart the dock using killall -KILL Dock (command is case sensitive)

Thursday, March 15, 2012

Installing Ruby on Rails in Linux Mint

I am adding new post to my blog almost after a year and half. It's not that I was not involved in any technical work or not learned any thing during this time, but for some strange reason I could not continue writing.

Anyway, here I am trying to learn Ruby on Rails (RoR) because it's been a long time since I've involved in real programming work. For the last few weeks I've been going through articles, tutorials, etc. on Ruby (and Rails) and learned a lot about its architecture. One thing I consistently doing while going through those materials is that when it came to installation and other configuration part, I used to skip the entire chapter. I wasn't realizing what I am missing until recently I tried to install Rails framework on my Linux Mint instance.

I got the ruby installed from Software Manager and rails using the command

$ sudo gem install rails

When rails is installed, I suddenly fired a command to create new website

$ rails new my_first_site -d mysql

Rails threw few strange error messages saying that it can't install mysql gem. Thinking that installing a MySQL server and client tool will help, I fired sudo apt-get install command to get them installed. I got disappointed when I still see those strange messages again. Realizing that it's time to get help from Google and I found the solution in no time. I actually needed MySQL library for Ruby. So, here it goes with the following command;

$ sudo apt-get install libmysql-ruby libmysqlclient-dev

Now it's time to install mysql gem.

$ sudo gem install mysql2

Rails created the new site properly and when I tried to run the server, it again threw strange error message. Don't know why but I always find messages in Linux very strange and cryptic. The message was about missing JavaScript engine ( though I find messages cryptic, I always read them correctly). Now, installing Node.js is simple;

$ sudo apt-get install nodejs

Phew!

Finally, I got the Ruby on Rails framework ready and I am all set for my practice session.

Update: Linux Mint doesn't have MySQL server and client pre-installed. The following command does the trick;

$ sudo apt-get install mysql-server

Wednesday, June 30, 2010

Multicasting

From the old issue of PCQuest magazine on video streaming;

Using unicast, video contents can be communicated to a single machine on a network—a peer-to-peer communication. For such communication, you need to specify the exact IP address of the target machine.
With broadcast, content is communicated to all the machines on the network. All machines receive the content even if they don’t intend to. Such content is delivered using broadcast address for a network. For example, the broadcast address for a 192.168.1.0 network is 192.168.1.255.
For video streaming, neither unicast nor broadcast may be suitable. You may not want to stream video to only one machine. You may like more than one machine to receive the video stream so that more users can watch the video. If you opt for broadcast, you may end up wasting network bandwidth by streaming heavy content like video to all machines and hence to users who might not be interested in watching the video.
This is where Multicast comes to the rescue. In multicast, the server streams the content to a particular IP in the range of 224.0.0.0 to 239.255.255.255. This IP does not fall in the range of the prescribed IP addresses for computer networks. Hence, content delivered to this IP is not received by any machine on the network. Only when a machine connects to this IP, will it be able to retrieve the content and more than one machine can connect to a multicast IP simultaneously.

Full article can be found here.

Thursday, May 27, 2010

Letting Flex know about the date format

When you need to pass the date other than in the US format in Flex application, you can use the following code;

import mx.controls.DateField;

var d:Date = DateField.stringToDate("30-12-2007","DD-MM-YYYY");

Original source of this entry.