Re: [CentOS] question on RAID performance

[John J. Lee]

I am currently running 7 raid10 data servers.  I can say read speed
increases but I doubt the write speed comparing to non raid setup.
The main advantage of the raid is redundancy but not
the performance.  If you want to boost the disk performance, go for
the faster drive with more than
10,000rpm spinning speed.

-john

On Thu, Apr 10, 2008 at 8:18 PM, Miguel Medalha <[EMAIL PROTECTED]> wrote:
> Have you tried RAID 10? It combines the security of RAID 1 with the speed of
> RAID 0. dmraid supports this RAID type.
>
>
>
> > I was wonder what experiences there are out there with using RAID-X for
> > performance increases. I do use RAID-1 (2 disks) but am interested in
> > attemtps to gain higher R/W performance. Do the RAID-5's etc give
> noticeable performace increases?
> >
>
>
>  ___
>  CentOS mailing list
>  CentOS@centos.org
>  http://lists.centos.org/mailman/listinfo/centos
>



-- 
John Juyoung Lee
(510)486-7510 / [EMAIL PROTECTED]
(510)301-2315 / [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] question on RAID performance

[Guy Boisvert]

John J. Lee wrote:

On Thu, Apr 10, 2008 at 6:43 PM, Jerry Geis <[EMAIL PROTECTED]> wrote:

Hi all,

 I was wonder what experiences there are out there with using RAID-X for
 performance increases. I do use RAID-1 (2 disks) but am interested in
 attemtps to gain higher R/W performance. Do the RAID-5's etc give
noticeable
 performace increases?

 A significant help for me was using ccache for compiling programs. That was
 a real performance increase.

 Thanks for any suggestions/opinions.

 jerry

>
>
> If you want to higher R/W performance, you should go for raid0.
> raid0 fragments the data into the number of disks and distributes them.
> It gains a big performance.  One drive fails, however, all data gone.
> raid5's benefit is not the speed but the effective space usage with
> the least data redundancy.
> Bitwise parity calculation consumes lots of processing power.  So
> raid5 is the least choice in terms of performance.
>
> -john
>


I had about the same interrogation a couple of months ago.  I had to 
upgrade a mail server that was using a single IDE drive to store about 
90 Gigs of mail, served by Communigate Pro on CentOS 4.6 (32 bits).  The 
server was starting to crawl with high %iowait.  The drive was simply a 
regular Western-Digital 7200 RPM 200 Gigs drives.  Imagine the random 
access load, which is simply too much for a drive which is designed to 
handle single user load.


I finally set for 4 x Seagate SAS 73 Gigs 15000 RPM on RAID 10.  The 
performance is very good.  About 150-160 MiB/s througput R/W.  We use an 
Adaptec 3405 (Unified SAS/SATA Crontroller, CentOS stock drivers) on a 
new Tyan Transport TA26 (B3992-E), 4 Gig RAM, Opteron 2214 & CentOS 5 
x86_64.


I made tests with the same server in RAID 5.  Read throughput was about 
the same but write was slightly lower (XOR Calculation) at about 135 
MiB/s which is still real good.  I chose RAID 10 because i had enough 
space with 146 Gigs RAID 10 and i wanted absolute throughput for our 50 
e-mail users which use Outlook with Communigate MAPI Plugin.  Sometimes 
they click on a big public sub-directory and sync between Outlook and 
the server takes place (local caching).  The user are very satisfied and 
CentOS 5 is rock solid, providing a very good service since 2 months. 
The previous server run for about 3 years without any problem, providing 
excellent service even if it was running on modest hardware: Athlon XP 
2500, Asus A7V600, 1 Gig RAM.


On another little project (friend's media file server), i assembled a 
cheap server with Asus M2N-e, Athlon Dual Core 4600+, 1 Gig DDR2 667 RAM 
, 40 Gigs IDE system drive and 4 x Western-Digital 500 Gigs RAID Editon 
(7200 RPM) data array.  I used CentOS 5 x86_64 software RAID 5 (4 x 500 
Gigs) and managed to get 35-40 MiB/s write throughput, which was much 
more than what he got using Intel ICH-8 RAID 5 on his Windoze PC (same 
drives).  The Athlon DC 4600 handles the XOR very easily (low cpu usage) 
and the bottleneck seems to be on the bus (Regular PCI  bus, 132 MiB/s 
max combined).  He's absolutely satisfied with his new CentOS 5 Samba 
server.  Combine that with WebMIN and a couple of scripts, he's stunned 
by how it's easy to use his server!  I still wonder how people are 
paying for Winblows Home server...



Hope this helped a bit!


Guy Boisvert, ing.
IngTegration inc.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] question on RAID performance

[Miguel Medalha]

Have you tried RAID 10? It combines the security of RAID 1 with the speed of 
RAID 0. dmraid supports this RAID type.



I was wonder what experiences there are out there with using RAID-X for
performance increases. I do use RAID-1 (2 disks) but am interested in
attemtps to gain higher R/W performance. Do the RAID-5's etc give 
noticeable performace increases? 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] question on RAID performance

[John J. Lee]

If you want to higher R/W performance, you should go for raid0.
raid0 fragments the data into the number of disks and distributes them.
It gains a big performance.  One drive fails, however, all data gone.
raid5's benefit is not the speed but the effective space usage with
the least data redundancy.
Bitwise parity calculation consumes lots of processing power.  So
raid5 is the least choice in terms of performance.

-john

On Thu, Apr 10, 2008 at 6:43 PM, Jerry Geis <[EMAIL PROTECTED]> wrote:
> Hi all,
>
>  I was wonder what experiences there are out there with using RAID-X for
>  performance increases. I do use RAID-1 (2 disks) but am interested in
>  attemtps to gain higher R/W performance. Do the RAID-5's etc give
> noticeable
>  performace increases?
>
>  A significant help for me was using ccache for compiling programs. That was
>  a real performance increase.
>
>  Thanks for any suggestions/opinions.
>
>  jerry
>  ___
>  CentOS mailing list
>  CentOS@centos.org
>  http://lists.centos.org/mailman/listinfo/centos
>



-- 
John Juyoung Lee
(510)486-7510 / [EMAIL PROTECTED]
(510)301-2315 / [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] question on RAID performance

[Jerry Geis]

Hi all,

I was wonder what experiences there are out there with using RAID-X for
performance increases. I do use RAID-1 (2 disks) but am interested in
attemtps to gain higher R/W performance. Do the RAID-5's etc give 
noticeable

performace increases?

A significant help for me was using ccache for compiling programs. That was
a real performance increase.

Thanks for any suggestions/opinions.

jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SugarCRM pro and PHP 5.2

[centOS]

On Thu, 10 Apr 2008 23:29:21 +0100
Karanbir Singh <[EMAIL PROTECTED]> wrote:

> anyway, we should have php-5.2 available in centos-5 within the
> next couple of weeks

Is the cat out of the bag? Yeeah!!

-- 
Thanks
http://www.911networks.com
When the network has to work
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange reboots

[Ned Slider]

Linux wrote:


# ps ax
  PID TTY  STAT   TIME COMMAND

 2994 ?Ss 0:00 sshd: [EMAIL PROTECTED]/2

 4028 pts/2Ss+0:00 -bash

 5603 ?Ss 0:00 sshd: [EMAIL PROTECTED]/0
 5625 pts/0Ss 0:00 -bash


Two root logins via ssh - are these both you? The first looks early in 
the boot process.


