Puakma: Under the hood

I'm Brendon Upson, jack-of-all-trades, master of one or two. I'm talking about life running a small ISV tackling business issues and leaping technology hurdles in a single bound.

webWise Network Consultants is based in Sydney, Australia and develops the groundbreaking Tornado Server technology.

It had to happen

Filed under: by Brendon Upson on 2006-02-14

My blog has been comment spammed by some idiot:

Your site is pretty good! ------------------------------- Visit my resources:Cialis[url=http://cialis123buy.journalspace.com]Cialis[/url] Levitra[url=http://levitra-order.journalspace.com]Levitra[/url] online casino[url=http://lol.to/bbs.php?bbs=onlinegames]online casino[/url] hk915dzr-600428839 Comment posted by Phentermine on 2006-02-14 12:08:29.0

Just who buys this sh!t?? If noone bought the crap, then the ads would be pointless and they would disappear. Instead we all have to work harder to come up with ways to stop these guys ruining the web for everyone, so today I added some simple protection to stop bots posting to this weblog. I know it's a temporary workaround, but should be ok for a while, we'll see. The flip side is there may be now some browser who can't post comments. In my case no big issue ;-)



Web Booster does Kerberos

Filed under: by Brendon Upson on 2006-02-14

We've been busy here working on a Kerberos solution for our "Web Booster Enterprise Single Sign On" product. This is a very specialised addon for Web Booster that allows a user to simply point their browser at Web Booster and be automatically authenticated to a Domino or WebSphere server using Ltpa tokens. The core product (using NTLM authentication and WebSphere style Ltpa tokens) has been in the making for many months, due ot the lack of documentation on the Ltpa format from IBM. As is always the case, just when you think you;re done a customer comes along and asks for a variation upon the theme - in this case using Kerberos instead of NTLM.

NTLM (NT Lan Manager) is the pre-Win2K way for clients to authenticate (automagically) with Windows NT servers. It works on a challenge response basis with a final hash supplied by the client being checked against a Windows Domain Controller. NTLM works quite well, although performance could be better (due to the number of challenges/responses and verification against the DC). Kerberos on the other hand is much faster, more secure and is not neccessarily tied to the Win2K platform (although I would estimate almost all customers would use it that way).

As is always the way, the path to glory has not been an easy one. It turns out that Windows uses SPNEGO token which are "wrapped" Kerberos tokens. Fortunately jcifs-ext came to the rescue and once we had set up the test environment correctly and worked out how the API could be ported to Booster, we were away. Now we're just crossing the t's and dotting the i's :-). Customers who have already purchsed the NTLM version will get a free upgrade to the NTLM and Kerberos version.

We've also been thinking about bundling a Tornado web application with Web Booster to enable the configuration and management of it through a web browser interface. We will investigate this over the next few months.