Re: [OT] Debian package differences from upstream
On Wed, Jan 05, 2005 at 08:40:21AM -0500, Mark Bucciarelli <[EMAIL PROTECTED]> wrote a message of 21 lines which said: > I've done apt-get source and poked around a bit but could not tell > where the Debian patches made to upstream live. $PACKAGE_$VERSION.diff.gz (Some big packages use a more complicated system, with a patch directory, check debian/rules in the patched tree to see what it does.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Documentation of big "mail systems"?
On Tue, Oct 12, 2004 at 11:18:55PM +0200,
Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote
a message of 19 lines which said:
> I'm currently writing a proposal for a webmail service for, say, 50
> 000 to 500 000 users. I'm looking for description of existing "big
> mail" systems, using technologies like scalemail
> (http://scalemail.sourceforge.net/), specially with an emphasis on the
> storage subsystem for the servers (my weak point, I don't really have
> enough experience with SAN, NAS, and so on).
Here is a first bibliography (XML and BibTex). Thanks for all those
who replied.
It is funny to note that the storage is hardly discussed in the
papers. It's probably less fun than LDAP and Postfix but I believe it
is more critical.
David
Carter
Scaling up Cambridge University's email service
2004
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2004-02-ukuug/paper.html
Suresh
Ramasubramanian
Managing Millions Of Mailboxes. Capacity & Performance Lessons
2004
http://www.hserus.net/mailboxes-srs-inboxevent2004.ppt
Nick
Christenson
Tim
Bosserman
David
Beckemeyer
A Highly Scalable Electronic Mail Service Using Open Systems
1997
http://www.gangofone.com/~npc/doc/mail_arch.html
Yann
Golanski
The Exim Mail Transfer Agent in a Large Scale Deployment
2000
http://www.nndg.york.ac.uk/staff/yann/lsm.ps
% DO NOT EDIT!
% Automatically produced by libxslt (http://xmlsoft.org/XSLT/)
@MISC{,
author = {David Carter},
title = {Scaling up Cambridge University's email service},
year = 2004,
note =
{\url{http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2004-02-ukuug/paper.html}},
}
@MISC{,
author = {Suresh Ramasubramanian},
title = {Managing Millions Of Mailboxes. Capacity & Performance Lessons},
year = 2004,
note = {\url{http://www.hserus.net/mailboxes-srs-inboxevent2004.ppt}},
}
@MISC{,
author = {Nick Christenson},
author = {Tim Bosserman},
author = {David Beckemeyer},
title = {A Highly Scalable Electronic Mail Service Using Open Systems},
year = 1997,
note = {\url{http://www.gangofone.com/~npc/doc/mail_arch.html}},
}
@MISC{,
author = {Yann Golanski},
title = {The Exim Mail Transfer Agent in a Large Scale Deployment},
year = 2000,
note = {\url{http://www.nndg.york.ac.uk/staff/yann/lsm.ps}},
}
Re: Documentation of big "mail systems"?
On Mon, Oct 18, 2004 at 05:04:16PM +0200, Wouter Verhelst <[EMAIL PROTECTED]> wrote a message of 28 lines which said: > Debian does not need the storage for developers to store their mail > on the project's servers. Sorry, wrong thread. The thread I launched on "big mail systems" have nothing to do with the thread(s) about Debian's systems (which started on debian-private). Pure coincidence. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Documentation of big "mail systems"?
On Sat, Oct 16, 2004 at 09:41:43PM +1000, Russell Coker <[EMAIL PROTECTED]> wrote a message of 39 lines which said: > Getting servers that each have 200G or 300G of storage is easy. For a mail server, it means either 1G per user (like gmail gives you) for only 300 users or 10M (much less than hotmail) for 30 000 users. It is probably not enough for a Hotmail-like service. Think of 300 000 users. How many servers will you need? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Documentation of big "mail systems"?
I'm currently writing a proposal for a webmail service for, say, 50 000 to 500 000 users. I'm looking for description of existing "big mail" systems, using technologies like scalemail (http://scalemail.sourceforge.net/), specially with an emphasis on the storage subsystem for the servers (my weak point, I don't really have enough experience with SAN, NAS, and so on). Of course, with a Debian (and free software) bias :-) I do not need general advice (such as "Postfix rules, Exim sucks" or "Maildirs are faster") but actual description of existing and running systems. Googling seems inefficient for that purpose and I presume that many interesting papers are only in closed and paying conference proceedings :-( -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rotating mail.log daily: a problem
On Fri, May 21, 2004 at 02:48:32PM +0100, Brett Parker <[EMAIL PROTECTED]> wrote a message of 55 lines which said: > So, in summary, change: > for LOG in `syslogd-listfiles` > to: > for LOG in `syslogd-listfiles -s "mail.*"` > in /etc/cron.daily/sysklogd It worked. Many thanks.
Re: Rotating mail.log daily: a problem
On Fri, May 21, 2004 at 02:48:32PM +0100, Brett Parker <[EMAIL PROTECTED]> wrote a message of 55 lines which said: > So, in summary, change: > for LOG in `syslogd-listfiles` > to: > for LOG in `syslogd-listfiles -s "mail.*"` > in /etc/cron.daily/sysklogd It worked. Many thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rotating mail.log daily: a problem
On Fri, May 21, 2004 at 09:59:59AM -0400, Dominique Fortier <[EMAIL PROTECTED]> wrote a message of 52 lines which said: > rotate 52<- that does'nt seem right Why? logrotate(1) rotate count Log files are rotated count times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.
Rotating mail.log daily: a problem
I try to rotate the mail logs of a big mail server more often than the
default (weekly).
I added this to /etc/logrotate.d :
# http://lists.debian.org/debian-devel/2003/09/msg01310.html
# sysklogd rotates file and "weekly" is hardwired in it. We add this file
# to override it.
/var/log/mail.log /var/log/mail.info /var/log/mail.warn {
daily
rotate 52
compress
create 640 root adm
postrotate
/etc/init.d/sysklogd reload
endscript
}
It works but the default rotation scheme also, and it keeps rotating
every week (syslogd-listfiles --weekly). See May 16th, a saturday :
faramir:~ % ls -alt /var/log/mail.log*
-rw-r-1 root adm 5098621 May 21 15:16 /var/log/mail.log
-rw-r-1 root adm 2912181 May 21 06:24 /var/log/mail.log.1.gz
-rw-r-1 root adm 4232280 May 20 06:24 /var/log/mail.log.2.gz
-rw-r-1 root adm 3352124 May 19 06:25 /var/log/mail.log.3.gz
-rw-r-1 root adm 2974079 May 18 06:25 /var/log/mail.log.4.gz
-rw-r-1 root adm936179 May 17 06:25 /var/log/mail.log.5.gz
-rw-r-1 root adm 4916 May 16 06:36 /var/log/mail.log.0
-rw-r-1 root adm386548 May 16 06:19 /var/log/mail.log.7.gz
-rw-r-1 root adm 26177210 May 15 06:15 /var/log/mail.log.8.gz
-rw-r-1 root adm 7547207 May 9 06:25 /var/log/mail.log.6.gz
-rw-r-1 root adm 38059962 Apr 25 06:38 /var/log/mail.log.9.gz
-rw-r-1 root adm 64760921 Apr 23 06:29 /var/log/mail.log.10.gz
How can I suppress the default weekly rotation (which is not managed
by logrotate)?
Debian "sarge".
Re: Rotating mail.log daily: a problem
On Fri, May 21, 2004 at 09:59:59AM -0400, Dominique Fortier <[EMAIL PROTECTED]> wrote a message of 52 lines which said: > rotate 52<- that does'nt seem right Why? logrotate(1) rotate count Log files are rotated count times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Rotating mail.log daily: a problem
I try to rotate the mail logs of a big mail server more often than the
default (weekly).