I'm sure I don't need to say you shouldn't really be logging in directly 
as root. Better to disable root logins by ssh - login as a regular user 
and su to root.


http://wiki.centos.org/HowTos/Network/SecuringSSH

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange reboots

[Linux]

On Fri, Apr 11, 2008 at 2:43 AM, William L. Maltby
<[EMAIL PROTECTED]> wrote:
>
> On Fri, 2008-04-11 at 02:02 +0300, Linux wrote:
>  > On Fri, Apr 11, 2008 at 1:44 AM, Benjamin Karhan <[EMAIL PROTECTED]> wrote:
>  > >  ] Every 59 minutes (maybe every hour) it reboots without any logs,
>  > >  ] without any traces and unfortunately with breaking software raid.
>  > >  ] After reboot dmesg does not have any strange entries.
>  > >  this really only helps you if you have X11 installed/enabled to begin 
> with...
>  >
>  > Well, X11 is not installed (just as would be expected from a production 
> server)
>  > Also I tried removing unneeded things ipv6 etc...
>  > no luck yet...
>  >
>  > And it is really annoying that I have only 59 minutes to work on it
>
>  I can't help, but if you post your hardware configuration, grub kernel
>  boot lines, OS status, etc., I bet there is someone that has your config
>  running that may have something useful to say. Maybe need something on
>  the kernel line like "lapic" or whatnot.

Note that, the reboot has no relation with earth time, just timer.
I feel like someone is making joke of me. Planted o timebomb
on my boot process and at 60th minute, it explodes.

hardware:
Intel(R) Core(TM)2 Quad CPUQ6600  @ 2.40GHz
8 GB RAM
4 x 300 GB SATA Disk (Soft RAID-1)
Intel Board (no idea about model/rev)

grub.conf line:
kernel /boot/vmlinuz-2.6.18-53.1.14.el5 ro root=/dev/md0 pci=nommconf mem=8318M

# uname -a
Linux hostnamehidden.net 2.6.18-53.1.14.el5 #1 SMP Wed Mar 5 11:37:38
EST 2008 x86_64 x86_64 x86_64 GNU/Linux

# ps ax
  PID TTY  STAT   TIME COMMAND
1 ?Ss 0:01 init [3]
2 ?S  0:00 [migration/0]
3 ?SN 0:00 [ksoftirqd/0]
4 ?S  0:00 [watchdog/0]
5 ?S  0:00 [migration/1]
6 ?SN 0:00 [ksoftirqd/1]
7 ?S  0:00 [watchdog/1]
8 ?S  0:00 [migration/2]
9 ?SN 0:00 [ksoftirqd/2]
   10 ?S  0:00 [watchdog/2]
   11 ?S  0:00 [migration/3]
   12 ?SN 0:00 [ksoftirqd/3]
   13 ?S  0:00 [watchdog/3]
   14 ?S< 0:00 [events/0]
   15 ?S< 0:00 [events/1]
   16 ?S< 0:00 [events/2]
   17 ?S< 0:00 [events/3]
   18 ?S< 0:00 [khelper]
   84 ?S< 0:00 [kthread]
   91 ?S< 0:00 [kblockd/0]
   92 ?S< 0:00 [kblockd/1]
   93 ?S< 0:00 [kblockd/2]
   94 ?S< 0:00 [kblockd/3]
   95 ?S< 0:00 [kacpid]
  190 ?S< 0:00 [cqueue/0]
  191 ?S< 0:00 [cqueue/1]
  192 ?S< 0:00 [cqueue/2]
  193 ?S< 0:00 [cqueue/3]
  196 ?S< 0:00 [khubd]
  198 ?S< 0:00 [kseriod]
  284 ?S  0:00 [pdflush]
  285 ?S  0:00 [pdflush]
  286 ?S< 0:00 [kswapd0]
  287 ?S< 0:00 [aio/0]
  288 ?S< 0:00 [aio/1]
  289 ?S< 0:00 [aio/2]
  290 ?S< 0:00 [aio/3]
  436 ?S< 0:00 [kpsmoused]
  493 ?S< 0:00 [ata/0]
  494 ?S< 0:00 [ata/1]
  495 ?S< 0:00 [ata/2]
  496 ?S< 0:00 [ata/3]
  497 ?S< 0:00 [ata_aux]
  503 ?S< 0:00 [scsi_eh_0]
  504 ?S< 0:00 [scsi_eh_1]
  505 ?S< 0:00 [scsi_eh_2]
  506 ?S< 0:00 [scsi_eh_3]
  507 ?S< 0:00 [scsi_eh_4]
  508 ?S< 0:00 [scsi_eh_5]
  511 ?S< 0:00 [md2_raid1]
  514 ?S< 0:00 [md1_raid1]
  517 ?S< 0:00 [md0_raid1]
  520 ?S< 0:00 [md3_raid1]
  521 ?S< 0:00 [kjournald]
  553 ?S< 0:00 [kauditd]
  587 ?S
 7331 ?S  0:00 /usr/sbin/exim -bd -q60m
 7333 ?S  0:00 /usr/sbin/exim -bd -q60m
 7334 ?S  0:00 /usr/sbin/exim -bd -q60m
 7341 ?S  0:00 crond
 7343 ?Ss 0:00 /bin/sh -c /usr/local/cpanel/bin/dcpumon
>/dev/null 2>&1
 7345 ?S  0:00 /usr/local/cpanel/bin/dcpumon
 7358 pts/0R+ 0:00 ps ax
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange reboots

[William L. Maltby]

On Fri, 2008-04-11 at 02:02 +0300, Linux wrote:
> On Fri, Apr 11, 2008 at 1:44 AM, Benjamin Karhan <[EMAIL PROTECTED]> wrote:
> >  ] Every 59 minutes (maybe every hour) it reboots without any logs,
> >  ] without any traces and unfortunately with breaking software raid.
> >  ] After reboot dmesg does not have any strange entries.
> >  this really only helps you if you have X11 installed/enabled to begin 
> > with...
> 
> Well, X11 is not installed (just as would be expected from a production 
> server)
> Also I tried removing unneeded things ipv6 etc...
> no luck yet...
> 
> And it is really annoying that I have only 59 minutes to work on it

I can't help, but if you post your hardware configuration, grub kernel
boot lines, OS status, etc., I bet there is someone that has your config
running that may have something useful to say. Maybe need something on
the kernel line like "lapic" or whatnot.

> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange reboots

[Linux]

On Fri, Apr 11, 2008 at 1:44 AM, Benjamin Karhan <[EMAIL PROTECTED]> wrote:
>  ] Every 59 minutes (maybe every hour) it reboots without any logs,
>  ] without any traces and unfortunately with breaking software raid.
>  ] After reboot dmesg does not have any strange entries.
>  this really only helps you if you have X11 installed/enabled to begin with...

Well, X11 is not installed (just as would be expected from a production server)
Also I tried removing unneeded things ipv6 etc...
no luck yet...

And it is really annoying that I have only 59 minutes to work on it
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SugarCRM pro and PHP 5.2

[Karanbir Singh]

Chris Boyd wrote:
> 
> On Apr 10, 2008, at 5:29 PM, Karanbir Singh wrote:
>>> We've been working with a consultant that does a lot of custom Sugar
>>> work, and the Sugar support group is strongly recommending it.
> 
> Ah, I was not clear.  They are strongly recommending PHP 5.2, not RHEL :-)

you missed the point that Jim made. SugarCRM are a rhx partner, they
themselves support it on RHEL.



