Once you have a CA configured, you need to setup the Apache Web server to use it. The process of requesting the certificate from the browser and verifying that it’s properly signed is handled by Apache, which can then pass information about the verification to your application.

Previously, I wrote about the promise of using Client SSL Certificates for authentication. With this post, we start down the road of actually putting this in practice.

The first step is to set up a Certificate Authority (CA).

Ever had to change the URL in 50 files? What do you do?

1

vi *.html

(You should know by now I’d use Emacs.)

Or whip up a Bash script with sed?

Since dinosaurs roamed the Earth, I’ve been using Perl’s In Place Editing feature -i.

1

perl -p -i.orig -e 's/bar/baz/' file

Let’s break it down, shall we?

Holy crap! You can use SSL client certificates to easily authenticate user logins!

What they hell am I talking about?

So, there’s this thing, SSL client certificates. They are pretty much exactly the same as SSL server certificates. They work like this:

1. The web server has a key pair.
2. The client generates a key pair.
3. The client send the public key to the server.
4. The server signs the public key with it’s private key and send a certificate back to the client.
5. The client saves the certificate.

What’s that good for? Authentication! How’s it work?

Sometime I want all of Rails’ form bells and whistles for something that isn’t a database backed model. For example, I use this as a handy way to get form validations when starting a session with an API.

This is possible because Rails allows you to use ActiveModel without a database.

A while back I wrote about Diceware, a system for generating password using dice and a word list. I also include a Ruby script that use virtual dice.

The diceware passwords of reasonable length are strong, they have high entropy. However, most password security requirements aren’t based on entropy, but instead are made up, with people throwing in requirements for capital letters, numbers, and symbols because they sound good.

Well, we don’t get to set policy, so I’ve modified my script to generate passwords with numbers and symbols as separators.

This is one of the blog posts to set something in my mind that I’m always looking up. Linux has lovely tools for adding and managing users, but I can never remember them. I’m old skool and BSD-centric, so I tend to just use vipw, but it’s better to use the tools. So, with no further ado:

Every wondered what the timestamps on files on UNIX sytems mean?

Unix keeps three or four timestamps per file (or directory (or other random thing in the file system).

How to you take a list of files and do something with them in the UNIX shell? xargs is the key.

If you’ve run in to xargs, it’s probably in it’s most simple form:

1

xargs rm < list.txt

I’ve touched on shell aliases and functions a few times, today I wanted to get in to a little more detail on passing arguments to them.

BASH aliases don’t actually take arguments, but they will automatically append any argument to the underlying command line.

1
2
3

alias t=tail -f
t /var/log/apache/access.log
# expands to tail -f /var/log/apache/access.log