I added this to /etc/logrotate.d :
# http://lists.debian.org/debian-devel/2003/09/msg01310.html
# sysklogd rotates file and "weekly" is hardwired in it. We add this file
# to override it.
/var/log/mail.log /var/log/mail.info /var/log/mail.warn {
daily
rotate 52
compress
create 640 root adm
postrotate
/etc/init.d/sysklogd reload
endscript
}
It works but the default rotation scheme also, and it keeps rotating
every week (syslogd-listfiles --weekly). See May 16th, a saturday :
faramir:~ % ls -alt /var/log/mail.log*
-rw-r-1 root adm 5098621 May 21 15:16 /var/log/mail.log
-rw-r-1 root adm 2912181 May 21 06:24 /var/log/mail.log.1.gz
-rw-r-1 root adm 4232280 May 20 06:24 /var/log/mail.log.2.gz
-rw-r-1 root adm 3352124 May 19 06:25 /var/log/mail.log.3.gz
-rw-r-1 root adm 2974079 May 18 06:25 /var/log/mail.log.4.gz
-rw-r-1 root adm936179 May 17 06:25 /var/log/mail.log.5.gz
-rw-r-1 root adm 4916 May 16 06:36 /var/log/mail.log.0
-rw-r-1 root adm386548 May 16 06:19 /var/log/mail.log.7.gz
-rw-r-1 root adm 26177210 May 15 06:15 /var/log/mail.log.8.gz
-rw-r-1 root adm 7547207 May 9 06:25 /var/log/mail.log.6.gz
-rw-r-1 root adm 38059962 Apr 25 06:38 /var/log/mail.log.9.gz
-rw-r-1 root adm 64760921 Apr 23 06:29 /var/log/mail.log.10.gz
How can I suppress the default weekly rotation (which is not managed
by logrotate)?
Debian "sarge".
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring software
On Mon, Apr 26, 2004 at 11:23:24AM +0200, Craig Schneider <[EMAIL PROTECTED]> wrote a message of 13 lines which said: > Does anyone know what monitoring software we could use to monitor > servers and routing devices? I use and like mon (http://www.kernel.org/software/mon/ and as a Debian package). > We tried setting up Nagios but in the end the config was just too much > and too complex. After trying Nagios and mon, I agree with you.
Re: Monitoring software
On Mon, Apr 26, 2004 at 11:23:24AM +0200, Craig Schneider <[EMAIL PROTECTED]> wrote a message of 13 lines which said: > Does anyone know what monitoring software we could use to monitor > servers and routing devices? I use and like mon (http://www.kernel.org/software/mon/ and as a Debian package). > We tried setting up Nagios but in the end the config was just too much > and too complex. After trying Nagios and mon, I agree with you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HTTP latency ..urgent
On Thu, Feb 19, 2004 at 12:53:06PM +1100, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 41 lines which said: > Another piece of software which will do this and much more is called > smokeping, I know, smokeping is a graphing layer above other programs (including echoping). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HTTP latency ..urgent
On Wed, Feb 18, 2004 at 01:40:00AM -0800, suhail <[EMAIL PROTECTED]> wrote a message of 35 lines which said: > I am performing an experiment of effects of DDoS attacks on certain > metrics like HTTP web latency , DNS latency. I need to know how does > one measure the HTTP latency(time between issuing a HTTP request and > receiving the response) in Linux. http://echoping.sourceforge.net/"; command="apt-get install echoping"/>
Re: HTTP latency ..urgent
On Wed, Feb 18, 2004 at 01:40:00AM -0800, suhail <[EMAIL PROTECTED]> wrote a message of 35 lines which said: > I am performing an experiment of effects of DDoS attacks on certain > metrics like HTTP web latency , DNS latency. I need to know how does > one measure the HTTP latency(time between issuing a HTTP request and > receiving the response) in Linux. http://echoping.sourceforge.net/"; command="apt-get install echoping"/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multiple Server routet to one location
On Sun, Dec 14, 2003 at 10:24:32PM +0100, Michelle Konzack <[EMAIL PROTECTED]> wrote a message of 61 lines which said: > The internet connectivity is in some locations only V.90 or ISDN, so > Web/Mail-Services are not possible permanently. ... > ...and if I collect the Mail in Strasbourg, how can I send it effectif > to Problem-POP's ? Like several people on the list, I say: UUCP. [And, before you ask, Michelle, yes, I used it in Kabul and it worked :-) ] > I was thinking on collecting Mails and put it onto a shttp-cgi, > which tar it up after a wget-request (e.g. all 30 minutes). Then on > the Problem-POP it will decompressed and forward all Messages to > procmail... This would be reinventing the wheel when there is an already existing and proven solution to do so. > P.S.: The Location is Ercec (Turkey) and Khoy (Iran) and there is > nothing ! UUCP was invented when the connectivity in most Europe was no better than what you have in Iran now :-)
Re: Multiple Server routet to one location
On Sun, Dec 14, 2003 at 10:24:32PM +0100, Michelle Konzack <[EMAIL PROTECTED]> wrote a message of 61 lines which said: > The internet connectivity is in some locations only V.90 or ISDN, so > Web/Mail-Services are not possible permanently. ... > ...and if I collect the Mail in Strasbourg, how can I send it effectif > to Problem-POP's ? Like several people on the list, I say: UUCP. [And, before you ask, Michelle, yes, I used it in Kabul and it worked :-) ] > I was thinking on collecting Mails and put it onto a shttp-cgi, > which tar it up after a wget-request (e.g. all 30 minutes). Then on > the Problem-POP it will decompressed and forward all Messages to > procmail... This would be reinventing the wheel when there is an already existing and proven solution to do so. > P.S.: The Location is Ercec (Turkey) and Khoy (Iran) and there is > nothing ! UUCP was invented when the connectivity in most Europe was no better than what you have in Iran now :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Wed, Dec 03, 2003 at 10:04:26PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > flat files can't be "down". wouldn't be better to generate flat > files from the backend db to avoid such risks? I agree.
Re: bind9 vs tinydns vs others
On Wed, Dec 03, 2003 at 10:04:26PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > flat files can't be "down". wouldn't be better to generate flat > files from the backend db to avoid such risks? I agree. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, Dec 02, 2003 at 04:46:55PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 11 lines which said: > what do you prefer for authoritative dns? nsd. See http://www.nic-generique.prd.fr/sheets/practical/nameserver-en> for a good reason.
Re: bind9 vs tinydns vs others
On Tue, Dec 02, 2003 at 04:46:55PM +0100, David Zejda <[EMAIL PROTECTED]> wrote a message of 11 lines which said: > what do you prefer for authoritative dns? nsd. See http://www.nic-generique.prd.fr/sheets/practical/nameserver-en> for a good reason. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Software for a NIC (Network Information Center)
On Mon, Dec 01, 2003 at 09:13:12AM +0100, Michelle Konzack <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > There are some Contries in the World without a NIC Not many: you just need one clerical worker to claim "We have a NIC" :-) > Because I am working on 3rd World Projects I need to know whether > there are LINUX Software to create a NIC. The question has many implications. I suggest that you read first the temporary documents in http://www.nic-generique.prd.fr/. After that, do not hesitate to ask more specific questions. You can also call me (+33 1 39 30 83 46). > What Software do I need (even if I use Solaris). * Some form of database software (from PostgreSQL to simple ASCII text files), * A nameserver (nsd, BIND, whatever), * A [optional] whois server (we provide one), * A [optional] Web interface. > Please note, that this Contries I am working for are not rich, and > do not need the last Supercomputers for routing some hundreds > Domains. I know. You can manage even dozens of thousands of domains on a typical PC with Debian. The ".nl" zone (almost one million of domains) runs fine on a PC. Can you tell which countries? > So I need to know, which Hardware I need. Two PC? > I think, the full Hardware/Software can not exceed 150k US$, > better less. (the cost does not inlude the Online-UPS) Since it is a Debian list, I will mention only free software, of course.
Re: Software for a NIC (Network Information Center)
On Mon, Dec 01, 2003 at 09:13:12AM +0100, Michelle Konzack <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > There are some Contries in the World without a NIC Not many: you just need one clerical worker to claim "We have a NIC" :-) > Because I am working on 3rd World Projects I need to know whether > there are LINUX Software to create a NIC. The question has many implications. I suggest that you read first the temporary documents in http://www.nic-generique.prd.fr/. After that, do not hesitate to ask more specific questions. You can also call me (+33 1 39 30 83 46). > What Software do I need (even if I use Solaris). * Some form of database software (from PostgreSQL to simple ASCII text files), * A nameserver (nsd, BIND, whatever), * A [optional] whois server (we provide one), * A [optional] Web interface. > Please note, that this Contries I am working for are not rich, and > do not need the last Supercomputers for routing some hundreds > Domains. I know. You can manage even dozens of thousands of domains on a typical PC with Debian. The ".nl" zone (almost one million of domains) runs fine on a PC. Can you tell which countries? > So I need to know, which Hardware I need. Two PC? > I think, the full Hardware/Software can not exceed 150k US$, > better less. (the cost does not inlude the Online-UPS) Since it is a Debian list, I will mention only free software, of course. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [IMAP] [Courier] Change the folder separator?
On Fri, Nov 07, 2003 at 09:22:40AM -0500, Dale E Martin <[EMAIL PROTECTED]> wrote a message of 25 lines which said: > I thought that you just had to have, for example: > Maildir/.folder1 And if I create, from an IMAP client, a subfolder "foo" of "folder1", I get Maildir/.folder1.foo instead of the more logical Maildir/folder1/foo.
Re: [IMAP] [Courier] Change the folder separator?
On Fri, Nov 07, 2003 at 09:22:40AM -0500, Dale E Martin <[EMAIL PROTECTED]> wrote a message of 25 lines which said: > I thought that you just had to have, for example: > Maildir/.folder1 And if I create, from an IMAP client, a subfolder "foo" of "folder1", I get Maildir/.folder1.foo instead of the more logical Maildir/folder1/foo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[IMAP] [Courier] Change the folder separator?
The courier-imap IMAP server uses the dot ('.') as a separator for
IMAP folders and not the slash ('/'). So, IMAP subfolders are not nice
Unix subdirectories.
Is there a way to change it? Reading the source code, it seems it is
not easy, there is not even a '#define FOLDER_SEP .', rather the
literal dot is used in several places.
[IMAP] [Courier] Change the folder separator?
The courier-imap IMAP server uses the dot ('.') as a separator for
IMAP folders and not the slash ('/'). So, IMAP subfolders are not nice
Unix subdirectories.
Is there a way to change it? Reading the source code, it seems it is
not easy, there is not even a '#define FOLDER_SEP .', rather the
literal dot is used in several places.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: domain tracking
On Tue, Oct 21, 2003 at 02:34:49PM -0400, Theodore Knab <[EMAIL PROTECTED]> wrote a message of 74 lines which said: > I wonder if anyone could refer me to a domain tracker ? ... > http://easternshoreheritage.org Do note also that the domain tracker have to respect some rules and not, for instance, trashing the registry servers with one request per second. For .org, the whois output says: You agree that [...] under no circumstances will you use this data to: [...] (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations.
Re: domain tracking
On Tue, Oct 21, 2003 at 05:12:04PM -0500, Rod Rodolico <[EMAIL PROTECTED]> wrote a message of 93 lines which said: > I have a totally junk perl script that does it. How does it work? If it just queries the DNS, it is useless for .com or .net where the DNS is refreshed only twice a day. So, a domain can be free for twelve hours (and therefore easily taken by someone else) before you detect it. .com/.net registrars can provide such a service because they can query the database with RRP (RFC 2832). But the ordinary user cannot. Do note also there is no general solution (a solution for all the domains). In ".nl", you have the Is service which is made exactly for that reason http://www.domain-registry.nl/sidn_english/flat/Home/Why_is_it_that_since_29_January_I_can_run_only_15_data_queries_a_day_on_the_Whois_/index.html> but there is no standard service, each registry provides one. See also the new Waiting List Service by Verisign which may render all of this irrelevant for .com/.net.
Re: domain tracking
On Tue, Oct 21, 2003 at 02:34:49PM -0400, Theodore Knab <[EMAIL PROTECTED]> wrote a message of 74 lines which said: > I wonder if anyone could refer me to a domain tracker ? ... > http://easternshoreheritage.org Do note also that the domain tracker have to respect some rules and not, for instance, trashing the registry servers with one request per second. For .org, the whois output says: You agree that [...] under no circumstances will you use this data to: [...] (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-Accredited Registrar, except as reasonably necessary to register domain names or modify existing registrations. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: domain tracking
On Tue, Oct 21, 2003 at 05:12:04PM -0500, Rod Rodolico <[EMAIL PROTECTED]> wrote a message of 93 lines which said: > I have a totally junk perl script that does it. How does it work? If it just queries the DNS, it is useless for .com or .net where the DNS is refreshed only twice a day. So, a domain can be free for twelve hours (and therefore easily taken by someone else) before you detect it. .com/.net registrars can provide such a service because they can query the database with RRP (RFC 2832). But the ordinary user cannot. Do note also there is no general solution (a solution for all the domains). In ".nl", you have the Is service which is made exactly for that reason http://www.domain-registry.nl/sidn_english/flat/Home/Why_is_it_that_since_29_January_I_can_run_only_15_data_queries_a_day_on_the_Whois_/index.html> but there is no standard service, each registry provides one. See also the new Waiting List Service by Verisign which may render all of this irrelevant for .com/.net. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Gated vs Zebra
On Mon, Sep 29, 2003 at 12:29:58AM +0300, kgb <[EMAIL PROTECTED]> wrote a message of 39 lines which said: > Which software is more good Gated or Zebra? Gated is non-free and non-maintained. Zebra is free but no longer maintained. Use Quagga. Or start with Zebra if you don't want to run sid, it will be easy to switch to Quagga after that. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RIPE Autonomously System: Question?
On Mon, Sep 29, 2003 at 12:01:29AM +0300, kgb <[EMAIL PROTECTED]> wrote a message of 56 lines which said: > Yes and i thing that, do you know with mine architecture how traffic can > shift my PC without problem? Very difficult to tell, it depends on many things (for instance, on the typical size of the packets). At Gitoyen, I have no problem with several FastEthernet (100 Mb/s) links on a typical PC but many small packets (a root DNS name server) could be more difficult to process than a few big ones (Web hosting) because interrupts are too slow on a PC. > I mean zebra don't have problem with big traffic if pc architecture > is good? Zebra does not forward at all so it is irrelevant. The kernel (probably Linux in your case) does the forwarding so the limiting factors are the kernel and the hardware. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Watchdog Program
On Wed, Aug 06, 2003 at 02:02:23AM +0200, Richard Stevens <[EMAIL PROTECTED]> wrote a message of 32 lines which said: > you could try BigBrother (http://bb4.com/) Heavily non-free. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Question about system accounts in LDAP.
On Tue, Aug 12, 2003 at 11:15:17AM +0200, Leonardo Boselli <[EMAIL PROTECTED]> wrote a message of 23 lines which said: > I am thinking about ist: is possible to use the ldap authentication > for ALL BUT imap and ftp (that should use the passwd file I do not really see why you want that (I suspect you should use groups instead) but that's what PAM is for. Just put different things in /etc/pam.d/ssh and /etc/pam.d/imap. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Question about system accounts in LDAP.
On Tue, Aug 12, 2003 at 05:13:29PM +0300, ? ? <[EMAIL PROTECTED]> wrote a message of 35 lines which said: > that, to have the session and etc. things, i need to use the NSS system > (/etc/nsswitch.conf) with the nss-pgsql module, not the PAM stuff Of course, because some functions do not require authentication (the work of PAM) but still requires mappings of name2uid or the opposite. Think of 'ls -l', for instance. The inode of a file stores an uid, not a name. How can ls display a name? Because it calls getpwuid(3), which in turn relies on NSS. (Try it: once logged in, shut down your LDAP server - and the nscd if it exists. Then, 'ls -l ~'.) > e.g. you practically can't make ssh to authenticate diretctly from > database, without the help of something like /etc/passwd (you need > the UID, homedir, etc. info). No, no, and no. You can have a ssh authentication without anything in /etc/passwd. You need NSS, true (sshd looks up to see if the user name exists, before attempting authentication, and so getpwnam(3) must succeed) but not /etc/passwd if PAM and NSS both use LDAP. > So, my question is, am I wrong, or you always have to use the NSS > modules? In practice, yes, using Unix without NSS is too painful (think about ps, ls, id, etc). > If so, why there is pam, if you can use NSS, PAM does a lot of things that NSS does not do. NSS only manages mappings. PAM can create directories, forces you to use two or more authentication methods, etc. So, in practice, you typically need both PAM and NSS. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Watchdog Program
On Tue, Aug 05, 2003 at 08:05:53PM -0300, Matias G. Lambert ( OSInet ) <[EMAIL PROTECTED]> wrote a message of 36 lines which said: > take a look at http://www.nagios.org Why not mon, much simpler and which has a command-line interface? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND 8 or 9 version ?