-- 
Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange reboots

[Benjamin Karhan]

A little birdy told me that Linux said:

] I have a CentOS 5.0 running as a web server.
] 
] # uname -a
] Linux hostnamehidden.net 2.6.18-53.1.14.el5 #1 SMP Wed Mar 5 11:37:38
] EST 2008 x86_64 x86_64 x86_64 GNU/Linux
] 
] Every 59 minutes (maybe every hour) it reboots without any logs,
] without any traces and unfortunately with breaking software raid.
] After reboot dmesg does not have any strange entries.
] 
] I double-checked crons, any strange services, nothing suspicious.
] 
] I did "yum update" recently.
] 
] I went to Datacenter and waited before the monitor but during reboot I
] did not see anything strange. I guess reboot is cold reboot.
] 
] I changed all system and cpu fans. Upgraded system powersupply with a
] more powerful one. Placed server infront of air-conditioner.
] 
] Do you have any idea?

i have only recently started to believe CentOS 5 (not CentOS' fault
  at all, but really RHEL 5) is stable on a large enough scope of
  hardware to begin moving from CentOS 4 (which has been rock solid
  for my job's organization and my home use for years)...

the issue you describe was one of the many symptoms that would
  manifest on some systems running 5... especially early on...
  as a suggestion, try disabling (really not installing) the X-server
  and see if the problem doesn't vanish...
  although i wouldn't consider that an acceptable "solution" for
  my own long term use (and thus the hesitance to move from 4 to 5)
  that WAS often a culprit in "periodic spontaneous crash/reboots"...

i've found the simplest way to test this without massive software
  removal or reinstallation is to change the initdefault in
  /etc/inittab to "3"...
  and then to remove (or rename) /etc/X11/xorg.conf (to prevent the
  X-server from running during the boot notification sequence and
  possibly hanging at exit, thus preventing even console logins)

this really only helps you if you have X11 installed/enabled to begin with...

B. Karhan
[EMAIL PROTECTED]
PRI/SSRI Unix Administrator
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SugarCRM pro and PHP 5.2

[Chris Boyd]

On Apr 10, 2008, at 5:29 PM, Karanbir Singh wrote:

We've been working with a consultant that does a lot of custom Sugar
work, and the Sugar support group is strongly recommending it.


Ah, I was not clear.  They are strongly recommending PHP 5.2, not  
RHEL :-)



anyway, we should have php-5.2 available in centos-5 within the next
couple of weeks


Sweet--I'll see if we can move to 5.

--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SugarCRM pro and PHP 5.2

[Karanbir Singh]

Chris Boyd wrote:
> 
> On Apr 10, 2008, at 2:53 PM, Jim Perrin wrote:
>> Are you certain you need 5.2.x? SugarCRM is a RH partner, and offered
>> a bundled sugarcrm install through rhx.redhat.com
> 
> We've been working with a consultant that does a lot of custom Sugar
> work, and the Sugar support group is strongly recommending it.

I would disregard that - if the project and organisation behind Sugar
are supporting it on the rhel platform, there is no reason why it should
not work on CentOS.

anyway, we should have php-5.2 available in centos-5 within the next
couple of weeks

-- 
Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ssl and NameVirtualHost

[Kai Schaetzl]

Scott Silva wrote on Thu, 10 Apr 2008 12:28:42 -0700:

> I think you can download the intermediate certs from their webpage.

I had a look at their KB website yesterday and exactly the page that 
explains how to get and install the intermediates is gone:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page
=content&id=AR179
How encouraging. I would have thought they supply the intermediary with 
every signed cert, anyway, but apparently they don't.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpd wont start on CentOS 4.4?

[Gustavo Gouvea]

The problem described:
http://bugs.centos.org/view.php?id=2700


Paul Heinlein wrote:

> On Thu, 10 Apr 2008, Gustavo Gouvea wrote:
>
> > Hi Jonny,
> >
> > Yes, I did the reboot. "getenforce" shows "disabled".
> > The funny is that, issuing the start command it says "OK".
> >
> > Even in the logs:
> > Apr 10 12:12:44  localhost snmpd: snmpd startup succeeded
> > Apr 10 12:12:44  localhost snmpd[6673]: NET-SNMP version 5.1.2
> >
> > But still, there is no process running...
>
> Have you tried launching snmpd in non-forking mode?
>
>snmpd -f -Le
>
> If that's not verbose enough, wrap it in strace and try again:
>
>strace -o /tmp/snmpd.trace snmpd -f -Le
>
> --
> Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.22.11/1368 - Release Date: 4/9/2008 
> 4:20 PM

--

--
Gustavo Gouvea
Scire/Coppe - UFRJ
2562-7432


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpd wont start on CentOS 4.4?

[Gustavo Gouvea]

Thanks Paul,

After using -f -Le, I got an error message, and googleing for it, I found that 
I got old net-snmp-libs.
Ive updated the pkg, and its working.

Thanks all.

Paul Heinlein wrote:

> On Thu, 10 Apr 2008, Gustavo Gouvea wrote:
>
> > Hi Jonny,
> >
> > Yes, I did the reboot. "getenforce" shows "disabled".
> > The funny is that, issuing the start command it says "OK".
> >
> > Even in the logs:
> > Apr 10 12:12:44  localhost snmpd: snmpd startup succeeded
> > Apr 10 12:12:44  localhost snmpd[6673]: NET-SNMP version 5.1.2
> >
> > But still, there is no process running...
>
> Have you tried launching snmpd in non-forking mode?
>
>snmpd -f -Le
>
> If that's not verbose enough, wrap it in strace and try again:
>
>strace -o /tmp/snmpd.trace snmpd -f -Le
>
> --
> Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.22.11/1368 - Release Date: 4/9/2008 
> 4:20 PM

--

--
Gustavo Gouvea
Scire/Coppe - UFRJ
2562-7432


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Strange reboots

[Linux]

Hi,

I have a CentOS 5.0 running as a web server.

# uname -a
Linux hostnamehidden.net 2.6.18-53.1.14.el5 #1 SMP Wed Mar 5 11:37:38
EST 2008 x86_64 x86_64 x86_64 GNU/Linux

Every 59 minutes (maybe every hour) it reboots without any logs,
without any traces and unfortunately with breaking software raid.
After reboot dmesg does not have any strange entries.

I double-checked crons, any strange services, nothing suspicious.

I did "yum update" recently.

I went to Datacenter and waited before the monitor but during reboot I
did not see anything strange. I guess reboot is cold reboot.

I changed all system and cpu fans. Upgraded system powersupply with a
more powerful one. Placed server infront of air-conditioner.

Do you have any idea?

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mod_auth_ldap Apache2 on CentOS 5 and require group

[David Hláčik]

Hi, all,

1) it is CentOs 5.1
2) i am sure that LDAP is working according to error and access logs (when i
will type bad user it will fail, when i will type bad password it will
inform me about password mismath)
3) yes it is in correct  directory
I am sending whole config file :

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.






# - uncomment location section below and modify it according to your
situation.

#You will need to change at least the AuthLDAPURL
parameter.

#


# Documentation of the LDAP module used, and its parameters, is available
at

#  http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html


#  http://httpd.apache.org/docs/2.2/mod/mod_ldap.html


#





#   # enable Web DAV HTTP access methods
DAV svn
#
#   # repository
location

SVNPath
"/srv/polarion/svn/repo"


#
#   # write requests from WebDAV clients result in automatic commits
SVNAutoversioning
on


#


AuthName "Subversion
repository"


#
#   # per-directory access control
AuthzSVNAccessFile
"/srv/polarion/svn/access"


#


AuthType
Basic


AuthBasicProvider
ldap


#
#   # allow mod_authnz_ldap to decline group authentication so that
Apache
#   # will fall back to file authentication for checking group
membership

   AuthzLDAPAuthoritative   On
#

#   AuthLDAPURL "
ldap://yourExampleServer.com:389/ou=People,o=organization.org?uid";


#


#   Require valid-user
#

AuthLDAPURL "ldap://server/ou=Users,o=Organization?uid";
Require ldap-group "cn=tester2,ou=Groups,o=Organization"
#Require ldap-dn cn=Hlacik David,ou=Users,o=Organization
AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
AuthLDAPBindPassword svn1








2008/4/10 Jim Perrin <[EMAIL PROTECTED]>:

> On Thu, Apr 10, 2008 at 2:35 PM, David Hláčik <[EMAIL PROTECTED]> wrote:
>  > Hi , i am facing a strange problem.
> >
> > I have centos , i wan to access svn trought apache using mod auth ldap.
> >
> > This is what i have configured
> >
> >AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
> > AuthLDAPBindPassword Pass1
> > AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid";
> > AuthLDAPGroupAttribute member
> > AuthLDAPGroupAttributeIsDN on
> >  Require group cn=tester2,ou=Groups,o=Organization
> >
> > What is strange?
> >
> > According to doc it will accept only users which DN is in group
> > cn=teste2,ou=Groups,o=Organization.
> >
> > How come, for me it will accept every one user from LDAP?
> >
> > Thanks in advance!
>
> Is this for centos 4 or centos5?
>
>
> --
> During times of universal deceit, telling the truth becomes a
> revolutionary act.
> George Orwell
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SugarCRM pro and PHP 5.2

[Chris Boyd]

On Apr 10, 2008, at 2:53 PM, Jim Perrin wrote:

Are you certain you need 5.2.x? SugarCRM is a RH partner, and offered
a bundled sugarcrm install through rhx.redhat.com


We've been working with a consultant that does a lot of custom Sugar  
work, and the Sugar support group is strongly recommending it.


