Archive for October, 2009

JSch and kerberos authentication

Posted on October 17, 2009. Filed under: Uncategorized | Tags: , , , , , |

For an application I’m writing I’m using JSch (a java implementation of the ssh protocol). Now I tried to use this with authentication using a kerberos token (which has the advantage that I don’t have to supply a password every time I run the program for testing).

After spending some time googling and digging into the source code of JSch (a definitive advantage of open source libraries !), putting breakpoints in various places, especially those where it catches another type of exception and rethrows them as JSchException.

On this page I saw that one has to provide the location of login a configuration file by setting a property. This can be done on the command line by adding an option like:

-Djava.security.auth.login.config=/.../mylogin.conf

I got a little further. However, I got another exception:

javax.security.auth.login.LoginException: No LoginModules configured for

This looked to me like somebody is putting an empty string as configuration name somewhere (yes, the error message ends after the word ‘for’). I downloaded the sources of OpenJDK and digged further (even though I was not using OpenJDK as runtime library I was hoping that the differences were not too large). By looking at the source code, I had the impression that indeed at some point in call hierarchy (GSSUtil.login(..) ), an empty string literal is passed as name to the constructor of LoginContext (which I thought is used to look up the corresponding entry in the login configuration file). How am I supposed to put an empty string as login configuration name in the file ? (Simply leaving out the name did not work…)

By chance I found a related post in on Sun’s forums. It turns out that the following configuration entry in the login configuration file made JSch work with authentication by kerberos token:

com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true useTicketCache=true;
};
Read Full Post | Make a Comment ( None so far )

Kerberos token forwarding with ssh on ubuntu

Posted on October 17, 2009. Filed under: Uncategorized | Tags: , , , , , , , |

At work, linux machines running the standard linux installation support kerberos token forwarding via ssh. This is very convenient as it allows to obtain a kerberos ticket and then e.g. run scripts which run on my desktop and the login to the computer farm to perform some tasks. However, this does not work out of the box with Ubuntu (at least not with Hardy Heron). I’ve been looking for a solution since a long time (I even copied the ssh executable and dependent libraries from a node with the standard installation to my desktop but obviously this is not a very elegant solution).

Now I finally found out how to make this work ! (amongst others thanks to this page). In fact, I compared the output of ssh -vvv between logging in from my desktop and logging from in from a node where token forwarding works. I noticed that at some point (when logging in from Ubuntu), I see:

debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: An invalid name was supplied
No error

On the link mentioned above I saw that there is an option

GSSAPITrustDNS=yes

which one could give to ssh (either with -o on the command line for testing or in ~/.ssh/config once one wants to use the option permanently). Indeed, this solved the problem (it seems to work around a bug of ssh with round robin DNS hosts, i.e. several hosts sharing the same host name alias where load balancing is implemented by the domain name server). The above error message in the debug output disappears. In order also to have access to my afs directory on the destination host, I also needed to add the option

GSSAPIDelegateCredentials=yes
Read Full Post | Make a Comment ( None so far )

A practical application for Gray codes

Posted on October 16, 2009. Filed under: Uncategorized | Tags: , , , , , |

Suppose you have two devices both of which get their digital clock via a LEMO connector on the front panel. Device A sends signals to device B via a cable. Whether or not device B can read the signals sent by device A correctly depends on whether the signals have been stable for long enough at the time when the signals are read (typcially the rising edge of the digital clock). Varying the delays of the clock signal into either device should show a range of delays where the signals can be read correctly and a range where the communication does not work.

For obvious reasons one does not need to go beyond the duration of one clock cycle. In my case, the clock frequency was about 40 MHz (corresponding to a clock cycle length of 25ns). I decided that steps of 2ns would be sufficient for the test I had to do. I used set of cables ‘lengths’ corresponding to delays of powers of two: 2ns, 4ns, 8ns and 16ns.

Now cycle is as follows: insert the delay x into the clock cable for device A, run a test, replace the delay on the clock cable to device A by another combination of the test cables, rerun the test etc. How do you optimize the number of times one has to connect/disconnect cables ? Certainly, stepping from 2ns to 30ns (or to 26 ns) by increasing the delay by 2ns at each step is not optimal…

Gray codes provide a solution to this answer. For example, a 4 bit Gray code traverses all binary numbers from 0000 to 1111 but in a way where for each step only one bit changes. Applying this to the delay scanning problem, this means that cable delays are tested in the following order:

Gray code Corresponding set
of cables
total delay action for next step
0000 none 0ns add 2ns cable
0001 2ns 2ns add 4ns cable
0011 4ns + 2ns 6ns remove 2ns cable
0010 4ns 4ns add 8ns cable
0110 8ns + 4ns 12ns add 2ns cable
0111 8ns + 4ns + 2ns 14ns remove 4ns cable
0101 8ns + 2ns 10ns remove 2ns cable
0100 8ns 8ns add 16ns cable
1100 16ns + 8ns 24ns add 2ns cable
1101 16ns + 8ns + 2ns 26ns add 4ns cable
1111 16ns + 8ns + 4ns + 2ns 30ns remove 2ns cable
1110 16ns + 8ns + 4ns 28ns remove 8ns cable
1010 16ns + 4ns 20ns add 2ns cable
1011 16ns + 4ns + 2ns 22ns remove 4ns cable
1001 16ns + 2ns 18ns remove 2ns cable
1000 16ns 16ns remove 16ns cable
Read Full Post | Make a Comment ( None so far )

Visualizing trees in java with JUNG

Posted on October 11, 2009. Filed under: Uncategorized | Tags: , , , , |

I was looking for a way to visualize a tree (of probabilities) in java. I came across JUNG (on sourceforge). There is a nice example (java applet) which displays a tree and lets the user collapse the subtrees on any node, exactly what I was looking for ! (I found out later that one can even drag the nodes of the tree around with the mouse)

I downloaded the binary release (jung2-2_0.zip), this seems to contain a bunch of jar files however it looks there is no source code of the above mentioned example. From the source of the example page, I could figure out the class name. After having found out which module I had to checkout from CVS (jung2), I could find the source code for the tree collapsing example, see this link (at least that’s what I think it is) in the CVS browser. I added the necessary (binary) jar files and I got the tree collapsing demo to run.

