busy bee

I’ve been naughty, and haven’t posted any update for almost two months now. I thought that I should give at least a little feedback on what I’m up to:

GB-PVR: WebAdmin, Software Recorder, and less so External Recorder, work continues. The web admin is now fully themed using css, and is rapidly growing into a full featured web frontend and not just a recording management web page or two. Two other side projects have spawned aiming to support Web Services, and Proper Web Streaming.

The Software Recorder pluigin is slowly sporting support for more and more capture cards. The other day someone commented on the mamoth forum thread we have managed to build (almost 900 posts). I find it quite satisfying that the top two threads (by number of posts and number of views) are for the WebAdmin and the Software Recorder – also other programmers are getting involved and are sending in patches and fixes :)

XMPP/Jabber: If you haven’t tried gtalk in gmail yet, where have you been living? At work I’ve been looking to put in a IM server – Jabber based of course. I use jabberd 2 for darkskies.za.net, but it’s not quite ready to be used at the enterprise level on a windows box.

Wildfire to the rescue. It has full LDAP integration, shared roster groups, a pretty web admin interface, a bunch of plugins, including an auto-updater for their Spark client. Only down side is that it’s java, but on the server that can be excused, on the client, not so much. Using a client like Pandion makes that client side experience far richer, but then you loose your auto-updating capabilites *sigh*. Pandion does feature Single-Sign-On support though.

So my attention for the past weeks has been turned to adding SSO into a variety of XMPP servers, starting with xmppd.py for the rapid prototype approach, and proving that it can be done. Then visiting Java’s SASL API, and trying to figure out how to hook it all up. I’ve ended up with a bridge between Java’s SASL API’s and Windows’ SSPI API’s. So anything that SSPI supports, SASL can now use too. A few minor tweaks to wildfire, and it too should be able to authenticate using GSSAPI (Kerberos), or NTLM (for Pandion).

Of course mustang is supposed to have native support for Kerberos and SPNEGO, but you can’t get into the RFE’s to see the details. (I checked build 71, and it didn’t seem to have any new toys – I see the beta is out, and I’m busy downloading that to see if it does)

Work: Terribly busy with a new semi-’proof of concept’ security framework to be used across applications for multiple clients, etc. The power outages haven’t helped – getting (back) to work at 4am to do a deployment for the previous project wasn’t exactly lots-of-fun. We’ve (royal) decided to go with VB LINQ for the new framework, and it seems to be everything it was promised to be. Gone are the days where you have to build stored procdures for each and every database access (by hand or using tools like Codesmith), LINQ does all of that for you – at run-time.

Home: Bathroom renovations are progressing, I can’t wait for it to be all over, and we can stop walking around in cement laden carpets :p

Now just before I disappear off to sleep, let me point out that 150 million Firefox downloads are approaching fast – that’s about 50 millions downloads in 5 months – wow.

12 comments on “busy bee

  1. I went through your PDF on setting up Wildfire and Pandion for SSO with NTLM. Would it work if the Wildfire server is running on Linux? Or is there simply no way for it to work?

  2. At the moment SSPI will only work on Windows. Wildfire 3.0 should support kerberos, which might work with linux too. I’ve updated the text instructions to make this more explicit.

  3. What about Wildfire 3.0.1 for Windows? Pandion 2.5 + Wildfire 3.0.1 = Single-Sign-On fault


  4. Unfortunately as you’ve found Wildfire 3.x doesn’t like my SSPI library. There will have to be a plugin written to enable non-standard authentication mechanisms (i.e. NTLM that Pandion supports). Spark is supposed to be supporting Kerberos (which Wildfire is supporting as a standard authentication mechanism)

  5. I’m using your wildfire-sasl-sspi.v4

    Debug log:
    2006.08.26 23:47:28 No AuthorizationProvider’s found. Loading DefaultAuthorizationPolicy
    2006.08.26 23:47:28 [email protected] not authorized to tempus

    [Nurm: I stripped the other logs that are not required]

  6. Sounds like you broke the configuration settings. Send me a copy of your config files via email, or get hold of me via jabber.

  7. One minor downfall is that Pandion does not do an auto reconnect to a downed or restarted Wildfire Server. It can be tweaked to do this but in a large Enterprise this may not be doable. The latest version of Spark client has the auto reconnect implemented and also is distributed in an MSI installed package which is great for Group Policy based installations.

  8. Agreed, there’s a lot that the Pandion guys should be working on. It half sounds (from the Pandion forums) like there might be a christmas release with some updates. Pandion is/was the only client that does NTLM auth, when I was testing Spark didn’t yet have that capability natively (in fact I’m not sure if it has even support for it yet).

    In a larger enterprise it is much easier to deploy customised versions of Pandion, because you’re more likely to have an Systems Management Server around that can push MSI updates directly to client machines. Pandion doesn’t have official MSI’s, but there are a few unofficial ones available.

  9. So your saying an Openfire Server on a Windows box with Pandion clients, is it possible to get auto reconnect to work with Pandion?

  10. Auto-reconnect should “just work”, if it doesn’t then follow up on the Pandion support forums.

  11. Pandion seems to have stopped working on the client, anybody in here that can recommend another good client?? Spark uses java ane therefor a lot of RAM

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>