--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SugarCRM pro and PHP 5.2

[Jim Perrin]

On Thu, Apr 10, 2008 at 3:48 PM, Chris Boyd <[EMAIL PROTECTED]> wrote:
> We're looking at SugarCRM 5, but they strongly recommend PHP 5.2.4.  Looking
> around I see that a few individuals are maintaining repos for CentOS, but
> I'd prefer to get it from one of the larger repositories.
>
>  Anyone out there using http://www.jasonlitka.com/yum-repository/ ?
>
>  Any idea when PHP 5.2x will be available?


Are you certain you need 5.2.x? SugarCRM is a RH partner, and offered
a bundled sugarcrm install through rhx.redhat.com

http://rhx.redhat.com/rhx/catalog/productdetail.jspa?productId=1002

According to that page
*  Red Hat Enterprise Linux 5 - with the included Apache and PHP packages
* MySQL Enterprise Database Server

It's also possible that 5.2 will be in the RHWAPS stack once it's
tested/released.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SugarCRM pro and PHP 5.2

[Chris Boyd]

We're looking at SugarCRM 5, but they strongly recommend PHP 5.2.4.   
Looking around I see that a few individuals are maintaining repos for  
CentOS, but I'd prefer to get it from one of the larger repositories.


Anyone out there using http://www.jasonlitka.com/yum-repository/ ?

Any idea when PHP 5.2x will be available?

--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: ssl and NameVirtualHost

[Scott Silva]

on 4-10-2008 2:31 AM Kai Schaetzl spake the following:

Tony Schreiner wrote on Wed, 09 Apr 2008 21:14:25 -0400:

Does that mean 
you don't get a dialog saying the site is not verifiable?


Correct. With IE7.

Because I sure 
do, with several browsers on different platforms.


Checked now with FF2 and get a warning. They don't recognize the 
intermediate certificate (IE has it in it's certificate store) and don't 
go up in the chain. That's really their fault, not yours.
It's possible that the solution that Ross explains would help, I didn't 
ever need to do that. Talk to your colleague at https://www.bc.edu, they 
use the same cert chain. If you don't get a warning you might be able to 
get the intermediary certificate from them which might be faster than 
waiting for Verisign support.


Kai


I think you can download the intermediate certs from their webpage.

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mod_auth_ldap Apache2 on CentOS 5 and require group

[Jim Perrin]

On Thu, Apr 10, 2008 at 2:35 PM, David Hláčik <[EMAIL PROTECTED]> wrote:
> Hi , i am facing a strange problem.
>
> I have centos , i wan to access svn trought apache using mod auth ldap.
>
> This is what i have configured
>
>AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
> AuthLDAPBindPassword Pass1
> AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid";
> AuthLDAPGroupAttribute member
> AuthLDAPGroupAttributeIsDN on
>  Require group cn=tester2,ou=Groups,o=Organization
>
> What is strange?
>
> According to doc it will accept only users which DN is in group
> cn=teste2,ou=Groups,o=Organization.
>
> How come, for me it will accept every one user from LDAP?
>
> Thanks in advance!

Is this for centos 4 or centos5?


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpd wont start on CentOS 4.4?

[Max Hetrick]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gustavo Gouvea wrote:

> Yes, I did the reboot. "getenforce" shows "disabled".
> The funny is that, issuing the start command it says "OK".


Try stopping it, then removing the lock file, then restarting it.

# service snmpd stop
# rm /var/run/snmpd
# service snmpd start

I've have it create a strange permission on the lock file before, which
I removed and then just restarted.

Regards,
Max

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFH/mKiIXSX/6LmsXkRAvyZAJ94s0WsTM8wN4cP8jRz2H3plJgtwACeLTrh
9WhVGNmyY6nn+Xazmey1Ozo=
=tg6/
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mod_auth_ldap Apache2 on CentOS 5 and require group

[Jeff Larsen]

On Thu, Apr 10, 2008 at 1:35 PM, David Hláčik <[EMAIL PROTECTED]> wrote:
> Hi , i am facing a strange problem.
>
> I have centos , i wan to access svn trought apache using mod auth ldap.
>
> This is what i have configured
>
>AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
> AuthLDAPBindPassword Pass1
> AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid";
> AuthLDAPGroupAttribute member
> AuthLDAPGroupAttributeIsDN on
>  Require group cn=tester2,ou=Groups,o=Organization
>
> What is strange?
>
> According to doc it will accept only users which DN is in group
> cn=teste2,ou=Groups,o=Organization.
>
> How come, for me it will accept every one user from LDAP?

Your config looks correct, if it is in the correct context element in
your .conf file. Is it within a  element that references
your svn repository path? Please show more of your config.

Are you sure Apache is querying the LDAP server? Are you prompted for
a login. Are you denied if a bad password or username is given?

--
Jeff
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpd wont start on CentOS 4.4?

[Paul Heinlein]

On Thu, 10 Apr 2008, Gustavo Gouvea wrote:


Hi Jonny,

Yes, I did the reboot. "getenforce" shows "disabled".
The funny is that, issuing the start command it says "OK".

Even in the logs:
Apr 10 12:12:44  localhost snmpd: snmpd startup succeeded
Apr 10 12:12:44  localhost snmpd[6673]: NET-SNMP version 5.1.2

But still, there is no process running...


Have you tried launching snmpd in non-forking mode?

  snmpd -f -Le

If that's not verbose enough, wrap it in strace and try again:

  strace -o /tmp/snmpd.trace snmpd -f -Le

--
Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] mod_auth_ldap Apache2 on CentOS 5 and require group

[David Hláčik]

Hi , i am facing a strange problem.

I have centos , i wan to access svn trought apache using mod auth ldap.

This is what i have configured

   AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
AuthLDAPBindPassword Pass1
AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid";
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
Require group cn=tester2,ou=Groups,o=Organization

What is strange?

According to doc it will accept only users which DN is in group
cn=teste2,ou=Groups,o=Organization.

How come, for me it will accept every one user from LDAP?

Thanks in advance!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] 12V computing?

[Jason Pyeron]

Does anyone on the list have recommendations on 12VDC based hardware which
runs a stock Centos 4 (or even 5)?



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 
 



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: get files with wget

[Frank Büttner]

Filipe Brandenburger schrieb:

On Thu, Apr 10, 2008 at 7:39 AM, Frank Büttner <[EMAIL PROTECTED]> wrote:

Perhaps you should do:
wget -r http://www.foo.bar/sample

 Hm,
 this will download the whole www.foo.bar site:(


Add -np (no parent).

You should also probably add a slash after the directory in the website:

wget -r -np http://www.foo.bar/sample/

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Yes this will do the job.
Thanks.

Frank



smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Steve Campbell]

Sorry, I goof on the last test. I named your downloaded file .config 
instead of .conf. I was getting it mixed up with the selinux config file.


Slow brain today.

