Cloud

Kerberos, LDAP, SSH, and NAT/AWS

Kerberos, LDAP, SSH, and NAT/AWS

Kerberos, and therefore LDAP with GSSAPI, has issues with servers behind NAT, or anywhere the forward DNS lookup does not match the reverse DNS lookup. For instance, in our lab we have an OpenLDAP LDAP server: $ dig +noall +answer ldap.itlab.stanford.edu ldap.itlab.stanford.edu. 207 IN CNAME idp.itlab.stanford.edu. idp.itlab.stanford.edu. 200 IN A 54.189.121.117 However, since it's running Continue reading Kerberos, LDAP, SSH, and NAT/AWS

AWS Reserved Instances and Consolidated Billing

AWS Reserved Instances and Consolidated Billing

Amazon documents how reserved instances and consolidated billing work together, but it's apparently still confusing because Bob's account has instances and is also the paying account. Our setup is different - the only resource created inside the paying account is the S3 bucket where Amazon posts our billing data. Here's my edited version of the Continue reading AWS Reserved Instances and Consolidated Billing

Google I/O 2012

Shiny Toys Since it was Google I/O, every attendee received some shiny toys: a Nexus phone and Nexus 7 tablet, a Nexus Q streaming media player, and a Chromebox (the ChromeOS version of a Mac Mini). The Nexus Q doesn't really have any impact on IT, and it's an odd system: it costs over 3 Continue reading Google I/O 2012