Like so many of my fellow Red Hatters (whoops, almost wrote Haters there, not sure what to make of that), I find myself in Nashville this week, attending the Red Hat Summit. Somehow (I mean, it wasn't a mystery, I was there after all) I agreed to give a talk on Single Sign-on and where Red Hat wants to go with respect to its products.

But that's old news.

As scheduling would have it, I'm presenting dead last on Friday. Which is pretty awesome in that it takes large amounts of pressure off — I mean, I could actually do the chicken dance for five minutes and call it done, and I'd wager large chunks of the audience would thank me for my brevity and go merrily on their way.

Now, this has turned out to be an unexpected bag of experiences. From the fact that we're at a conference center which also happens to be a resort I wouldn't ever stay at on my own dime, to the fact that we're within walking distance of the Grand Ole Opry (yes, the Grand Ole Opry!), and me not even being that big of a country/western music fan, to the fact that it's turning out to be like a big company meeting, less large chunks of the company, plus large numbers of clients and customers.

That's a lot to digest.

Wow, Memorial Day weekend was hot. Which doesn't bode well for the rest of the summer. I live in an older apartment, which means that I don't have air conditioning. The window sills won't themselves support window units, so the simplest option is the freestanding floor model. Sure, having an air conditioner on wheels is a pretty cool idea (if it could follow me around like a hospital patient's IV, that would be awesome), but that's a non-trivial amount of money to spend.

So I figured I'd make the list of pros and cons.

Pro: reason to get out of the house early in the morning, and to spend weekends outside.

Con: there are things I like to do at home.

Pro: it's like having a sauna.

Con: it's like having a sauna that can't be turned off.

Pro: something to whine about.

Con: turns me into a whiny punk.

At the moment, I'm pretty peeved at the designs of nss_ldap and pam_ldap, which both execute in-process. This, even when they might need access to sensitive credential information to authenticate to a directory server to, you know, work. And when that's not allowed, you're just screwed. Aaargh.

It's all but enough to make me dig up splatbind and go to work on finishing it. Sure, I'd have to add a "password check" query, and it needs an offline (cold) cache for disconnected operation, and the config file setup is crap, and the implementation is slightly too complicated to be trivially maintainable, but [incoherent gnashing of teeth].

It's almost the last minute, but it looks like I'll be presenting at the Red Hat Summit next month, on the topic of the various security technologies which we think play a part in the single sign on puzzle: LDAP, PKI, Kerberos, PAM (and how it's not nsswitch), nsswitch (and how your apps really don't give a crap where your user info comes from), and some ideas on how we can make them fit together in a more manageable way as part of Fedora and RHEL, and in particular why certain combinations don't look like good ideas.

Of course, this means I need training on how to be an engaging speaker (it's been a long time, so I've gotten The Fear), so I get to travel to RDU at the end of next week. I'm looking forward to staying in town on Saturday to spend some time with friends and family (which, apparently, also lowers the total cost of the trip — woo-hoo!).

Holy crap. Do I need to dress up for this? Maybe I can buy a cowboy hat while I'm down there.

Just tagged oddjob 0.26, the end product of the mad scramble which results from noticing that your own test cases don't pass. That 1k growth in the tarball compared to the previous version? Quality.

And because Dan wants to be able to control access using the loginuid of the requester, and giving him the name of the user in an environment variable is so not what he asked. Of course, attempting to write an SELinux policy for oddjobd isn't exactly the stroll through the meadow that I'd hoped, so I'm all about the payback.

• No matter how much you like them, Jalapeno peppers may not be a good choice for an afternoon snack. No, not poppers, peppers.
• Test suites can have bugs of their own.