I have a couple of small web applications that I have built for myself (wiki, system monitoring, etc.) There didn’t seem much point in adding a database for authentication, so I put together a strategy for using PAM and OmniAuth.
It depends on OmniAuth (~> 1.0), rpam-ruby19 and the PAM headers (that’s the libpam0g-dev package on Debian and Ubuntu.)
It has only been tested on Debian 6.0 using Ruby 1.9.3-p0 (but there’s no reason why it won’t work elsewhere.)
The project is on GitHub. Log an issue if something doesn’t work as you expect.
Usage
Include provider type:
use Rack::Session::Cookie
use OmniAuth::Strategies::PAM
Implement the callback (as in the OmniAuth documentation), and then navigate to: /auth/pam.
It uses the authenticated user as the UID, as on a Linux system this would be unique.
Supporting Ruby 1.8
There is an older gem available for Ruby 1.8 for supporting PAM. The syntax is slightly different, but only a small change if you wanted it.
Instead of including rpam-ruby19 instead use rpam and change the implementation of callback_response in lib/omniauth/strategies/pam.rb to:
def callback_phase
unless authpam(request['username'], request['password'])
return fail!(:invalid_credentials)
end
super
end
You will also need to add include Rpam beneath include OmniAuth::Strategy.
As it’s only small (the whole thing is tiny as it is) I figured it’d be best to document the difference, rather than aim to support two different gems.
There are too many terrible articles on configuring Apache and PHP on the Mac, especially for Lion. Even worse are the suggestions of using other versions, or overly complex configuration methods.
Apache & PHP are included with Lion by default, but various parts are disabled. This will show you how to enable them without breaking the local install.
Configuration Files
The Apache config files are located in /etc/apache2 (the standard place.)
The most important part of this directory is httpd.conf. This is the main configuration file. In the users/ subdirectory are the configurations for local users (accessible through http://localhost/~<username>.)
The PHP configuration file (php5.conf) is held under other/.
The global virtual-hosts config file is held under extra/httpd-vhosts.conf. Although, by default this is commented out in httpd.conf.
The rest is mostly Apple specifics, including some of the tools included with Lion Server, and other areas of the config you are unlikely to need to change.
Permissions
By default, the main httpd.conf file is set to only be readable by all (444.) I would assume this is so users do not inadvertantly break the defaults.
To change it to be writeable by it’s own user (root), change it to 644 (readable by all, readable by it’s owner.) like so:
chmod 644 httpd.conf
You can then edit it using sudo, in your favourite editor.
Enabling PHP
Apple have always shipped with PHP disabled by default (even in Lion Server, you need to select a checkbox to specifically enable it.)
In httpd.conf, it is located somewhere around line 111, towards the end of the other LoadModule statements. This line is commented out. You need to remove the hash to it looks something like this:
LoadModule alias_module libexec/apache2/mod_alias.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
LoadModule php5_module libexec/apache2/libphp5.so
#Apple specific modules
LoadModule apple_userdir_module libexec/apache2/mod_userdir_apple.so
After doing this, you will need to restart Apache. You can do that from System Preferences/Sharing, or like so:
sudo apachectl restart
Virtual Hosts
For local development (for PHP this isn’t so often), I usually add a virtual host for the project I’m working on, and then adjust /etc/hosts to give it a usable domain.
You’ll need to edit httpd.conf again. There is an include for httpd-vhosts.conf quite a way in, somewhere around line 623.
You’ll find you’ll want to remove most of the default example content from extras/httpd-vhost.conf (by default accessing anything will give you a 403: Forbidden error.)
From there, each project/application/etc will need a VirtualHost block configured for it. This allows Apache to respond to a given domain.
The logging entries inside the block are optional, but recommended. Console.app is useful to keep an eye on the logs (it will automatically refresh when it changes.)
<VirtualHost *:80>
DocumentRoot /path/to/files
ServerName project.example.com
ErrorLog /path/to/files/logs/error.log
LogLevel warn
</VirtualHost>
To get the domain working, you need to edit /etc/hosts and add a line something like this (below the comments, before the rest.):
127.0.0.1 project.example.com
Now, you should be able to navigate to that domain and access it.
This is probably the most elegant way of running PHP applications locally. It keeps the already present tools, but makes them work as expected - which is far nicer than hacking other tools and configurations in place.
I read quite a few things over Christmas, here’s some notes on a few of them:
These were probably the shortest two that I read, but both jam packed with some quite useful information. With Mobile First, some of it was already preaching to the converted, but the examples and approaches were useful to see.
Emotional Design, however, made me think. It’s about optimising designs for the way human emotions operate. And, it works very well.
Much of the book outlines case studies, some from Aarron’s work with MailChimp, and others from elsewhere. It does a very good job of making its case - something that I’ll think about in the future.
I read this after spending a good chunk of time reading Matt Might’s blog. It’s a book about academic careers and attempts to reveal exactly what that entails.
Like most books on the same subject, it’s US centric, but still valuable. If the thought of academic is on the horizon, I’d suggest you give it a read.
This is about programming careers. I think it’s well targeted at those soon to be leaving University or in University studying something programming related.
I find what most people say on careers to be simply offensive, this is good.
A big pain point I see in people is seeing what they’re being taught at University to be the be-all and end-all of what they need to know to get a job. For some, this is obvious, but for others not so. The book makes a good point of suggesting that you firstly should be problem, not tool orientated, and that also you should be pushing out into other technologies. Especially new ones.
For the former, this means pushing far out of your comfort zone. Used to Java? Learn Ruby, or Objective-C. Or, even better go functional and learn something like Haskell. But, more important is to remember what you’re working on now is just the thing of the moment. If you keep that view, you can keep ploughing forward. And anyway, if you learn around your favourite technology and methodologies enough, you are still improving on the original one.
It is a little dry at times, and somewhat fear driven (there’s lots about the risk of having your job outsourced), but overall it’s a good book. It has some nice personal case studies, too.
This wasn’t what I expected. It’s a book about applying the way the Macintosh was created to other companies. Some things are a little dated (it was published in 1990.)
It doesn’t contain a gushing history, but a a slightly rose tinted, but critical look at how the Macintosh was crafted (and maintained after Jobs left.)
The point of the book is how to apply this to other companies. Beware of the dating chapter. It’s painful.
This has got to be the first book that has made me enjoy dealing with data. Up until this point, I had avoided Core Data (it is a complex framework.) But, I got this as a Christmas Present.
For iOS, Core Data is essentially a wrapper and set of tools for dealing with SQLite. I’ve not finished reading it yet, but so far this has given a enjoyable discussion of the way Core Data works and how to go about using it. It has some nice tips on performance, too - especially important if you are handling large data sets.
The information is not limited to just iOS, either. Whilst this is the primary focus, it does cover enough if you are looking into the Mac, too.
I did read a lot of other things, too (mostly catching up.) You can find those over on Pinboard.