Another interesting example demonstrating different layout algorithms is showlayouts and the corresponding source code in CVS seems to be here.

There is also a nice step-by-step tutorial (with code snippets) by Greg Bernstein (linked from JUNG’s documentation page) which shows how to create graphs in section 2 and has a visualization demo in section 4. Thanks to the bookmarks in the PDF (which are not opened by default), navigation in the whole tutorial is very easy. Within minutes, one can put together a simple example of a graph with three vertices and two edges and display it on the screen.

Read Full Post | Make a Comment ( None so far )

Pythia 8

Posted on October 10, 2009. Filed under: Uncategorized | Tags: , |

I (finally !) tried out Pythia 8. I went directly to follow the instructions in the worksheet which has been at use at summer schools. Indeed, after an introduction on page 1 I found installation instructions on page 2 and an application example on page 3. The building literally took only a handful of minutes.

I pasted the ‘hello world’ example from the worksheet into a text editor (in a separate directory) and put together a three line makefile to get this to build and run. I got:

 PYTHIA Error: settings file ../xmldoc/Index.xml not found
 PYTHIA Abort from Pythia::Pythia: settings unavailable   
 PYTHIA Abort from Pythia::init: initialization failed

Ok, I admit I did deviate from the standard instructions, so it’s time to search for ‘xml’ in the README file. It turns out that there are two ways of specifying the location of the wanted xml files, one of them is by setting the environment variable PYTHIA8DATA to point to the xmldoc directory of the Pythia installation. Now I get the familiar event listing — Pythia 8 is up and running in less than 15 minutes !

The following pages in the worksheet gives code snippets on how to do standard things such as accessing the id’s of the generate particles etc.

In the past, I used to work with a C++ wrapper around Pythia 6 (which is Fortran) and I think I even rewrote such a wrapper once myself. No need to do so any more: Pythia 8 comes with its own classes for particles and four-vectors (Vec4) which e.g. has an overloaded operator+ allowing to calculate invariant masses of multiple particles very easily.

I found 36 examples in the examples subdirectory of the Pythia installation, ranging from 33 to 349 lines. I always liked working examples as they provide a good starting point for your own programs and well written example code is often faster to read than instructions. Already in the first example (main01.cc) I found how to get all final (non-decayed ?) charged particles  and how to fill histograms with Pythia’s own histogramming code.

PYTHIA Error: settings file ../xmldoc/Index.xml not found
PYTHIA Abort from Pythia::Pythia: settings unavailable
PYTHIA Abort from Pythia::init: initialization failed

Read Full Post | Make a Comment ( 1 so far )

how to find out when the latest rpms were installed

Posted on October 9, 2009. Filed under: Uncategorized | Tags: , |

Some time ago I ran into a problem where suddenly nothing seemed to work any more on a given Linux machine. At least not those services which needed to run there. One suspicion was whether software was updated. One way to find this out is by querying the rpm install dates:

   rpm -qa --queryformat '%{INSTALLTIME} %{NAME}\n' | sort -nr | head

This shows the latest rpms installed on top. As I recognized the top ones that I installed myself a few days before, I knew that there were no rpms upgraded or installed which could be the origin of the problem I was seeing. The above command prints the install dates in unix time, quite unreadable to humans. To convert the times to human readable format, I used:

 rpm -qa --queryformat '%{INSTALLTIME} %{NAME}\n' | sort -nr | head | perl -ne '@words = split; print localtime($words[0]) . " : $words[1]\n"'

(Note that to use the correct ‘punctuation signs’ here is very important..)

Read Full Post | Make a Comment ( None so far )

DKT-400 and ubuntu

Posted on October 2, 2009. Filed under: Uncategorized | Tags: , , , , , , , , , , , |

Since quite some time I already, I suffered from the problem that my wireless network at home got periodically stuck for several seconds. These problems usually started to appear after 20-30 minutes of using it. I don’t know whether this had to do with some handshake which happens from time to time (I’m using WPA2) or because the wireless USB adapter became more and more warm with time.

In addition, I could not use the network in all rooms at home…

A few weeks  ago I finally got a DKT-400 kit from DLink which they had at a local store (I decided not to wait any longer…). This consists of a DIR-635 base station (unfortunately they didn’t have any kit where the base station had an ADSL modem integrated) and a DWA-140 USB wireless adapter.

I don’t have much use for any bandwidth beyond the one of my ADSL line (which is 3 MBit/s), so buying 802.11n at first sight does not make much sense. However, I was hoping to benefit from features such as beam forming.

I plugged in the DWA-140 into a USB port of my laptop (ubuntu). The network device seems to appear as ‘ra0’, the kernel module which is loaded is rt2870sta, no need to run ndiswrapper.

I haven’t found out yet whether beam forming etc. is actually in use or not and it also seems that I can’t get beyond 54MBit/s (even when laptop is one meter away from the router). But everything seems to work fine so far, the wireless network connection works in places it did not before and I don’t experience the periodic network interruptions any more !

Now it would be interesting to check with which combination of old and new usb adapter and router the problem is present but on the other hand, why bother if the new combination works…

Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...