On Wed, Jul 23, 2003 at 12:03:43PM +0200, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 17 lines which said: > > That's nsd and it is no longer a project. > > URL? apt-get install nsd :-) Upstream is http://www.nlnetlabs.nl/nsd/index.html> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND 8 or 9 version ?
On Tue, Jul 22, 2003 at 11:53:53PM +0200, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 25 lines which said: > - v8 is stable 8.4 broke TSIG (secure zone transfers, RFC 2845), which worked before. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND 8 or 9 version ?
On Tue, Jul 22, 2003 at 11:53:53PM +0200, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 25 lines which said: > (powerdns is fastest authoritive dns server around You must be kidding, on every benchmark we performed, PowerDNS is much slower than BIND (even PowerDNS with its BIND backend, without the DBMS) and both PowerDNS and BIND are completely left behind by nsd. > there is another dns auth serevr project that ripe started, but > i can't remember the name That's nsd and it is no longer a project. I highly recommend it (the package appeared after woody's release, so you need to run sarge or to backport). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND 8 or 9 version ?
On Thu, Jul 17, 2003 at 06:34:17PM +0300, Evgeny Boksha <[EMAIL PROTECTED]> wrote a message of 13 lines which said: > please - tell me something about preferred vesion of BIND: 8 or 9 ? It is partly a matter of taste. Sooner or later, BIND8 will be officially unsupported so I would not advise to start now with BIND8 but if you already have a BIND8 setup which is working, you can go on. > Is 9 version more better than 8 ? Things that may be good reasons to switch to BIND9: * IPv6 transport (it appeared in the most recent BIND8, though), * views (excellent tool if you want to have the same machine serve external and internal data), * code more readable (if the project is to learn C, not to serve data). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: is there any DHCP server using PostgreSQL as a config source?
On Fri, Jul 18, 2003 at 08:44:07PM +0200, Miernik <[EMAIL PROTECTED]> wrote a message of 9 lines which said: > DHCP servers usually store the MAC -> IP resolution in a > /etc/dhcpd.conf file. I am looking for one that can use a PostgreSQL > database for that puropuse. IMHO, it is not a good idea to let DHCP, a quite essential service, depends on a huge behemoth like PostgreSQL, which has its own agenda :-) And it would complicate the coding of dhcpd. A better solution, if you want to register your machines in a DBMS (which seems quite sensible), is to write an export script that goes from PostgreSQL->dhcpd.conf. It is ten or twenty lines of Perl or Python... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sane trouble-ticket systems
On Wed, Jul 09, 2003 at 09:20:39PM -0400, Noah L. Meyerhans <[EMAIL PROTECTED]> wrote a message of 51 lines which said: > Currently we're using RT, and IMHO it sucks. Some of the things you want can be done with RT. > (i.e. no need to put a ticket number in the mail subject). Run rt-mailgate with --ticket-id-from-extension
Re: sane trouble-ticket systems
On Wed, Jul 09, 2003 at 09:20:39PM -0400, Noah L. Meyerhans <[EMAIL PROTECTED]> wrote a message of 51 lines which said: > Currently we're using RT, and IMHO it sucks. Some of the things you want can be done with RT. > (i.e. no need to put a ticket number in the mail subject). Run rt-mailgate with --ticket-id-from-extension -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Network monitor
On Fri, May 02, 2003 at 09:37:12AM -0700, brian moore <[EMAIL PROTECTED]> wrote a message of 22 lines which said: > I use 'mon' (in the package of the same name). Trivial to add new > monitors if you know a bit of Perl I use and like mon as well and you do not need Perl to write custom monitors or alerts. They are ordinary programs, not Perl modules, and can be written in Bourne shell or in C if you like.
Re: which dns server to use ?
On Sat, Apr 05, 2003 at 06:30:48PM +0200, Markus Welsch <[EMAIL PROTECTED]> wrote a message of 29 lines which said: > Which dns server would you suggest ? Why not PowerDNS http://www.powerdns.com/>, the only one which is fully extensible? > BIND ( http://www.isc.org/products/BIND/ ) Why not? The Apache of the DNS servers, feature-rich and very configurable. > djbdns ( http://cr.yp.to/djbdns.html ) The author stated very clearly several times that he will not implement the DNS but only the thngs he likes. Also, while you should not choose a program on the basis of the author's personnality, I'm ready to make an exception for this one. > NSD ( http://www.nlnetlabs.nl/nsd/ ) Very good program, quite recommended. > Pretty much importance is performance and security. You will probably be happy with nsd.
Re: New BIND 4 & 8 Vulnerabilities
On Tue, Nov 12, 2002 at 08:09:59PM +0100, Tobias Kuhrmann <[EMAIL PROTECTED]> wrote a message of 59 lines which said: > bind9 is also supporting ACL and other new features. so it is > a good idea to use bind9.x.x instead of bind8.x.x Bind9 is *much* slower http://www.ripe.net/ripe/meetings/archive/ripe-43/presentations/ripe43-dnr-nsd/> and had its share of security problems.
Re: New BIND 4 & 8 Vulnerabilities
On Tue, Nov 12, 2002 at 08:09:59PM +0100, Tobias Kuhrmann <[EMAIL PROTECTED]> wrote a message of 59 lines which said: > bind9 is also supporting ACL and other new features. so it is > a good idea to use bind9.x.x instead of bind8.x.x Bind9 is *much* slower http://www.ripe.net/ripe/meetings/archive/ripe-43/presentations/ripe43-dnr-nsd/> and had its share of security problems. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink <[EMAIL PROTECTED]> wrote a message of 39 lines which said: > Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. > my Apache. Probably the Glibc problem mentioned in the last issue of Debian Weekly News.
