OLS and Debconf2
I will be speaking about SE Linux at OLS and have offered a talk for Debconf2. Between them I will have almost a week spare in Canada, during that time I would be happy to speak at any user group meeting as long as my travel expenses are covered. Please reply off-list if you are interested. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
KONTAKT LENS FIYAT LISTES Lutfen karsilastirin........ -vjxvjrhw
Akdeniz Göz Merkezi her zaman oldugu gibi tum lens cesitlerini en uygun fiyatlarla sizlere sunmaktadir. Ustelik bir telefon yada e-mail ile adresinize teslim. AKDENIZ GOZ MERKEZI www.akdenizgoz.com Fevzipasa cad. No:73 Fatih / Istanbul 0 212 635 74 74 Bausch Lomb Soflens 66 (1 kutu=3 aylik)(aylik-numarali-seffaf) 35.000.000 TL Soflens 66 (4 kutu=1 yillik)(aylik-numarali-seffaf) 125.000.000 TL Soflens 38 (1 kutu=3 aylik)(aylik-numarali-seffaf) 40.000.000 TL Soflens 66 Toric (1 kutu=3 aylik)(astigmatik-seffaf) 75.000.000 TL Optima Colors (1 cift)(renkli - uzun süreli) 90.000.000 TL Ciba Focus Visitint (1 kutu=3 aylik) (aylik-numarali-seffaf) 35.000.000 TL Focus Visitint (4 kutu=1yillik ) (aylik-numarali-seffaf) 125.000.000 TL NightDay (1 kutu=3 aylik) (aylik-numarali-seffaf) 80.000.000 TL Focus Toric (1 kutu=3 aylik)(astigmatik-seffaf) 85.000.000 TL Ciba Illusion (1 cift)(renkli - uzun süreli) 180.000.000 TL FreshLook FreshLook(1 cift)(renkli - kisa süreli) 33.000.000 TL FreshLook(1 cift)(renkli - kisa süreli - numarali) 42.000.000 TL Zeiss Contact Day 30 (1 kutu=3 aylik) (aylik-numarali-seffaf) 50.000.000 TL Biomediks Biomediks (1 kutu=3 aylik)(aylik-numarali-seffaf) 35.000.000 TL Tum lenslerimiz orijinal olup saglik bakanligi bandrolleri uzerindedir. Kredi kartina komisyon uygulanmaz. Bu maili bir daha almak istemiyorsaniz [EMAIL PROTECTED] mail adresine bos mail atiniz. If you want unsubscript from our list, please send empty mail [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: where to put ulimit for root
Hello list, Can anyone give me an example for a generic mult-user productive environment? Thanks. On Thu, 28 Feb 2002 22:30:12 +0100 (CET) [EMAIL PROTECTED] wrote: may be /etc/security/limits.conf On Fri, 29 Mar 2002, Patrick Hsieh wrote: Hello list, I'd like to raise the value of ulimit of root. Where is the best plase to put my shell script of ulimit settings? Is it a good idea to put at /etc/rc.boot/ulimit ? Any ideas appreciated. -- Patrick Hsieh [EMAIL PROTECTED] GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ Sebastian Ezequiel Ovide -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Patrick Hsieh [EMAIL PROTECTED] GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Open LDAP for Peer Review
Yippie, I have 29 days to get an IMAP server up with LDAP. I really am enjoying this task. :-) LDAP will provide + a general address lookup facility + account authentication This is the first time I have setup LDAP, so I am sending this for peer review. Help, I have no one here to look up to ;-) Question 1: How would I go about setting email aliases ? I could do it through canonical maps in postfix but that seems messy. Question 2: I decided to breakup the people and accounts in two separate containers in attempt to make the directory hardier and more secure. Am I wasting my time with this structure or does it make sense ? The Structure: washcoll.edu + People + Accounts The ou=People will hold the address info. The ou=Accounts will do the authentication/account info. Question 3: I do not understand what I am doing under the access control info. Besides for the default-access read for testing, does this look secure ? /etc/ldap/slapd.conf ... #Access Control Info defaultaccess read index mail,mailAlternateAddress eq index cn,sn,uid,mail index objectClass eq #access Control list access to attr=userpassword by dn=cn=admin, dc=washcoll, dc=edu write by dn=cn=cyrus, dc=washcoll, dc=edu read by dn=cn=postfix, dc=washcoll, dc=edu read by self write by self read access to * by self write by dn=.+ read by * read ... #top.ldif dn: dc=washcoll, dc=edu objectClass: top objectClass: organization o: Washington College description: Top level of Directory creatorsName: cn=admin, dc=washcoll, dc=edu dn: ou=People, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: People description: People within Washington College. dn: ou=accounts, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: Accounts description: People with accounts at Washington College. #accounts.ldif dn: uid=bmarshal,ou=accounts, dc=washcoll, dc=edu uid: bmarshal cn: Brad Alan Marshall sn: Marshall ou: staff objectClass: top objectClass: person objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: qmailUser objectClass: organizationalPerson objectClass: inetOrgPerson accountStatus: active deliveryMode: normal mail: [EMAIL PROTECTED] mailHost: imap.washcoll.edu mailAlternateAddress: [EMAIL PROTECTED] loginShell: /bin/false uidNumber: 500 gidNumber: 100 homeDirectory: /mnt/home/bmarshal userPassword:: e2NyeXB0fWxuYkRhejRuYjlhUXA= #listing.ldif dn: uid=bmarshal,ou=People, dc=washcoll, dc=edu uid: bmarshal givenName: Brad initials: BAM cn: Brad Alan Marshall sn: Marshall o: Washington College ou: staff objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: [EMAIL PROTECTED] title: programmer homePostalAddress: 110 Clove St Chestertown, MD 21401 homePhone: 410-555-1212 telephoneNumber: 410-555-1212 mobile: 443-770-5658 facsimileTelephoneNumber: 1-800-111- pager: 1-800-555-1212 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Open LDAP for Peer Review
On Tue, 2 Apr 2002 06:23, Thedore Knab wrote: Question 1: How would I go about setting email aliases ? I could do it through canonical maps in postfix but that seems messy. I've done it through virtual maps and alias maps. Question 2: I decided to breakup the people and accounts in two separate containers in attempt to make the directory hardier and more secure. Am I wasting my time with this structure or does it make sense ? It makes sense to break it up if they have different roles so you can see who has what access. But don't use a regular expression to manage security as performance for that sucks badly. Use group membership for security. washcoll.edu + People + Accounts The ou=People will hold the address info. The ou=Accounts will do the authentication/account info. By authentication do you mean Unix accounts, and do the ou=People entries not have any Unix accounts? #access Control list access to attr=userpassword by dn=cn=admin, dc=washcoll, dc=edu write by dn=cn=cyrus, dc=washcoll, dc=edu read by dn=cn=postfix, dc=washcoll, dc=edu read by self write by self read The write access implies read. Always a high level of access implies lower levels. access to * by self write by dn=.+ read by * read The by * read should obsolete the 'by dn=.+ read' line, and the .+ regex will hurt performance. #top.ldif dn: dc=washcoll, dc=edu objectClass: top objectClass: organization As the dn starts with dc= this should have object class of dcObject and a dc=washcoll attribute. If you don't follow this scheme you'll cause yourself a lot of pain. dn: ou=accounts, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: Accounts It would be a good idea to keep the capitalisation the same in the DN and the attribute values (Accounts vs accounts). Sure LDAP doesn't care, but will all your LDAP enabled applications be happy? #accounts.ldif dn: uid=bmarshal,ou=accounts, dc=washcoll, dc=edu uid: bmarshal cn: Brad Alan Marshall sn: Marshall ou: staff objectClass: top objectClass: person objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: qmailUser objectClass: organizationalPerson objectClass: inetOrgPerson I strongly recommend turning on schema enforcement in the LDAP server. It doesn't have any great performance cost and helps avoid screwing up your directory. userPassword:: e2NyeXB0fWxuYkRhejRuYjlhUXA= Hope that's not a real password... -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
PHP (or perl) based script to manage passwords
Folks, I am looking for a PHP (or perl) script, that can be used by web-users to manage their passwords for POP access. The password files are username:crypt only. (Jeremy Reed's virtual POP package). A search on Google returns too many references to Change your PHP password immediately! from READMEs. The class::Htpasswd http://www.thewebmasters.net/php/Htpasswd.phtml seems good, but my PHP skills were last used 30 months ago. Thanks -- Sanjeev Gupta -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Exim SMTP Auth and /etc/shadow
Hi All,
I am setting up exim to do SMTP auth against /etc/shadow. At the end of this
e-mail is my authentication section of exim.conf.
It is all working except for the fact that the user mail does not have
permission to read /etc/shadow. If I make a copy (/etc/eximshadow) with
appropriate ownership/permissions the SMTP auth works fine, however it will
not authenticate against /etc/shadow.
To get around the permissions problem, I added mail into the shadow group,
so that the user mail DOES have permission to read /etc/shadow (i.e. su
mail -c cat /etc/shadow works).
However:
2002-04-02 17:52:29 Authentication failed for tazdevil.cnl.com.au (tazdevil)
[203.21.78.3]: 435 Unable to authenticate at present: failed to open
/etc/shadow for linear search: Permission denied (euid=8 egid=8)
Any ideas?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
It's the smell! If there is such a thing. Agent Smith - The Matrix
##
# AUTHENTICATION CONFIGURATION #
##
# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.
