MIT SIPB Script Services for Athena

Certificate Authentication in Safari

February 22, 2010 at 3:40 am by in

If you’ve tried to use our recommended configuration for authenticating users using MIT certificates, you’ve probably discovered that Safari users are not offered the opportunity to select a certificate. This is due to a bug in Safari’s SSL implementation where it will never present a certificate unless the server requires that it present one (we do not require that a certificate be presented, so that we can show a page saying “you need certificates”).

Starting today, we’ve added some additional code that will force Safari to show the certificate selection dialog. If you are using the recommended configuration for certificate authentication, this will take effect for your site automatically. (Specifically, what we now do is that force an SSL renegotation if we find the Safari browser.)

If you are using any other configuration than our recommended configuration, the behavior should not change.

(You can see the technical details of this change in our source browser.)

Django on updated to 1.0 and made default

September 25, 2008 at 1:15 pm by in

We’ve updated the Django Python package on scripts to the
recently-released 1.0 final version, as part of a standard Fedora package
update. We will be releasing an auto-installer soon, although you can
manually set up Django with the command and the sample
FastCGI wrapper on the Django web site.

If you’re currently using a Django 0.96 site, you can keep Django sites in
your locker at version 0.96 by adding the following lines to the top of
your FastCGI wrapper and, before any import statements referencing “django”:

import pkg_resources

If this does not work for you, you can try running the following Athena commands, where LOCKER is the locker with an old Django install:

attach LOCKER
mkdir -p /mit/LOCKER/lib/python2.5/site-packages
cd /mit/LOCKER/lib/python2.5/site-packages
fs sa . daemon.scripts read
echo 'import sys; sys.path.insert(0, "/usr/lib/python2.5/site-packages/Django-0.96_None-py2.5.egg")' > 00django-path.pth

This will make the Django 0.96 package take precedence for all sites in your locker. You can delete the 00django-path.pth file when you’re ready to upgrade to 1.0.

We will keep Django 0.96 available until at least the end of fall term.

Upgrade to Fedora 9

May 21, 2008 at 3:48 am by in has temporarily added a Fedora 9 server to the server pool, in preparation for a full upgrade to Fedora 9 this summer. The server is otherwise configured identically to the existing servers, so all your scripts should continue to run. If you notice any problems with your scripts, please don’t hesitate to contact us at

SSLUserName being disabled

March 25, 2008 at 1:36 am by in

On March 28, 2008, the team will disable the default SSLUserName functionality. The result will be that, with no other configuration, your scripts will no longer receive the user’s e-mail address in the REMOTE_USER environment variable. If you wish to recreate the old functionality, you can create a .htaccess file in your script’s directory containing “SSLUserName SSL_CLIENT_S_DN_Email”. However, we recommend that you use the SSLCert authentication module as described in our FAQ.

© 2004-2017, the SIPB project.
These pages may be reused under either the GFDL 1.2 or CC-BY-SA 3.0.
Questions? Contact

You are currently connected to