Re: sparc64 bridging
On Sun, May 02, 2004 at 03:00:21PM -0700, Johan Brannlund wrote: You may be able to get it to work by following the advice in this thread: http://lists.debian.org/debian-sparc/2004/debian-sparc-200404/msg00077.html Hi, Thanks! I've just compiled it with the patch, and see; plog0:~# brctl addbr br0 plog0:~# brctl show bridge name bridge id STP enabled interfaces br0 8000. no plog0:~# Thanks for the pointer, it saved me quite some time. gr, -- VIA NET.WORKS Nederland Axel Scheepers System Administrator UNIX phone +31 40 239 33 93 fax +31 40 239 33 11 e-mail [EMAIL PROTECTED] pgp id 21A33FE0 http://www.vianetworks.nl/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
restricting shell accounts
What is the best way to restict a shell account just to its own home directory. I am using rbash but this seems to do very little. I would like to give users the fredom of ssh access, so they can for example edit there webiste with vi for a quick change, but not let them view every file on the system that is world readable. -- Jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
cyrus-imap and active directory
Hi list, I already sent this mail to the info-cyrus list two days ago, but I didn't get any answers. I hope someone here can help me. I want cyrus-imap to authenticate via GSSAPI against our active directory. I am using Debian testing (hoping it will become stable soon) with the according versions of programs and libraries: cyrus21-imapd-2.1.16-4 libsasl2-2.1.15-6 I have set this up so far: - dns is ok, i checked forward and reverse lookup in either way - cyrus is running, I hardly edited /etc/imapd.conf (see file below) - created a service account in AD and mapped to the principal with ktpass - exported a keytab file and transfered it to the Debian box - placed it at /etc/krb5.keytab with ktutil, readable for cyrus Then I wanted to test the auth process with imtest, so I did a kinit with my AD user named tv. After this I ran imtest, like so: [EMAIL PROTECTED] [~] imtest -m GSSAPI -u tv -a tv zwo222-mx.ds.fh-kl.de S: * OK zwo222-mx Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-4 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=GSSAPI LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: A01 AUTHENTICATE GSSAPI S: + C: YIIFJQYJKoZ ... lots of chars ... 34WsclCA== S: A01 NO generic failure Authentication failed. generic failure Security strength factor: 0 I hit CTRL-C here C: Q01 LOGOUT Connection closed. The mail.log says: zwo222-mx cyrus/imapd[2383]: badlogin: zwo222-mx.ds.fh-kl.de[10.0.4.201] GSSAPI [SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)] This is in the keytab: [EMAIL PROTECTED] [~] ktutil ktutil: rkt /etc/krb5.keytab ktutil: list slot KVNO Principal - 13 imap/[EMAIL PROTECTED] ktutil: q This is my imapd.conf (almost default): [EMAIL PROTECTED] [~] egrep -v '^#.*|^$' /etc/imapd.conf configdirectory: /var/lib/cyrus defaultpartition: default partition-default: /var/spool/cyrus/mail partition-news: /var/spool/cyrus/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: no admins: cyrus allowanonymouslogin: yes popminpoll: 1 autocreatequota: 0 umask: 077 sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_mech_list: GSSAPI sasl_auto_transition: no tls_ca_path: /etc/ssl/certs tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH lmtpsocket: /var/run/cyrus/socket/lmtp idlesocket: /var/run/cyrus/socket/idle notifysocket: /var/run/cyrus/socket/notify output of klist after the imtest command: [EMAIL PROTECTED] [~] klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 04/30/04 19:42:38 05/01/04 05:42:38 krbtgt/[EMAIL PROTECTED] 04/30/04 19:43:04 05/01/04 05:42:38 imap/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached What am I doing wrong? I also wanted to try the sample-client and sample-server programs, but I cound manage to compile them yet. Desperately and thanks for any reply Timo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: module via-rhine for woody (3.0) using both onboard LANs on a VIA-EPIA mini-ITX CL1000 motherboard
can anybody send me the .c files referred? (I coudn't get them from www.scyld.com) cheers, Juan
Re: sparc64 bridging
On Sun, May 02, 2004 at 03:00:21PM -0700, Johan Brannlund wrote: You may be able to get it to work by following the advice in this thread: http://lists.debian.org/debian-sparc/2004/debian-sparc-200404/msg00077.html Hi, Thanks! I've just compiled it with the patch, and see; plog0:~# brctl addbr br0 plog0:~# brctl show bridge name bridge id STP enabled interfaces br0 8000. no plog0:~# Thanks for the pointer, it saved me quite some time. gr, -- VIA NET.WORKS Nederland Axel Scheepers System Administrator UNIX phone +31 40 239 33 93 fax +31 40 239 33 11 e-mail [EMAIL PROTECTED] pgp id 21A33FE0 http://www.vianetworks.nl/
Re: domain registrar recommendation?
