Cats and Code » windows http://blog.gorwits.me.uk by Oliver Gorwits Sat, 29 Mar 2014 23:28:44 +0000 en-US hourly 1 http://wordpress.org/?v=3.6.1 Living with Windows 7 http://blog.gorwits.me.uk/2012/08/07/living-with-windows-7/?utm_source=rss&utm_medium=rss&utm_campaign=living-with-windows-7 http://blog.gorwits.me.uk/2012/08/07/living-with-windows-7/#comments Tue, 07 Aug 2012 16:25:11 +0000 Oliver Gorwits http://blog.gorwits.me.uk/?p=770 Continue reading ]]> Recently at work I migrated from a Linux desktop to a Windows 7 desktop. This is an account of how I then configured the Win7 system.

First I should mention that working somewhere where they actually have an official, managed Linux desktop is awesome. However for the way I do things, it’s just not too pleasant an experience. On Linux I got tired of never being able to print something in the appropriate orientation. I also used to spend at least 50% of my time in the Windows VM anyway, working in MS Word/Excel/Visio.

The rest of my time is spent in Chrome and SSH in a terminal. So the first things to install on Win7 are Chrome and PuTTY. I created a directory called Applications in my home folder and saved apps such as PuTTY, which do not come with automated installers, there.

I pinned a shortcut to my home folder to the taskbar. This is trickier than it sounds, as you have to do a two-level right click to get to the pinned folder properties window, then edit the Target: field (and possibly the icon if desired). I still don’t fully understand the Win7 “Library” system.

To make PuTTY sessions more manageable, I installed two three additional apps. First is PuttyTabs, which despite its age works just fine, and allows easy firing-up of a shell to one of our servers, and management of the windows once open. Rarely I might also use PuTTYTabManager for staged system maintenance when I need to work on several similar systems at once (KDE’s terminal app is a superb tabbed experience which I do miss).

Update: The PuTTY Session Manager is another useful app to manage the session list; it can copy attributes/settings between session configs, and backup/restore session configs in bulk.

Once a few windows are up and running I long for focus-follows-mouse. It’s not available on my iMac at home, but Win7 does have a registry key one can poke. Well done MS! Good luck with the process, which I think could benefit from improved official documentation (pay attention to the comments on that page, as well).

The next little gem to install is AutoHotKey, as I have an Apple keyboard and like to remap some keys (for example the # sign which I use a lot). Here’s my current config:

#singleinstance force
§::Send {RAlt Down}3{RAlt Up}
LWin::LCtrl
::Remy::Rémy

This maps #-sign onto the unused section-sign (§) key. It also remaps the left Windows key, which on the Apple UK keyboard is of course the Command key, to be a left Control key. This means at home and at work my left thumb can take care of cut/copy/paste. Finally the last line means I always use the correct spelling for my manager’s name :-)

By the way, I did also install the Apple software drivers for Win7 from their Boot Camp installer on the OS X install disk. This sets the correct keymap for my Apple UK keyboard, as well as enabling the special function keys such as volume control.

The next app, in no way less awesome, is Dexpot, which provides true, full-featured virtual desktop support for Windows. I have four desktops, and use the application pinning feature so that everything in my startup folder is put in the right place when I boot (which isn’t that often, to be honest). Plugins enabled include Dexcube (3D switching effects), MouseEvents (hot corners), and SevenDex (shortcut buttons in taskbar).

In case you’re not familiar with Dexpot, there are loads of features included (for instance context menu items on window taskbars, to allow moving them between desktops or show-on-all). One thing I’d like built-in is using the scroll-wheel on the desktop background to change virtual desktop; apparently it’s possible with an AutoHotKey script.

That’s it for the main tweaks. Here’s a list of some of the other applications I’ve installed:

Overall, after a couple of months now with the Win7 desktop, it’s a vast improvement on Linux. I know some of you may argue all of the above is possible with Linux. I don’t disagree, except to add that it isn’t easy. A well-configured desktop is a means to an end, not an end in itself. The Win7 experience is beautiful and slick, and makes me happier in my work – what more can I say?

(I’ll tell you what else I can say…. I’d still prefer an iMac!)

]]>
http://blog.gorwits.me.uk/2012/08/07/living-with-windows-7/feed/ 0
Deploying mod_spnego http://blog.gorwits.me.uk/2012/04/22/deploying_mod_spnego/?utm_source=rss&utm_medium=rss&utm_campaign=deploying_mod_spnego http://blog.gorwits.me.uk/2012/04/22/deploying_mod_spnego/#comments Sun, 22 Apr 2012 14:34:58 +0000 Oliver Gorwits http://blog.gorwits.me.uk/?p=748 Continue reading ]]> SPNEGO is a negotiated authentication mechanism for HTTP which can be used to take advantage of Kerberos credentials for web site login (an alternative to simple username/password, or client digital certificates).

The reference implementation for Apache, mod_spnego, can be downloaded from SourceForge and contains straightforward build instructions. It’s also possible to use Stanford WebAuth in SPNEGO mode.

To build the module you need development libraries for the following (I’ve added the SLES package names, for reference):

  • openssl (libopenssl-devel)
  • krb5 (krb5-devel, krb5-devel-32bit)
  • apache (apache2-devel)

Follow the instructions in the module source. On SLES, be sure to run the apxs command as root, because it goes and installs the module directly after compilation.

Enabling the module is again quite straightforward:

    Krb5AuthEachReq Off
    <Directory "/foo/bar/quux">
        AllowOverride AuthConfig
        Krb5KeyTabFile /etc/apache2/HTTP.keytab
        Krb5ServiceName HTTP
        AuthType SPNEGO
        Require valid-user
    </Directory>

You’ll need to install a keytab for the HTTP service principal. The method differs depending on the type of KDC you have, but for Windows AD this would be:

net ads -U 'username@realm%password' keytab add HTTP

As verification I wrote a simple Perl CGI script to echo back $ENV{REMOTE_USER} which emitted user@REALM, as expected.

Sadly when testing this out I found the use of SPNEGO is not enabled by default in all browsers (for example, Google Chrome). A managed desktop seems the only way to ensure the user has both kerberos credentials and a browser started with the correct features enabled. Otherwise, it’d be just too much work?

]]>
http://blog.gorwits.me.uk/2012/04/22/deploying_mod_spnego/feed/ 0