I'm a leaf on the wind. Watch me soar.

I've had two new additions to my tech collection, a Cisco PIX 506e running PIX 6.3(5) and a Sun UltraSparc 5. I've wanted to lower the number of power hungry computers for a good long while, and I figured that the PIX was a good way to start. As for the SPARC, well I've wanted one since I saw them at college.

The PIX was pretty easy to get started with. I fixed my ldap+kerberos setup and added a freeradius server to allow logins using one password db. I already had MIT kerberos running, but my ldap setup had been broken for some time. Setting up ldap->kerberos passwords was a little troublesome as all of the documentation references the now deprecated {KERBEROS} principal password type. It has been replaced by {SASL} user@REALM. The openldap mailing list had a nice list of the authentication options availible. In addition to that little snafu, the generic migration scripts did not generate valid ldif files, due to schema changes in openldap. I also needed to modify their output to add the dialupAccess attribute and radiusprofile objectclass for freeradius. Once that was all squared away freeradius was a breeze to configure. A little configuration action on the PIX yeilds centrallly authorized ssh, pdm and vpn. Wasn't that fun...

Now on to the annoying part. SBC provides me with a 29 bit address range, they expect me to route that range using an IP address they assign through pppoe. This was a bit of an issue as I had some trouble figuring out how to get the PIX to "route" those addresses. The PIX can be made to listen on other addresses using static's, but to get it to actually talk to anything in this situation, a route must be added for each ip address using the SBC provided address as the gateway.

Most of the IP addresses in my range point to the same web server, so I have a many to one link going on. The PIX does not do many to one, static allows for only one-to-one relationships, which SUCKS. We'll see if I find the vpn & firewall capabilities of the PIX to be superior to my old linux box, I tend to doubt it as the linux box is much more flexible.

My sparc, has chugged its way through a linux install (gentoo) and worked fine. I'm now running Solaris 10 on it as a learning exercise. Solaris is a good deal different than any of the unices I've worked with in the past. It's pretty refreshing to find myself being a noob again. So far I've learned a good bit about OpenBoot (which is pretty much openfirmware if you're familiar with macs) and running a sparc with a serial console. I must say, I like the idea of having a machine jump into serial console mode if there is no keyboard attached. In my case, all of the displays in my appartment are incapable of displaying whatever video mode the console defaults to. I've managed to get Solaris installed and on my network, mounting my /home share so far. Next I hope to get it using kerberos for authentication and ldap for authorization/account info. I feel like a kid in a candy store.

As a side note, If you haven't seen Serenity/Firefly then check it out. It's pretty good imho.