On Fri, 2004-04-30 at 06:45, Dan MacNeil wrote: Right now most of our domains are registered with register.com, support is good, they provide DNS but... $35 per domain per year is pretty steep. checkout http://www.dd24.net 0) Business integrity (no network solutions please) international orientated company 1) Almost perfect uptime you can use 3 primary and 3 secondary nameservers (they have good positions, e.g. in a bunker) 2) Ease of administration/support telephone, email, easy to use webinterface 3) price most TLDs very cheap there .de 10,24¤/year .net/.org/.com 12¤/year and so on (many other TLDs too) 4) Ease of transferring domains to us when we become a registrar. easy transfers -- Mirco 'meebey' Bauer PGP-Key: http://search.keyserver.net:11371/pks/lookup?op=getsearch=0x5051C9B9 -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d s-: a--- C++ UL++ P L++$+++$ E W+++$ N o? K- w++! O- M- V? PS PE+ Y- PGP++ t 5+ X++ R tv+ b+ DI? D+ G++ e h! r++ y? --END GEEK CODE BLOCK-- signature.asc Description: This is a digitally signed message part
restricting shell accounts
What is the best way to restict a shell account just to its own home directory. I am using rbash but this seems to do very little. I would like to give users the fredom of ssh access, so they can for example edit there webiste with vi for a quick change, but not let them view every file on the system that is world readable. -- Jody
cyrus-imap and active directory
Hi list, I already sent this mail to the info-cyrus list two days ago, but I didn't get any answers. I hope someone here can help me. I want cyrus-imap to authenticate via GSSAPI against our active directory. I am using Debian testing (hoping it will become stable soon) with the according versions of programs and libraries: cyrus21-imapd-2.1.16-4 libsasl2-2.1.15-6 I have set this up so far: - dns is ok, i checked forward and reverse lookup in either way - cyrus is running, I hardly edited /etc/imapd.conf (see file below) - created a service account in AD and mapped to the principal with ktpass - exported a keytab file and transfered it to the Debian box - placed it at /etc/krb5.keytab with ktutil, readable for cyrus Then I wanted to test the auth process with imtest, so I did a kinit with my AD user named tv. After this I ran imtest, like so: [EMAIL PROTECTED] [~] imtest -m GSSAPI -u tv -a tv zwo222-mx.ds.fh-kl.de S: * OK zwo222-mx Cyrus IMAP4 v2.1.16-IPv6-Debian-2.1.16-4 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=GSSAPI LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: A01 AUTHENTICATE GSSAPI S: + C: YIIFJQYJKoZ ... lots of chars ... 34WsclCA== S: A01 NO generic failure Authentication failed. generic failure Security strength factor: 0 I hit CTRL-C here C: Q01 LOGOUT Connection closed. The mail.log says: zwo222-mx cyrus/imapd[2383]: badlogin: zwo222-mx.ds.fh-kl.de[10.0.4.201] GSSAPI [SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)] This is in the keytab: [EMAIL PROTECTED] [~] ktutil ktutil: rkt /etc/krb5.keytab ktutil: list slot KVNO Principal - 13 imap/[EMAIL PROTECTED] ktutil: q This is my imapd.conf (almost default): [EMAIL PROTECTED] [~] egrep -v '^#.*|^$' /etc/imapd.conf configdirectory: /var/lib/cyrus defaultpartition: default partition-default: /var/spool/cyrus/mail partition-news: /var/spool/cyrus/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: no admins: cyrus allowanonymouslogin: yes popminpoll: 1 autocreatequota: 0 umask: 077 sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_mech_list: GSSAPI sasl_auto_transition: no tls_ca_path: /etc/ssl/certs tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH lmtpsocket: /var/run/cyrus/socket/lmtp idlesocket: /var/run/cyrus/socket/idle notifysocket: /var/run/cyrus/socket/notify output of klist after the imtest command: [EMAIL PROTECTED] [~] klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 04/30/04 19:42:38 05/01/04 05:42:38 krbtgt/[EMAIL PROTECTED] 04/30/04 19:43:04 05/01/04 05:42:38 imap/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached What am I doing wrong? I also wanted to try the sample-client and sample-server programs, but I cound manage to compile them yet. Desperately and thanks for any reply Timo
Re: restricting shell accounts
I use a chroot jail for this. apt-cache search jail jailer - Builds and maintains chrooted environments jailtool - Tool to build chroot-jails for daemons Jailer walks you through a setup, and explains how to add 'ssh', 'bash', etc into the jailed environment. Mark --- Jody Grafals [EMAIL PROTECTED] wrote: What is the best way to restict a shell account just to its own home directory. I am using rbash but this seems to do very little. I would like to give users the fredom of ssh access, so they can for example edit there webiste with vi for a quick change, but not let them view every file on the system that is world readable. -- Jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]