Re: apache broke
On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink <[EMAIL PROTECTED]> wrote a message of 39 lines which said: > Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. > my Apache. Probably the Glibc problem mentioned in the last issue of Debian Weekly News. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: File contents
On Tue, May 07, 2002 at 06:21:18PM +1000, Craig Sanders <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > does python have an edit-in-place command line option, like perl's -i? Unfortunately no, but you can easily write a script which will do the same. Here is an example, quick and dirty, but doing a part of the job of -i: #!/usr/bin/python import shutil import sys import re file = sys.argv[1] backup = file + '.bak' pattern = re.compile (sys.argv[2]) replacement = sys.argv[3] shutil.copyfile (file, backup) backup_h = open (backup, "r") file_h = open (file, "w") line = backup_h.readline() while line: line = pattern.sub (replacement, line) file_h.write (line) line = backup_h.read() file_h.close () backup_h.close () -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: File contents
On Mon, May 06, 2002 at 08:39:02PM +1000, Craig Sanders <[EMAIL PROTECTED]> wrote a message of 32 lines which said: > perl is the ideal tool to do this. No, you should use Python. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Network Question
On Sun, May 05, 2002 at 11:34:21AM +1000, Paul <[EMAIL PROTECTED]> wrote a message of 84 lines which said: > This is what I have done in the network file. IP's are just an example Very bad idea. How are we supposed to help without actual information? > My problem is I cannot ping 210.16.240.160 from the outside world, it does work >locally. traceroute from a remote site. I would have done it, with real IP addresses. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache BASIC authentication w/large userbase
On Thu, Apr 04, 2002 at 01:07:37PM -0500, Jeff S Wheeler <[EMAIL PROTECTED]> wrote a message of 47 lines which said: > LDAP resources or experience in-house, but honestly would like to move > to it Not to discourage you but do not take that move lightly: LDAP is a huge and difficult beast. > well. There seems to be a real lack of a good, thorough HOWTO > though. Unfortunately, yes. > Have I not looked in the right place? No, no, it is a really a problem. > Is LDAP really the best tool here? Keep in mind hundreds of authen > requests per second, I never benchmarked so many requests but other people seem to be happy about OpenLDAP speed. You'll probably have to set up a LDAP replica on the Web server itself. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OFFTOPIC: LDAP AND SERVICES ISP
On Thu, Apr 04, 2002 at 06:15:18AM +0200, Ángel Carrasco <[EMAIL PROTECTED]> wrote a message of 103 lines which said: > Do you know if exists any documentation or guide or similar to implement > these services using LDAP or other systems? Documentation is scattered. You'll have to spend time digging in. > What do you recommend me about the system, LDAP or MySQL or...? You should first write down more requirments. The question is too complex for a simple answer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache BASIC authentication w/large userbase
On Wed, Apr 03, 2002 at 06:35:22PM -0500, Jeff S Wheeler <[EMAIL PROTECTED]> wrote a message of 39 lines which said: > would not go for that because apparently a disproportionate number of > their end-users disable cookies in their web browser. Stupid media > privacy paranoia. You are wrong. > short term we replaced mod_auth_mysql with an apache module I whipped up > to send requests out via UDP to a specified host/port, and wait for a > reply (with a 3 second timeout). Then I hacked out a quick Perl program > to handle those requests, hit mysql for actual user/password info, and So you reinvented LDAP :-) apt-get install libapache-auth-ldap A typical ".htaccess": AuthType Basic AuthName LDAP@Netaktiv AuthLDAPURL ldap://ldap.netaktiv.com/ou=People,dc=netaktiv,dc=com?uid?sub?(objectClass=*) require valid-user -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apache+php+mod_perl
On Wed, Mar 27, 2002 at 11:14:33PM +0100, Grischa Schuering <[EMAIL PROTECTED]> wrote a message of 10 lines which said: > we have problems with a apache running mod_perl scripts as well as > php4 scripts. We have a woody box with active mod_perl and PHP4 scripts and it seems to work fine. > the apache terminated when a mod_perl is accessed. Error in the log, please. > is there anything else which needs to be installed in order to get them to work >together ??? What are your versions? Mine are: ii apache 1.3.23-1 Versatile, high-performance HTTP server ii libapache-mod- 1.26-2 Integration of perl with the Apache web serv ii php4 4.1.2-1A server-side, HTML-embedded scripting langu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cold fusion 4.5 on Debian
On Fri, Mar 22, 2002 at 08:47:29AM -0500, Thedore Knab <[EMAIL PROTECTED]> wrote a message of 22 lines which said: > Is anyone running Cold Fusion 4.5 on Debian ? Debian is about free software, so probably not many (at least I hope so). > Are there any other simple packages that I might recommend as a dummy > proof alternative ? You call Cold Fusion simple? Anyway, the best competitor, IMHO, is Zope http://www.zope.org/>. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sendmail and virtual hosting: still a small annoying problem
On Tue, Mar 12, 2002 at 11:21:17AM -0500,
Richard A Nelson <[EMAIL PROTECTED]> wrote
a message of 42 lines which said:
> You have FEATURE(`allmasquerade') Correct?
You were right...
> Try FEATURE(`limited_masquerade') and add *ONLY* the hosts you to
> masquerade (localhost, etc) to class {M} (Leave {w} as is)
It works fine. Thank you very much.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: two ethernet without routing
On Wed, Mar 13, 2002 at 10:38:53AM -0800, Jeremy C. Reed <[EMAIL PROTECTED]> wrote a message of 37 lines which said: > You shouldn't have to setup a firewall as a workaround either. If your NIC > card is configured for a particular IP and you want to stop it, then > simply unplugging the ethernet cable should do it. No Unix work that way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: two ethernet without routing
On Wed, Mar 13, 2002 at 11:27:31AM +0100, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 18 lines which said: > How can I deactivate the routing option betwen cards? /etc/network/options: ip_forward=no Check with 'cat /proc/sys/net/ipv4/ip_forward'. > There have to be some kind of routing now because I can connect to my apache > typing the two IPs even I've just one cable connected to eth0. Wrong analysis. As soon as the machine receives a packert with one of its IP addresses as the destination, it will handle it (even if it does not come from the "right" network card). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sendmail and virtual hosting: still a small annoying problem
On Mon, Mar 11, 2002 at 07:12:42PM -0500, Bulent Murtezaoglu <[EMAIL PROTECTED]> wrote a message of 15 lines which said: > What else do you have in your .mc ? Masquerading options maybe? Ooops, here it is (domain names changed). Can I have both masquerading and virtusertable or should I try again to convince the customer to switch to Postfix? VERSIONID(`@(#)sendmail.mc 8.9.1a (Linux) 19981026') OSTYPE(debian)dnl LOCAL_CONFIG FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl FEATURE(masquerade_envelope)dnl FEATURE(allmasquerade)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(redirect)dnl FEATURE(nouucp)dnl FEATURE(bestmx_is_local)dnl define(`confME_TOO', True)dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG MASQUERADE_AS(dot.bar)dnl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
sendmail and virtual hosting: still a small annoying problem
I'm clearly rusty in sendmail (I now use Postfix but a customer wants to keep sendmail) and I have a small but annoying problem with virtual hosting. I have implemented: http://www.sendmail.org/virtual-hosting.html with a M4 configuration file as instructed above. It works fine except that To: fields are rewritten with the main domain, not the virtual one. If I send a mail to [EMAIL PROTECTED] when the main domain is dot.bar and I have in the virtusertable: [EMAIL PROTECTED] bortzmeyer the mail is received with a header: To: [EMAIL PROTECTED] which is not what the customer wants. Any simple solution? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: downgrading woody kernel 2.4 -> 2.2
On Thu, Feb 21, 2002 at 09:01:51AM +0100, David Biro (DaV3|D3) <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > if not, just tell me please ;), so I decided to downgrade the kernel to > 2.2 (whis is available in woody). You use Debian compiled kernels? OK, just 'apt-get install kernel-image-2.2.xxx' or, if you already have it, swap the symlinks vmlinuz* in / and rerun lilo (unless you use grub, in that case you'll have no more to do). > because I really hate to reset the server every day. > > (Well, maybe it's a hw problem, but who knows?) Probably. (We use custom-compiled 2.4 kernels on many machines.)
Re: downgrading woody kernel 2.4 -> 2.2
On Thu, Feb 21, 2002 at 09:01:51AM +0100, David Biro (DaV3|D3) <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > if not, just tell me please ;), so I decided to downgrade the kernel to > 2.2 (whis is available in woody). You use Debian compiled kernels? OK, just 'apt-get install kernel-image-2.2.xxx' or, if you already have it, swap the symlinks vmlinuz* in / and rerun lilo (unless you use grub, in that case you'll have no more to do). > because I really hate to reset the server every day. > > (Well, maybe it's a hw problem, but who knows?) Probably. (We use custom-compiled 2.4 kernels on many machines.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: concurrent POP3 and IMAP servers?
On Wed, Feb 13, 2002 at 11:56:49PM +0700, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 34 lines which said: > I am using postfix, how to setup the smtp to deliver to maildir ? (Not the SMTP, the MDA, message delivery agent.) Postfix comes with heavily commented configuration files. It is hard to miss: aragon:/usr/doc/postfix/examples % zgrep -i maildir * sample-local.cf.gz:# "Maildir/" for qmail-style delivery (the / is required). sample-local.cf.gz:#home_mailbox = Maildir/ sample-local.cf.gz:# mailbox or maildir file (in fact, it limits the size of any file
Re: procmail to deliver in a Maildir/ for every user?
On Thu, Jan 31, 2002 at 10:12:18AM +1100, Jeremy Lunn <[EMAIL PROTECTED]> wrote a message of 18 lines which said: > Change your /etc/procmailrc to this and it'll fix your problem: > DEFAULT=$HOME/Maildir/ It works fine, thanks, that's what I was looking for.