Looks like it would have worked with just the --init.

steve

Jim Perrin wrote:

On Thu, Apr 10, 2008 at 11:26 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

  

 I tried the new config file - the downloaded one - and it still gives me
the errors. I then went through and removed the xattr options on all of them
with no luck still. I have not ran the --check yet.



Did you remove the existing db from /var/lib/aide/ ? Is selinux still
off/disabled?



  

 Thanks for all your time. I really do appreciated the fact you're educating
me.



No worries. I needed to add that bit to my aide page anyway. So far
I've pretty well completely ignored folks with selinux disabled.


  


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: get files with wget

[Filipe Brandenburger]

On Thu, Apr 10, 2008 at 7:39 AM, Frank Büttner <[EMAIL PROTECTED]> wrote:
> > Perhaps you should do:
> > wget -r http://www.foo.bar/sample
>
>  Hm,
>  this will download the whole www.foo.bar site:(

Add -np (no parent).

You should also probably add a slash after the directory in the website:

wget -r -np http://www.foo.bar/sample/

Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Steve Campbell]

Jim Perrin wrote:

On Thu, Apr 10, 2008 at 11:26 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

  

 I tried the new config file - the downloaded one - and it still gives me
the errors. I then went through and removed the xattr options on all of them
with no luck still. I have not ran the --check yet.



Did you remove the existing db from /var/lib/aide/ ? Is selinux still
off/disabled?
  


No, I didn't. But after I did, and reran --init, I am not seeing the 
errors. I was under the impression that --init didn't care what was in a 
previous db file, and that it was creating a new one. I'll run this to 
completion, and fix it to match the system, then let you know the final 
(hopefully) results.


Thanks again.

steve



  

 Thanks for all your time. I really do appreciated the fact you're educating
me.



No worries. I needed to add that bit to my aide page anyway. So far
I've pretty well completely ignored folks with selinux disabled.


  


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Jim Perrin]

On Thu, Apr 10, 2008 at 11:26 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

>  I tried the new config file - the downloaded one - and it still gives me
> the errors. I then went through and removed the xattr options on all of them
> with no luck still. I have not ran the --check yet.

Did you remove the existing db from /var/lib/aide/ ? Is selinux still
off/disabled?



>  Thanks for all your time. I really do appreciated the fact you're educating
> me.

No worries. I needed to add that bit to my aide page anyway. So far
I've pretty well completely ignored folks with selinux disabled.


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Steve Campbell]

Jim Perrin wrote:

On Thu, Apr 10, 2008 at 9:24 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

  

 Tony and Jim,

 sestatus reports disabled. Thanks for the help on the test, Jim.




Okay, so here's the deal. The default aide.conf checks the selinux
bits. If you need to have selinux off (not really recommended, but
it's your box) and you still want aide to watch over your files, you
need to remove the selinux requirements from /etc/aide.conf.   I've
gone ahead and done up a config file which is identical to the default
with selinux bits removed. Grab the file from
http://www.bofh-hunter.com/downloads/aide.conf   or use the diff below
against the default config:

--- aide.conf.bak   2008-04-10 04:37:18.0 -0400
+++ aide.conf   2008-04-10 05:16:09.0 -0400
@@ -61,27 +61,27 @@
 # ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
 ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
 # Everything but access time (Ie. all changes)
-EVERYTHING = R+ALLXTRAHASHES
+EVERYTHING = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES

 # Sane, with multiple hashes
 # NORMAL = R+rmd160+sha256+whirlpool
-NORMAL = R+rmd160+sha256
+NORMAL = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256

 # For directories, don't bother doing hashes
-DIR = p+i+n+u+g+acl+selinux+xattrs
+DIR = p+i+n+u+g+acl+xattrs

 # Access control only
-PERMS = p+i+u+g+acl+selinux
+PERMS = p+i+u+g+acl

 # Logfile are special, in that they often change
-LOG = >
+LOG = p+u+g+i+n+S+acl+xattrs

 # Just do md5 and sha256 hashes
-LSPP = R+sha256
+LSPP = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256

 # Some files get updated automatically, so the inode/ctime/mtime change
 # but we want to know when the data inside them changes
-DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
+DATAONLY =  p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger

 # Next decide what directories/files you want in the database.


  

Jim,

I tried the new config file - the downloaded one - and it still gives me 
the errors. I then went through and removed the xattr options on all of 
them with no luck still. I have not ran the --check yet.


OK, so what if I enable permissive mode just to get the extra attributes 
on all the files, and do all the stuff needed to relabel the files. Will 
I see any difference in what I have other than the extended attributes. 
Since this server will go full time production real soon, I don't want 
to cause any surprises for me or the users, and I don't have the time to 
learn selinux admin and configuration in a short time either. I know, 
that sounds lazy, but I just have a full plate at the moment, sorry.


Thanks for all your time. I really do appreciated the fact you're 
educating me.


steve

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] generating tls certificates for radius under centos

[David Hláčik]

Hi all,

i need to generate certificate files for radius tls. I am using CentOS 5.1
and scripts in /etc/pki/tls/misc for generated own CA key, and for own keys
signed with my CA.
For Radius i need a server certificate with xpextensions support. How can i
generate server certificate with xpextensions which will be signed with my
own CA on CentOS5.1?

Thanks in advance!

David
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Jim Perrin]

On Thu, Apr 10, 2008 at 9:24 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

>  Tony and Jim,
>
>  sestatus reports disabled. Thanks for the help on the test, Jim.


Okay, so here's the deal. The default aide.conf checks the selinux
bits. If you need to have selinux off (not really recommended, but
it's your box) and you still want aide to watch over your files, you
need to remove the selinux requirements from /etc/aide.conf.   I've
gone ahead and done up a config file which is identical to the default
with selinux bits removed. Grab the file from
http://www.bofh-hunter.com/downloads/aide.conf   or use the diff below
against the default config:

--- aide.conf.bak   2008-04-10 04:37:18.0 -0400
+++ aide.conf   2008-04-10 05:16:09.0 -0400
@@ -61,27 +61,27 @@
 # ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
 ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
 # Everything but access time (Ie. all changes)
-EVERYTHING = R+ALLXTRAHASHES
+EVERYTHING = p+i+n+u+g+s+m+c+acl+xattrs+md5+ALLXTRAHASHES

 # Sane, with multiple hashes
 # NORMAL = R+rmd160+sha256+whirlpool
-NORMAL = R+rmd160+sha256
+NORMAL = p+i+n+u+g+s+m+c+acl+xattrs+md5+rmd160+sha256

 # For directories, don't bother doing hashes
-DIR = p+i+n+u+g+acl+selinux+xattrs
+DIR = p+i+n+u+g+acl+xattrs

 # Access control only
-PERMS = p+i+u+g+acl+selinux
+PERMS = p+i+u+g+acl

 # Logfile are special, in that they often change
-LOG = >
+LOG = p+u+g+i+n+S+acl+xattrs

 # Just do md5 and sha256 hashes
-LSPP = R+sha256
+LSPP = p+i+n+u+g+s+m+c+acl+xattrs+md5+sha256

 # Some files get updated automatically, so the inode/ctime/mtime change
 # but we want to know when the data inside them changes
-DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
+DATAONLY =  p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger

 # Next decide what directories/files you want in the database.



-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Diskless Environment

[Max Hetrick]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

gopinath wrote:
> How to configure Diskless environment in CentOS 5.1. Please help me out


I have a small guide to setting up an NFS server and then dishing out
diskless clients across PXE booting. It's out of date as I've not had
time to update it to pertain to CentOS 5.1 explicitly, but it should be
relevant and almost the same.