# The examples below are for server side authentication; they allow two
# styles of plain-text authentication against an /etc/exim/passwd file
# which should have user IDs in the first column and crypted passwords
# in the second.
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*
}{1}{0}}
server_set_id = $1
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*
}{1}{0}}
server_set_id = $1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim SMTP Auth and /etc/shadow
Try using PAM:
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if pam{$2:$3}{1}{0}}
server_set_id = $1
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if pam{$1:$2}{1}{0}}
server_set_id = $1
- Original Message -
From: Andrew Tait [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 02, 2002 10:00 AM
Subject: Exim SMTP Auth and /etc/shadow
Hi All,
I am setting up exim to do SMTP auth against /etc/shadow. At the end of
this
e-mail is my authentication section of exim.conf.
It is all working except for the fact that the user mail does not have
permission to read /etc/shadow. If I make a copy (/etc/eximshadow) with
appropriate ownership/permissions the SMTP auth works fine, however it
will
not authenticate against /etc/shadow.
To get around the permissions problem, I added mail into the shadow group,
so that the user mail DOES have permission to read /etc/shadow (i.e. su
mail -c cat /etc/shadow works).
However:
2002-04-02 17:52:29 Authentication failed for tazdevil.cnl.com.au
(tazdevil)
[203.21.78.3]: 435 Unable to authenticate at present: failed to open
/etc/shadow for linear search: Permission denied (euid=8 egid=8)
Any ideas?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
It's the smell! If there is such a thing. Agent Smith - The Matrix
##
# AUTHENTICATION CONFIGURATION #
##
# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.
# The examples below are for server side authentication; they allow two
# styles of plain-text authentication against an /etc/exim/passwd file
# which should have user IDs in the first column and crypted passwords
# in the second.
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*
}{1}{0}}
server_set_id = $1
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*
}{1}{0}}
server_set_id = $1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[HELP] RAID5 IN DEBIAN
Hello List : I wanna migrate my OS (SuSE7.3 To Debian) and wanna use raid5 to accese date Everybody knows that where would i find VERY useful document or HOWTO about raid5 in Debian? I had already known some URL as follow: http://www.linuxdoc.org/HOWTO/Boot+Root+Raid+LILO-3.html http://www.linuxgazette.com/issue17/raid.html Very Thanks -- Trust Unique ... axacheng [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
On Tue, 2 Apr 2002 07:51, axacheng wrote: I wanna migrate my OS (SuSE7.3 To Debian) and wanna use raid5 to accese date Everybody knows that where would i find VERY useful document or HOWTO about raid5 in Debian? I had already known some URL as follow: http://www.linuxdoc.org/HOWTO/Boot+Root+Raid+LILO-3.html http://www.linuxgazette.com/issue17/raid.html You can not load your kernel from a RAID-5 array (none of the boot loaders support it). So you need at least a RAID-1 /boot partition. Most people who do software RAID use RAID-1 for their root file system too as it makes many problems easier to solve. What specific questions do you have that aren't answered in those documents? -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
axacheng wrote: Hello List : I wanna migrate my OS (SuSE7.3 To Debian) and wanna use raid5 to accese date Everybody knows that where would i find VERY useful document or HOWTO about raid5 in Debian? I had already known some URL as follow: http://www.linuxdoc.org/HOWTO/Boot+Root+Raid+LILO-3.html http://www.linuxgazette.com/issue17/raid.html Very Thanks -- Do you want to do software RAID 5 or hardware RAID 5? that will make a big difference in the necessary approach. --Rich _ Rich Puhek ETN Systems Inc. _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
sorry i want to do SOFTWARE RAID5 i known a tool named raidtools Everybody knows a document about raidtool? ;-) -- Trust Unique ... axacheng [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
Very Thanks about ur advice!!! (need at least a RAID-1 /boot partition.) O its very very very useful to me ;-) However, My question is I wanna use SOFTWARE RAID5 in Debian but,i know a tools named raidtools so,Anyone knows where is raidtools HOWTO or SOME EASILY SAMPLE about RAID5??? @_@ -- Trust Unique ... axacheng [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
hi ya apt-get install raidtools2 check /etc/raidtab ( aka /etc/raid5.conf ) - make sure your dvices is defined properly make sure your 2.4.x kernel has raid5 defined as modules or compiled in - think the last time we did a min debian install you will also need the xor package make sure you have a boot media in case raid fails --- save your data to a different system before experimenting and moving stuff to raid5 reboot... magic... it should all work the 1st time ... if you need a list of raid commands... http://www.1U-Raid5.net/Startup/Commands.uhow2.txt have fun raiding alvin http://www.1U-Raid5.net ... On Tue, 2 Apr 2002, axacheng wrote: sorry i want to do SOFTWARE RAID5 i known a tool named raidtools Everybody knows a document about raidtool? ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