Re: procmail to deliver in a Maildir/ for every user?
On Thu, Jan 31, 2002 at 10:12:18AM +1100, Jeremy Lunn <[EMAIL PROTECTED]> wrote a message of 18 lines which said: > Change your /etc/procmailrc to this and it'll fix your problem: > DEFAULT=$HOME/Maildir/ It works fine, thanks, that's what I was looking for. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian in 100 MB ?
On Thu, Jan 31, 2002 at 12:09:27PM +0100, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote a message of 23 lines which said: > Is this the right way to do it ? I could not find a small debian based > distro with IPTABLES/DSL/ISDN support... http://www.pingoo.org/Routeur/English/welcome.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MacOS, Debian router and ADSL/PPPoE (OT Net Tuner does not work for HTTP)
On Wed, Jan 30, 2002 at 05:44:48PM +0100, Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > I have a Debian router which connects to an ADSL/PPPoE line (therefore > with a PPP interface and a MTU of 1492). > > Behind it are Linux machines, MS-Windows boxes and MacOS toys, all > NATed (i have only one IP address) by Netfilter/iptables (router OK, the best solution, by far, because it needs a change only on the router, is to use "MSS clamping", an option of recent pppoe (not in potato) which modify on the fly the MSS parameter of TCP connections (other IP packets are unaffected but fragmentation should handle it, see below). So, I changed my /etc/ppp/peers/provider to have: pty "pppoe -I eth1 -T 80 -m 1412" Now, everyone is happy, without needing an extra software. Now, the theory. If I don't change the MTU of "client" machines, fragmentation will occur and everything will work (see later for TCP-specific problems and do not forget also that some stupid firewalls may break fragmentation if they stop some ICMP packets), albeit with slower performances (so you may want to change the MTU for speeding up UDP or other non-TCP applications). spoutnik:/# traceroute www.gitoyen.net 1500 traceroute to www.gitoyen.net (80.67.160.2), 30 hops max, 1500 byte packets 1 elsa.netaktiv.com (172.21.0.1) 2.937 ms 2.533 ms 3.839 ms 2 loopback1-lns201-tip-telehouse.nerim.net (62.4.16.251) 141.470 ms 141.409 ms 145.209 ms ... If I forbid fragmentation, it will no longer work: spoutnik:# traceroute -F www.gitoyen.net 1500 traceroute to www.gitoyen.net (80.67.160.2), 30 hops max, 1500 byte packets 1 elsa.netaktiv.com (172.21.0.1) 2.883 ms 4.812 ms 2.467 ms 2 elsa.netaktiv.com (172.21.0.1) 2.487 ms !F-1492 2.525 ms !F-1492 2.461 ms !F-1492 If I change the MTU, I will no longer emit such packets and performances will be better (providing the application choose wisely its packet size): spoutnik:# ifconfig eth0 mtu 1492 spoutnik:# traceroute www.gitoyen.net 1500 traceroute to www.gitoyen.net (80.67.160.2), 30 hops max, 1500 byte packets traceroute: sendto: Message too long 1 traceroute: wrote www.gitoyen.net 1500 chars, ret=-1 Now, for TCP. Many TCP programs/stacks will set DF (Don't fragment) and will rely on the ICMP packet (which tells the maximum size, see the 1492 in the above message) to fix the size of segments (warning: some firewalls may stupidly stop these packets). But they may announce wrong MSS (maximum segment size). Either you fix every application/TCP stack or you use "MSS clamping" (the -m option of pppoe) which will hack it on the fly and allow TCP applications to send only small enough packets. Thanks a lot for the explanations and for the help on my problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MacOS, Debian router and ADSL/PPPoE (OT Net Tuner does not work for HTTP)
On Wed, Jan 30, 2002 at 07:44:17PM +0100, jernej horvat <[EMAIL PROTECTED]> wrote a message of 14 lines which said: > but if NAT gw machine has MTU already set do 1492, then there is no need for > "NATed" clients to change MTU. Are you sure? Because NAT does not change the packet size. If I don't change the MTU of the Unix boxes behing the router, they have problems, too (connecting to FTP servers work, lsing a large directory hangs, etc). This fact is widely known and documented. See for instance http://www.linuxdoc.org/HOWTO/DSL-HOWTO/tuning.html> or the URLs I gave. > i call pppoe with "-m 1412". if this helps you... The MTU of the PPP link (1492) seems fine, the router itself has no problems. And remember, only MacOS has problems. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
MacOS, Debian router and ADSL/PPPoE (OT Net Tuner does not work for HTTP)
I have a Debian router which connects to an ADSL/PPPoE line (therefore with a PPP interface and a MTU of 1492). Behind it are Linux machines, MS-Windows boxes and MacOS toys, all NATed (i have only one IP address) by Netfilter/iptables (router kernel is 2.4.7). The two first categories have no problem surfing the Web without a proxy, getting big files with FTP, SSHing to remote machines, etc. But the MacOS machines can only use protocols like FTP, SSH, NNTP, no HTTP. Web pages (unless I go through a proxy, of course) are not retrieved except if they are very small (like Google's home page). It seems clearly MTU-related. But the Mac does have OT Net Tuner http://www.sustworks.com/site/prod_ottuner.html> and the MTU has been set to 1492 (like it is on the Linux and MS-Windows computers). Is there another trick for PPPoE? A trick which seems specific to FTP. Food for thought: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ppp.html#MACOS-WIN98-PPPOE-FREEZE http://www.petabit.com/ADSL/ADSL.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
procmail to deliver in a Maildir/ for every user?
Hello, I wish to use procmail as the system-wide delivery agent (the MTA is Postfix) *and* to have mail delivered in qmail-style Maildir/ by default (the POP and IMAP daemons are Courier, which only handles Maildirs). If I write a /etc/procmailrc: :0 $HOME/Maildir/ it works but it even does so for the few shell users which have a ~/.procmailrc (the home procmailrc is read after, when the mail has already been delivered). The procmailrc syntax does not allow me to test the existence of a ~/.procmailrc. Is there a way to combine my wishes? Otherwise, I'll use Postfix internal MDA (which will make it inconvenient to have system-wide services such as mail duplicata removal) and the shell users will have to invoke procmail from a ~/.forward. Possible solution, untested: write a local MDA which is a very simple shell script. It will test the existence of ~/.procmailrc and will invoke procmail with different arguments. Ugly, I think. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: XML - help needed
On Sat, Jan 26, 2002 at 08:48:08PM +0100, Marek L. Kozak <[EMAIL PROTECTED]> wrote a message of 18 lines which said: > I've allready installed (using debs) ibm-jdk1.1, tomcat, cocoon2 and > libapache-mod-jk, but still .xml pages cannot be seen - browsers want to > downloaded them instead. Why don't you just translate them to HTML offline, which is much simpler and loads less the server? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Phantom routes in the Linux kernel, not replaced by Zebra
[I'm not sure of my choice of mailing lists, see the discussion at the end.] We use only Linux routers and, from time to time, we have phantom routes. I mean routes that once were legitimate (learned via BGP) but should have been suppressed when BGP info changed and were not. These routes are displayed by Zebra as "kernel" routes (the normal routes are displayed as "ospf" or "bgp") and restarting Zebra does not make them disappear. I have to manually delete them. Rebooting, a la MS-Windows, solves everything. FreeBSD zealots keep bothering me that it is because Linux does not know RTF_STATIC ($KERNEL/include/linux/route.h), which prevents to pinpoint phantom routes. It seems true but this flag in nevertheless in GNU libc's headers (/usr/include/net/route.h). So, who is wrong, Linux, Zebra or me? What can I do to solve the problem? What can I do to workaround the problem? (Anyone has a Perl script which will telnet to the Zebra console and find all "kernel" routes?) Kernel 2.4.9 and 2.4.17. Zebra 0.92. PS: Regarding the choice of the mailing lists. The problem seems to be Linux-specific but I cannot find a good mailing list to discuss this sort of stuff (RTF_STATIC...). Don't tell me to subscribe to linux-kernel, I cannot swallow hundreds of messages relarted with the VM or with the device drivers. Feel free to reply in private (I'll summarize) or to reply only to the list you find suitable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BGP / Zebra
On Fri, Jan 11, 2002 at 06:13:28PM +0100, Anders Gjære <[EMAIL PROTECTED]> wrote a message of 82 lines which said: > The machine is running 2.2 kernel > > I don't think zebra is supported on 2.4.x kernels Zebra is supported and works perfectly fine on 2.4.x. Otherwise, see Russell's explanations. Zebra only deals with ROUTING, the kernel does the FORWARDING. If forwarding is too slow, examining Zebra will change nothing. (We have two default-free BGP peers and twenty other BGP peers with 512 Mbytes of RAM - the bgpd process uses less than 60 Mbytes - and the machine is far from being overloaded. And it forwards at 100 Mb/s.)
Re: BGP / Zebra
On Fri, Jan 11, 2002 at 06:13:28PM +0100, Anders Gjære <[EMAIL PROTECTED]> wrote a message of 82 lines which said: > The machine is running 2.2 kernel > > I don't think zebra is supported on 2.4.x kernels Zebra is supported and works perfectly fine on 2.4.x. Otherwise, see Russell's explanations. Zebra only deals with ROUTING, the kernel does the FORWARDING. If forwarding is too slow, examining Zebra will change nothing. (We have two default-free BGP peers and twenty other BGP peers with 512 Mbytes of RAM - the bgpd process uses less than 60 Mbytes - and the machine is far from being overloaded. And it forwards at 100 Mb/s.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Install on many machines
On Thu, Dec 27, 2001 at 12:51:52PM +0100, Marcel Hicking <[EMAIL PROTECTED]> wrote a message of 30 lines which said: > Could anyone hint me to a decent way of handling > the setup and later updates? Can I have a bootable > CD and have predefined packages installed apt-get install replicator http://replicator.sourceforge.net/ Description: automate new computer installations in a networked site. Using a nfs-root filesystem and rsync, replicator allow you to non-interactively install a target computer identical to the model computer. It can handle differences in partitioning and hardware. . Designed for clusters, classrooms and wherever you need identical Debian boxes. . It's REALLY faster than normal Debian installation method.
Re: Install on many machines
On Thu, Dec 27, 2001 at 12:51:52PM +0100, Marcel Hicking <[EMAIL PROTECTED]> wrote a message of 30 lines which said: > Could anyone hint me to a decent way of handling > the setup and later updates? Can I have a bootable > CD and have predefined packages installed apt-get install replicator http://replicator.sourceforge.net/ Description: automate new computer installations in a networked site. Using a nfs-root filesystem and rsync, replicator allow you to non-interactively install a target computer identical to the model computer. It can handle differences in partitioning and hardware. . Designed for clusters, classrooms and wherever you need identical Debian boxes. . It's REALLY faster than normal Debian installation method. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New MASQUERADE problem
On Thu, Oct 25, 2001 at 12:44:15AM +0200, Luc MAIGNAN <[EMAIL PROTECTED]> wrote a message of 34 lines which said: > * if the pc pings the external internet address of the router, it works fine > (ping succedded) > * if the pc tries to ping a host on the internet from its name : the > corresponding ip address is found immediately (so dns of my isp is reached), > but it cannot ping the address. > A TRACEROUTE gives the gateway address (my router), and after only '*' Obviously, there is no masquerading at all. The DNS works because bind on your router is relaying at the application layer. > What can be happen ? iptables -t nat -L POSTROUTING to see what's going on. (or the equivalent if you use ipchains) Also, post the actual command line you use.
Re: New MASQUERADE problem
On Thu, Oct 25, 2001 at 12:44:15AM +0200, Luc MAIGNAN <[EMAIL PROTECTED]> wrote a message of 34 lines which said: > * if the pc pings the external internet address of the router, it works fine > (ping succedded) > * if the pc tries to ping a host on the internet from its name : the > corresponding ip address is found immediately (so dns of my isp is reached), > but it cannot ping the address. > A TRACEROUTE gives the gateway address (my router), and after only '*' Obviously, there is no masquerading at all. The DNS works because bind on your router is relaying at the application layer. > What can be happen ? iptables -t nat -L POSTROUTING to see what's going on. (or the equivalent if you use ipchains) Also, post the actual command line you use. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Recommended way to setup an encrypted tunnel (a VPN)
On Wed, Jul 11, 2001 at 11:52:24AM -0500, Jeremy Gaddis <[EMAIL PROTECTED]> wrote a message of 42 lines which said: > I said that IPSec was probably the "best" way because it's > a standard protocol, with companies such as Microsoft and > Cisco supporting it Well, to set up a tunnel, standardization is not really important, since you typically control both ends. And GRE is standard, too (but it does not provide encryption). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[MY SOLUTION] Recommended way to setup an encrypted tunnel (a VPN)
On Tue, Jul 10, 2001 at 05:36:08PM +0200, Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote a message of 24 lines which said: > I have to connect two networks together and the virtual link needs to > be safely encrypted (some users know SSH but some will just POP > blindly and LDAP in woody is not SSLized anyway). I finally choose stunnel+PPP. Both are available in Debian packages, no patch to the Linux kernel is needed. I already know SSL and PPP, and both are proven technologies. www.stunnel.org For the specific cas of a VPN, http://www.stunnel.org/examples/pppvpn.html It is not technically beautiful (you run TCP over PPP over a SSL connection which already is TCP!) but it works. > - I tried pipsecd + userlink. The userlink module seems severely > broken, at least with kernel 2.4. A simple ifconfig stays in D 'disk > wait' forever! I tried several tricks but without any solution. > - ssh + ppp seems interesting because I know both of them. But is > there a trick when you combine them? > http://www.linuxdoc.org/HOWTO/VPN-HOWTO.html does not seem to be > maintained. The problem is that it needs another program (the pty redirector), which is not in Debian. > - GRE module in the kernel? (I use 2.4 on woody) Anyone has something > to say about it? I tried it, it works fine, it is simple to configure but you cannot encrypt (and authentication is lame). [Freeswan] The patch to the kernel does not compile (see the bugs against kernel-patch-freeswan). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: zebra and bgp4
On Wed, Jul 11, 2001 at 12:17:54AM +0200, Fabrice Lorrain (home) <[EMAIL PROTECTED]> wrote a message of 17 lines which said: > How well does zebra get interfaced with cisco routers (using bgp4) ? Gitoyen uses two PC/Debian, at our two POPs. Peers are Ciscos. zebra is the sid version. Kernel is 2.4.x. Except for the eepro100 driver, everything seems fine. The 100k routes are swallowed in two minutes and 50 Mbytes of RAM are enough for the BGP process. After that, forwarding works fine, although there is not a lot of traffic yet. Since we are in the same country, we are may be at the same POP? (Ours are Interxion/Sfinx and Telehouse2.)
Re: Recommended way to setup an encrypted tunnel (a VPN)
On Tue, Jul 10, 2001 at 11:25:24AM -0500, Jeremy Gaddis <[EMAIL PROTECTED]> wrote a message of 42 lines which said: > Using an IPSec VPN is probably the "best" way to do it. Why? (This is a real question: I see *many* solutions but I wonder why I would choose one above the others.) > FreeS/WAN (http://www.freeswan.org) is a Linux implementation > of IPSec, but it's not the easiest thing in the world to How do you compare it to other IPsec implementations such as pipsecd?
Re: Recommended way to setup an encrypted tunnel (a VPN)
On Tue, Jul 10, 2001 at 01:05:48PM -0400, Theodore Knab <[EMAIL PROTECTED]> wrote a message of 73 lines which said: > If you want an easy way to setup IPsec, contact a network security consultant > that understands it. No, I don't want an easy way, I want opinions and pointers. > If this is not feasible or you want to do it yourself, start reading. I've found already many documents, which I mentioned in my first message. The problem is that there is almost no comprehensive comparison. > Here is an intro to VPN > http://www.synthcom.com/~val/cs510/termpaper.htm Which does not even mention GRE or SSH+PPP...