Regards,
Max
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFH/h66IXSX/6LmsXkRAusTAJ46JmTQ/hlZU9jTz3oE+Uj+iml/ZgCfXMlY
3z719a1JbS3xlFt/r0g/V38=
=x88X
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Michael Simpson]

On 4/10/08, Steve Campbell <[EMAIL PROTECTED]> wrote:
>
>
> Thanks Mike,
>
> I'm not sure I can do the reboot today as I have had to put the server into
> a temporary production status.
>
> The thing that is sort of bothering me, though, is that so much trouble
> occurs because of selinux when trying to use aide RPMs. Might I not try and
> generate my own rpms without selinux support or just compile from source? Is
> there a way I can disable the selinux stuff when using the Centos rpms? I'm
> still not hearing a definitive answer that selinux is the culprit here and
> modifying filesystems for a test  is a little extreme.
>
> I appreciate the help so far, though, and don't mean to sound ungrateful.
>
>
> steve

Hi Steve

i see what you mean



This was meant to be sorted by aide 0.13.1.
I suppose that aide is just going that wee bit further with regards to
security by checking for changes in selinux file contexts

If a file (or process / object) has its context changed then it could
signify an attack especially if you are running the box in enforcing
mode.

I had thought that aide had been patched to allow for null contexts if
compiled to look for them.

I just changed from running selinux in disabled mode on my production
systems to running with selinux enabled (initially in permissive mode
to check for problems then moving to enforcing once the wrinkles were
ironed out).

My main reason for doing so is that we are developing a electronic
patient record for the nhs.
I think selinux is fantastic



> still not hearing a definitive answer that selinux is the culprit here and
> modifying filesystems for a test  is a little extreme.

it's more about adding extended attributes to the existing filesystem

mike
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Jim Perrin]

On Thu, Apr 10, 2008 at 8:51 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:
>
>  I'm not sure I can do the reboot today as I have had to put the server into
> a temporary production status.


Well, this is infact selinux related.

Test 1 reports:
[EMAIL PROTECTED] ~]# getenforce
Permissive
[EMAIL PROTECTED] ~]# aide --init

AIDE, version 0.13.1

### AIDE database at /var/lib/aide/aide.db.new.gz initialized.

Test 2 reports:
[EMAIL PROTECTED] ~]# getenforce
Disabled
[EMAIL PROTECTED] ~]# aide --init
lgetfilecon_raw failed for /etc/smartd.conf:No data available
lgetfilecon_raw failed for /etc/lvm/cache/.cache:No data available
lgetfilecon_raw failed for /etc/blkid/blkid.tab.old:No data available
lgetfilecon_raw failed for /etc/blkid/blkid.tab:No data available
lgetfilecon_raw failed for /var/log/nagios/status.dat:No data available

So I was wrong, it does require selinux to at least be in permissive
mode to complete without error. I'm currently checking now to see if
aide still generates a usable db with selinux off.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Steve Campbell]

Jim Perrin wrote:

On Thu, Apr 10, 2008 at 8:51 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

  

 Thanks Mike,

 I'm not sure I can do the reboot today as I have had to put the server into
a temporary production status.

 The thing that is sort of bothering me, though, is that so much trouble
occurs because of selinux when trying to use aide RPMs. Might I not try and
generate my own rpms without selinux support or just compile from source? Is
there a way I can disable the selinux stuff when using the Centos rpms? I'm
still not hearing a definitive answer that selinux is the culprit here and
modifying filesystems for a test  is a little extreme.

 I appreciate the help so far, though, and don't mean to sound ungrateful.




Give me an hour or so. I'm testing with selinux off, and in permissive
mode. Hopefully I'll be able to duplicate what you're getting, and fix
it. I've got a spare blade to test this on, so that's how I'm spending
the next few minutes.

  


Tony and Jim,

sestatus reports disabled. Thanks for the help on the test, Jim.

steve

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Jim Perrin]

On Thu, Apr 10, 2008 at 8:51 AM, Steve Campbell <[EMAIL PROTECTED]> wrote:

>  Thanks Mike,
>
>  I'm not sure I can do the reboot today as I have had to put the server into
> a temporary production status.
>
>  The thing that is sort of bothering me, though, is that so much trouble
> occurs because of selinux when trying to use aide RPMs. Might I not try and
> generate my own rpms without selinux support or just compile from source? Is
> there a way I can disable the selinux stuff when using the Centos rpms? I'm
> still not hearing a definitive answer that selinux is the culprit here and
> modifying filesystems for a test  is a little extreme.
>
>  I appreciate the help so far, though, and don't mean to sound ungrateful.


Give me an hour or so. I'm testing with selinux off, and in permissive
mode. Hopefully I'll be able to duplicate what you're getting, and fix
it. I've got a spare blade to test this on, so that's how I'm spending
the next few minutes.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Tony Molloy]

On Thursday 10 April 2008 13:51:02 Steve Campbell wrote:
> Michael Simpson wrote:
> > On 4/9/08, Steve Campbell <[EMAIL PROTECTED]> wrote:
> >> Jim Perrin wrote:
> >>> On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski <[EMAIL PROTECTED]> wrote:
>   I think those errors are because selinux is off.
> >>>
> >>> Hmm, I don't ever really turn selinux off, but I had always thought
> >>> aide treated it as optional.
> >>>
> >>> Could test by setting it to permissive and trying again. This would be
> >>> interesting to test.
> >>
> >> I'm not sure if a reboot is required or not. I set permissive in the
> >> config file and echoed 1 into /selinux/enforce and then tried firstly
> >> the --check, and then an --init. Both still show the faulty lines.
> >>
> >> I will set it up properly and do a reboot tomorrow to see if it changes
> >> things, but for now, it doesn't.
> >>
> >> steve
> >
> > Hi there
> >
> > It is probably worth doing "touch /.autorelabel" before the reboot as
> > nothing will have really changed with the above actions
> >
> > this will force relabelling of your fs after the reboot and may give
> > you the context info that you require
> >
> > mike
>
> Thanks Mike,
>
> I'm not sure I can do the reboot today as I have had to put the server
> into a temporary production status.
>
> The thing that is sort of bothering me, though, is that so much trouble
> occurs because of selinux when trying to use aide RPMs. Might I not try
> and generate my own rpms without selinux support or just compile from
> source? Is there a way I can disable the selinux stuff when using the
> Centos rpms? I'm still not hearing a definitive answer that selinux is
> the culprit here and modifying filesystems for a test  is a little extreme.
>
> I appreciate the help so far, though, and don't mean to sound ungrateful.
>
> steve

Like yourself I'm thinking of moving from tripwire to aide on our production 
servers this summer. So I have an interest in this working ;-)

First check your selinux setup with sestatus. That will tell you whether it is 
in enforcing or permissive mode or even disabled.

If it's permissive or disabled them selinux wouldn't appear to be your problem 
as then it shouldn't stop anything from working.

If it's in enforcing mode then maybe it is.

If it's in enforcing or permissive mode then it will put its error messages 
in /var/log/audit/audit.log

Check there for AVC messages from aide.

Regards,

Tony.


>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Steve Campbell]

Michael Simpson wrote:

On 4/9/08, Steve Campbell <[EMAIL PROTECTED]> wrote:
  

Jim Perrin wrote:


On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski <[EMAIL PROTECTED]> wrote:


  

 I think those errors are because selinux is off.




Hmm, I don't ever really turn selinux off, but I had always thought
aide treated it as optional.

Could test by setting it to permissive and trying again. This would be
interesting to test.



  

I'm not sure if a reboot is required or not. I set permissive in the config
file and echoed 1 into /selinux/enforce and then tried firstly the --check,
and then an --init. Both still show the faulty lines.

I will set it up properly and do a reboot tomorrow to see if it changes
things, but for now, it doesn't.

steve


Hi there

It is probably worth doing "touch /.autorelabel" before the reboot as
nothing will have really changed with the above actions

this will force relabelling of your fs after the reboot and may give
you the context info that you require

mike

  

Thanks Mike,

I'm not sure I can do the reboot today as I have had to put the server 
into a temporary production status.