Re: zebra and bgp4
On Wed, Jul 11, 2001 at 12:17:54AM +0200, Fabrice Lorrain (home) <[EMAIL PROTECTED]> wrote a message of 17 lines which said: > How well does zebra get interfaced with cisco routers (using bgp4) ? Gitoyen uses two PC/Debian, at our two POPs. Peers are Ciscos. zebra is the sid version. Kernel is 2.4.x. Except for the eepro100 driver, everything seems fine. The 100k routes are swallowed in two minutes and 50 Mbytes of RAM are enough for the BGP process. After that, forwarding works fine, although there is not a lot of traffic yet. Since we are in the same country, we are may be at the same POP? (Ours are Interxion/Sfinx and Telehouse2.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Recommended way to setup an encrypted tunnel (a VPN)
On Tue, Jul 10, 2001 at 11:25:24AM -0500, Jeremy Gaddis <[EMAIL PROTECTED]> wrote a message of 42 lines which said: > Using an IPSec VPN is probably the "best" way to do it. Why? (This is a real question: I see *many* solutions but I wonder why I would choose one above the others.) > FreeS/WAN (http://www.freeswan.org) is a Linux implementation > of IPSec, but it's not the easiest thing in the world to How do you compare it to other IPsec implementations such as pipsecd? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Recommended way to setup an encrypted tunnel (a VPN)
On Tue, Jul 10, 2001 at 01:05:48PM -0400, Theodore Knab <[EMAIL PROTECTED]> wrote a message of 73 lines which said: > If you want an easy way to setup IPsec, contact a network security consultant that >understands it. No, I don't want an easy way, I want opinions and pointers. > If this is not feasible or you want to do it yourself, start reading. I've found already many documents, which I mentioned in my first message. The problem is that there is almost no comprehensive comparison. > Here is an intro to VPN > http://www.synthcom.com/~val/cs510/termpaper.htm Which does not even mention GRE or SSH+PPP... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Recommended way to setup an encrypted tunnel (a VPN)
I have to connect two networks together and the virtual link needs to be safely encrypted (some users know SSH but some will just POP blindly and LDAP in woody is not SSLized anyway). I wonder what is the recommended way to setup an encrypted tunnel (to make a VPN) between two Debian boxes: - I tried pipsecd + userlink. The userlink module seems severely broken, at least with kernel 2.4. A simple ifconfig stays in D 'disk wait' forever! - ssh + ppp seems interesting because I know both of them. But is there a trick when you combine them? http://www.linuxdoc.org/HOWTO/VPN-HOWTO.html does not seem to be maintained. - GRE module in the kernel? (I use 2.4 on woody) Anyone has something to say about it?
Recommended way to setup an encrypted tunnel (a VPN)
I have to connect two networks together and the virtual link needs to be safely encrypted (some users know SSH but some will just POP blindly and LDAP in woody is not SSLized anyway). I wonder what is the recommended way to setup an encrypted tunnel (to make a VPN) between two Debian boxes: - I tried pipsecd + userlink. The userlink module seems severely broken, at least with kernel 2.4. A simple ifconfig stays in D 'disk wait' forever! - ssh + ppp seems interesting because I know both of them. But is there a trick when you combine them? http://www.linuxdoc.org/HOWTO/VPN-HOWTO.html does not seem to be maintained. - GRE module in the kernel? (I use 2.4 on woody) Anyone has something to say about it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: courier-imap + ldap
On Mon, May 14, 2001 at 01:43:07PM +0200, Pascal Pucci <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > The documentation to install a mail service with ldap + courrier-imap + > postfix or sendmail or exim. > > Sorry it's in French. You forgot the address: http://www.alcove-labs.org/en/documents/install_mail/comment_installer_un_serveur_multidomaine_avec_ldap.php3 You mention that directly using LDAP is faster than going through PAM. Any hard data? Could you post the result of benchmarks?
Re: courier-imap + ldap
On Mon, May 14, 2001 at 01:43:07PM +0200, Pascal Pucci <[EMAIL PROTECTED]> wrote a message of 27 lines which said: > The documentation to install a mail service with ldap + courrier-imap + postfix or >sendmail or exim. > > Sorry it's in French. You forgot the address: http://www.alcove-labs.org/en/documents/install_mail/comment_installer_un_serveur_multidomaine_avec_ldap.php3 You mention that directly using LDAP is faster than going through PAM. Any hard data? Could you post the result of benchmarks? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: courier-imap + ldap
On Sun, May 13, 2001 at 02:51:16PM +0200, bob <[EMAIL PROTECTED]> wrote a message of 15 lines which said: > i can't get working autentyfication by courier authldap. Courier-IMAP works here against an OpenLDAP server, through PAM. Wouldn't it be a better idea?
Re: courier-imap + ldap
On Sun, May 13, 2001 at 02:51:16PM +0200, bob <[EMAIL PROTECTED]> wrote a message of 15 lines which said: > i can't get working autentyfication by courier authldap. Courier-IMAP works here against an OpenLDAP server, through PAM. Wouldn't it be a better idea? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: setting up my own apt source
On Wed, May 09, 2001 at 11:30:21AM +0200, Teun Vink <[EMAIL PROTECTED]> wrote a message of 21 lines which said: > I need to set up an apt source for my work, where we can store our custom > made packages and kernels. I know that this can be done using > dpkg-scanpackages, but I can't find any help on that besides the > manpages. It is quite sufficient. Here is my crontab entry, if you need a real-world example: 0 3 * * * (cd /ftp/pub/debian/UNOFFICIAL; dpkg-scanpackages -m 'Debian GNU/Linux binary-i386' . /dev/null > Packages)
Re: setting up my own apt source
On Wed, May 09, 2001 at 11:30:21AM +0200, Teun Vink <[EMAIL PROTECTED]> wrote a message of 21 lines which said: > I need to set up an apt source for my work, where we can store our custom > made packages and kernels. I know that this can be done using > dpkg-scanpackages, but I can't find any help on that besides the > manpages. It is quite sufficient. Here is my crontab entry, if you need a real-world example: 0 3 * * * (cd /ftp/pub/debian/UNOFFICIAL; dpkg-scanpackages -m 'Debian GNU/Linux binary-i386' . /dev/null > Packages) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: An LDAP authentication howto for Debian?
On Sun, Apr 29, 2001 at 12:34:02PM +1000, Jeff Waugh <[EMAIL PROTECTED]> wrote a message of 21 lines which said: > The LDP has a perfectly good set of documents already; there's no need to > duplicate the good work already done by them. I recently configured LDAP for my company and I 100% agree with the original poster. Documentation is thick but with a lot of holes, few explanations (so you can do things in a different way), and quite difficult to find. I certainly would not say to a LDAP beginner, "read the fucking manual" because it is clearly a domain where manuals are suboptimal (I know, I should write one but it is easier to complain). The most important problem, I believe, is that using LDAP means understanding many differents things and how they fit together. These things are often documented properly (setting a LDAP server...) but separately (setting LDAP clients is in a completely different place) and you cannot get a global picture easily. (for instance, the LDP HOWTOs about PAM and LDAP do not explain why you need, in most cases, to setup PAM *and* NSS.)
Re: An LDAP authentication howto for Debian?
On Sun, Apr 29, 2001 at 12:34:02PM +1000, Jeff Waugh <[EMAIL PROTECTED]> wrote a message of 21 lines which said: > The LDP has a perfectly good set of documents already; there's no need to > duplicate the good work already done by them. I recently configured LDAP for my company and I 100% agree with the original poster. Documentation is thick but with a lot of holes, few explanations (so you can do things in a different way), and quite difficult to find. I certainly would not say to a LDAP beginner, "read the fucking manual" because it is clearly a domain where manuals are suboptimal (I know, I should write one but it is easier to complain). The most important problem, I believe, is that using LDAP means understanding many differents things and how they fit together. These things are often documented properly (setting a LDAP server...) but separately (setting LDAP clients is in a completely different place) and you cannot get a global picture easily. (for instance, the LDP HOWTOs about PAM and LDAP do not explain why you need, in most cases, to setup PAM *and* NSS.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