The thing that is sort of bothering me, though, is that so much trouble 
occurs because of selinux when trying to use aide RPMs. Might I not try 
and generate my own rpms without selinux support or just compile from 
source? Is there a way I can disable the selinux stuff when using the 
Centos rpms? I'm still not hearing a definitive answer that selinux is 
the culprit here and modifying filesystems for a test  is a little extreme.


I appreciate the help so far, though, and don't mean to sound ungrateful.

steve

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Diskless Environment

[John]

On Thu, 2008-04-10 at 17:30 +0530, gopinath wrote:
> How to configure Diskless environment in CentOS 5.1. Please help me
> out
>  

Have a look at The Linux Terminal Server Project. 
http://www.ltsp.org/  That's is about the easiest configuration out. 

You can use rsync to make the Client OS Layout and manually edit all
files as needed, pxe dhcp nfs and tftp. It's a nightmare to do.

An alternative method would be obtain the "system-config-netboot"
package from Fedora Core 6 or 7 that's if you can get it to work
correctly. Red Hat omitted it in v5.0 and also I think in 5.1. Bugzilla
on red hat says they are going to release it in a later release. 

IMHO I believe it is getting replaced by cobbler. Any one on the list
know for sure?

> Regards,
> Gopinath M
> Signal Networks Pvt. Ltd.
>  
> 
> Smile... it increases your face value!
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
-- 
~/john

OpenPGP Sig:BA91F079

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Diskless Environment

[Les Mikesell]

gopinath wrote:

How to configure Diskless environment in CentOS 5.1. Please help me out



If you want a thin client setup (diskless machines only run X and log 
into the server), the easy way is to install the k12ltsp version that 
has a centos base (version 5-EL  from the download link here
http://k12ltsp.org/mediawiki/index.php/Main_Page).  If you want to NFS 
mount disks from the server and run everything on the clients or boot a 
single image on a cluster, look at http://drbl.sourceforge.net/.
You can do either of these with the tools included in Centos yourself, 
but since it is fairly complicated it is probably worth trying one or 
both of these first.


--
  Les Mikesell
   [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: get files with wget

[Bob Beers]

On Thu, Apr 10, 2008 at 7:39 AM, Frank Büttner <[EMAIL PROTECTED]> wrote:
> Sudev Barar schrieb:
>
>
> > On 10/04/2008, Frank Büttner <[EMAIL PROTECTED]> wrote:
> >
> > > Hello,
> > >  how can I get all files from an directory of an web server.
> > >  An simple wget http://www.foo.bar/sample/* will not work:(
> > >
> >
> > Perhaps you should do:
> > wget -r http://www.foo.bar/sample
> >
>
>  Hm,
>  this will download the whole www.foo.bar site:(
>

man wget:

-r   --> recursive
-nd --> no directories (still gets the whole site)
-l N --> max level of recursion (default max is 5)

-- 
HTH,
-Bob
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpd wont start on CentOS 4.4?

[Gustavo Gouvea]

Hi Jonny,

Yes, I did the reboot. "getenforce" shows "disabled".
The funny is that, issuing the start command it says "OK".

Even in the logs:
Apr 10 12:12:44  localhost snmpd: snmpd startup succeeded
Apr 10 12:12:44  localhost snmpd[6673]: NET-SNMP version 5.1.2

But still, there is no process running...

Any other tip?
Thanks again.

> Gustavo wrote:
>> Hello All,
>>
>> Ive searched the arqchives, but didnt find anything like this.. Maybe im
>> missing some trick here...
>>
>> The problem:
>> I've instaled snmpd and snmp-utils packages with yum.
>> Im using and old simple .conf file, i've been using on my fedora 1 box,
>> but when I try to start snmpd, it just says OK, (Starting
>> snmpd..[OK]), but the service dont work at all. I dont see any
>> process running with "ps".
>> Ive checked the logs, and found that it could be related to SE Linux and
>> I
>> tryed to disable it, but it still doesnt work.
>> Im not using iptables localy, so, its not iptables related.
>> Already tryed uninstall <> install.
>>
>> Any trick here?
>> Thanks a lot.
>>
>> Gustavo.
>>
>> BTW: Its currently working on my fedora1. This is the last thing I need
>> to
>> fix to upgrade.
>
> How sure are you that selinux is disabled (my normal snmpd stuff also
> does not work with selinux).
>
> After adjusting /etc/sysconfig/selinux  (set SELINUX=disabled) you would
> need to reboot to make the change effect.
>
> You can test with this command:
>
> getenforce
>
> If it says disabled or permissive, you should be OK.
>
> If it says enforcing ... issue this command:
>
> setenforce 0
>
> Then look again with getenforce.
>
> You still need to adjust /etc/sysconfig/selinux to make the changes last
> for a reboot.
>
> Thanks,
> Johnny Hughes

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Force sendmail outbound routing for specific domain name

[Brent L. Bates]

 Your problem sounds like it has nothing to do with sendmail, but with any
IP traffic.  Does the other company have a Web or FTP site at the same IP
address or with in the same class C?  If so, when email doesn't work, I bet
neither of these work either.  I've seen this happen before.  The ISP isn't
properly routing traffic between your two networks.  I'm not sure you if you
could put in a static route that would by pass your ISP's faulty routing
tables or not.  I'm betting probably not.

-- 

  Brent L. Bates (UNIX Sys. Admin.)
  M.S. 912  Phone:(757) 865-1400, x204
  NASA Langley Research CenterFAX:(757) 865-8177
  Hampton, Virginia  23681-0001
  Email: [EMAIL PROTECTED]  http://www.vigyan.com/~blbates/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Diskless Environment

[Sudev Barar]

On 10/04/2008, gopinath <[EMAIL PROTECTED]> wrote:
>
> How to configure Diskless environment in CentOS 5.1. Please help me out
>
Diskless? Like in no floppy / thumb drives or diskless like in network booting?
-- 
Regards,
Sudev Barar

Read http://blog.sudev.in for topics ranging from here to there.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Diskless Environment

[gopinath]

How to configure Diskless environment in CentOS 5.1. Please help me out

Regards,
Gopinath M
Signal Networks Pvt. Ltd.


Smile... it increases your face value!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: get files with wget

[Frank Büttner]

Sudev Barar schrieb:

On 10/04/2008, Frank Büttner <[EMAIL PROTECTED]> wrote:

Hello,
 how can I get all files from an directory of an web server.
 An simple wget http://www.foo.bar/sample/* will not work:(


Perhaps you should do:
wget -r http://www.foo.bar/sample


Hm,
this will download the whole www.foo.bar site:(



smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] snmpd wont start on CentOS 4.4?

[Johnny Hughes]

Gustavo wrote:

Hello All,

Ive searched the arqchives, but didnt find anything like this.. Maybe im
missing some trick here...

The problem:
I've instaled snmpd and snmp-utils packages with yum.
Im using and old simple .conf file, i've been using on my fedora 1 box,
but when I try to start snmpd, it just says OK, (Starting
snmpd..[OK]), but the service dont work at all. I dont see any
process running with "ps".
Ive checked the logs, and found that it could be related to SE Linux and I
tryed to disable it, but it still doesnt work.
Im not using iptables localy, so, its not iptables related.
Already tryed uninstall <> install.

Any trick here?
Thanks a lot.

Gustavo.

BTW: Its currently working on my fedora1. This is the last thing I need to
fix to upgrade.


How sure are you that selinux is disabled (my normal snmpd stuff also 
does not work with selinux).


After adjusting /etc/sysconfig/selinux  (set SELINUX=disabled) you would 
need to reboot to make the change effect.


You can test with this command:

getenforce

If it says disabled or permissive, you should be OK.

If it says enforcing ... issue this command:

setenforce 0

Then look again with getenforce.

You still need to adjust /etc/sysconfig/selinux to make the changes last 
for a reboot.


Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum equivalent of rpm -i --test

[Johnny Hughes]

Joseph L. Casale wrote:

For CentOS5, you could use yum-downloadonly plugin :


Wojtek,
Will this still allow rpm to "--test" the install of a local rpm and pull in 
the deps and simulate the install?


Yum (in the default incarnation) requires that you press a "Y" for yes 
to proceed with the transaction.


It will do all the dependency calcs and present a list of things needed, 
but not install if you select NO.


Also, you can just use some of the yum switches to get a deplist ... like:

yum deplist 

or lastly, you can use reqoquery that is part of yum-utils (after 
installing the yum-utils package, do man repoquery).


SO .. there is no dry run for yum specifically, but depending on what 
you really want, there are several alternatives.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: get files with wget

[Sudev Barar]

On 10/04/2008, Frank Büttner <[EMAIL PROTECTED]> wrote:
> Hello,
>  how can I get all files from an directory of an web server.
>  An simple wget http://www.foo.bar/sample/* will not work:(

Perhaps you should do:
wget -r http://www.foo.bar/sample
-- 
Regards,
Sudev Barar

Read http://blog.sudev.in for topics ranging from here to there.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: get files with wget

[Frank Büttner]

Hello,
how can I get all files from an directory of an web server.
An simple wget http://www.foo.bar/sample/* will not work:(

Thanks for your help.

Frank


smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Interface bonding?

[Michael Simpson]

On 4/9/08, Timothy Selivanow <[EMAIL PROTECTED]> wrote:
> I'm try to bond a few interfaces together with the hopes of getting
> increased throughput, and I'm using a cisco Catalyst 2900 as the switch.
> I've tried using mode 0, 5, and 6 with nothing special on the switch,
> and mode 4 with some ports "trunked" together (I have a feeling that the
> "trunking" that the 2900 does is not 802.3ad, as it disabled the ports
> it saw as redundant), yet xfer speeds always cap out at about 10MB/s.
>
> Has any body accomplished bonding with increased throughput as the goal,
> with or without (without might be preferable) doing something special on the 
> switch (preferably the
> afore-mentioned Catalyst 2900, as that is what I have to work with as a
> non-sactioned side-project ;)?
>
>
> --Tim
>  ___
> < When pleasure remains, does it remain a pleasure? >
>  ---
>  \
>   \   \
>\ /\
>( )
>  .( o ).
>
Hi there

As another person with cisco certs that aren't being used i wondered
about the port being switched off which sounds like a spanning-tree
issue.

/me dredging up heavily repressed stuff from the BCMSN

Certainly the 2900 will support 802.3ad or LACP natively.

i found this which may be of use



mike
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum equivalent of rpm -i --test

[Wojtek Pilorz]

On Wed, Apr 09, 2008 at 01:43:45PM -0600, Joseph L. Casale wrote:
> >For CentOS5, you could use yum-downloadonly plugin :
> 
> Wojtek,
> Will this still allow rpm to "--test" the install of a local rpm and pull in 
> the deps and simulate the install?

When you have the plugin installed and enabled it will enable --installonly 
option in yum;

You can use it with yum shell also, e.g.

  yum --installonly shell
  > install gcc
  > transaction
  > run
  > exit

Yum will check deps, download rpm files to yum cache directory as defined in 
yum config file.

You can then to whatever you want with the files, for example run rpm with 
options
  you need on them.

> 
> Thanks!
> jlc
You are welcome,

Wojtek

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] apache log directives

[Michael Simpson]

On 4/9/08, Jason <[EMAIL PROTECTED]> wrote:
> Does anyone know of a way to specify a CustomLog file name in apache
> based on the vhost?  for example, I have 10 vhosts and instead of giving
> each one a CustomLog directive and specifying a different log file I'd
> like to do something in global that does the same thing, ala
>
> vhost elvis
> customlog elvis.log
>
> vhost king
> customlog king.log
>
> becomes
> customlog $VHOST.log
>
>
> I know that this is a bad idea, I know about the open file concerns.
> It's more of a "can it be done"
>
> --
> Jason
> www.cyborgworkshop.org

Hi there

you could try this



mike
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] aide questions, please

[Michael Simpson]

On 4/9/08, Steve Campbell <[EMAIL PROTECTED]> wrote:
>
>
> Jim Perrin wrote:
> > On Wed, Apr 9, 2008 at 3:08 PM, Marc Wiatrowski <[EMAIL PROTECTED]> wrote:
> >
> >
> > >  I think those errors are because selinux is off.
> > >
> > >
> >
> > Hmm, I don't ever really turn selinux off, but I had always thought
> > aide treated it as optional.
> >
> > Could test by setting it to permissive and trying again. This would be
> > interesting to test.
> >
> >
> >
> I'm not sure if a reboot is required or not. I set permissive in the config
> file and echoed 1 into /selinux/enforce and then tried firstly the --check,
> and then an --init. Both still show the faulty lines.
>
> I will set it up properly and do a reboot tomorrow to see if it changes
> things, but for now, it doesn't.
>
> steve
Hi there

It is probably worth doing "touch /.autorelabel" before the reboot as
nothing will have really changed with the above actions

this will force relabelling of your fs after the reboot and may give
you the context info that you require

mike
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ssl and NameVirtualHost

[Kai Schaetzl]

Tony Schreiner wrote on Wed, 09 Apr 2008 21:14:25 -0400:

> Does that mean 
> you don't get a dialog saying the site is not verifiable?

Correct. With IE7.

> Because I sure 
> do, with several browsers on different platforms.

Checked now with FF2 and get a warning. They don't recognize the 
intermediate certificate (IE has it in it's certificate store) and don't 
go up in the chain. That's really their fault, not yours.
It's possible that the solution that Ross explains would help, I didn't 
ever need to do that. Talk to your colleague at https://www.bc.edu, they 
use the same cert chain. If you don't get a warning you might be able to 
get the intermediary certificate from them which might be faster than 
waiting for Verisign support.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: ssl and NameVirtualHost

[mouss]

Scott Silva wrote:

on 4-9-2008 6:14 PM Tony Schreiner spake the following:

Jay Leafey wrote:

Tony Schreiner wrote:

Kai Schaetzl wrote:

Tony Schreiner wrote on Wed, 9 Apr 2008 15:29:16 -0400:

However, you didn't provide any of the information I asked for. 
You are not talking of www.bc.edu, do you?


Kai

  

ok, ok.

https://bioinformatics.bc.edu

Tony


I could be full of cheese here, but did VeriSign send you an 
"intermediate" certificate along with your "real" certificate?  If 
not, forget the


When I went to the site and examined the cert I noticed that the 
cert was not signed by one of the CAs in the ca-bundle.crt provided 
by my copy of openSSL (openssl-0.9.8b-8.3.el5_0.2) on CentOS 5.1.  
You can examine the "Issuer" field of the certificate to see who 
signed it.


I suspect that VeriSign sent you an "intermediate" certificate that 
was actually used to sign your cert.  Apache has to present the 
intermediate cert at the same time it presents your "real" cert.  
Basically, since the intermediate cert was signed by a recognized CA 
cert and your cert was signed by the intermediate cert, then your 
cert is "trustworthy".


The easiest way to fix this is to append the intermediate 
certificate to your "real" certificate file.  I've had a few of 
these in the past, particularly from smaller CAs that resell other 
folks's service.


Just a thought!


I'm away from the office now, but I only got one certificate. I 
didn't deal directly with Verisign, but rather went through someone 
in my IT department. I will check on that. Thanks.



Kai, in response to your last message, you say it's fine. Does that 
mean you don't get a dialog saying the site is not verifiable? 
Because I sure do, with several browsers on different platforms.

Tony

It went OK at work for me, but at home on my laptop it is untrusted.
So maybe verisign needs to verify it for you.


here is a possibly related thread:

http://groups.google.com/group/mozilla.support.firefox/browse_thread/thread/48541520b5772216

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos