PAM: External radius for password / internal LDAP for the rest
hi, at the moment we importing every day students from a external LDAP server and copy them into our local LDAP tree. So we have a own password database, in LDAP. Now we have access to the main radius for the whole university so we can authenticate most of our users via the radius, but not all. The plan is: 1. Use Radius for the password only 2. Check if the user exists in our LDAP, if not -> no access 3. If the radius password isn't accepted, test the same on LDAP userPassword 4. Use LDAP for $HOME/ $SHELL/ $UIDNumber/ $Gidnumber The third point is for local users only (system accounts icinga/otrs ) and guests, also for the smoothness migration, from our password to the radius. Old users can still use the old password, new users take the radius one. I've installed a local FreeRadius server in proxy mode which works. So, my question is, can I do it with PAM? How does it look like? cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/97184e1b-ab3a-4e4c-bdc2-7db9a681a...@4lin.net
Re: Squeeze|Cups: pdftops and high CPU load
hi, Am 09.11.2012 um 16:32 schrieb Brian : > No, you will need Wheezy at least. The switching from Ghostscript to > Poppler is done via the cups-filters package, which does not exist in > Squeeze. phu … I'am unsure, but this machine is only a print server, so maybe I can Wheezy give a try … the speed is awfully sometimes at the moment :-/ cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/9f20d022-06ec-43e4-8dd5-51e2bdebb...@4lin.net
Squeeze|Cups: pdftops and high CPU load
hi, I'am admin from a poolroom with 100 diskless clients from a university and have problems with Cups under Squeeze and high CPU load, if students printing PDFs (which is mostly the default case) . I can see that the process "pdftops" takes 100% CPU for several seconds or up to 3-4 minutes, which depends on the options and pagesize from the original PDF. I didn't recognized it last (~12-15) months, because the clients had it's own Cups Daemon, so the processing was done on the client side, I think ... But I switched to the Cups broadcast setup, for easier maintaining printers. So, I googled a lot and found in the Ubuntu Bug pages, about poppler vs. gs etc .. or http://ubuntuforums.org/archive/index.php/t-2022997.html Is that also an option under Squeeze? Where I can see the actual settings? lpadmin doesn't have any options, to print out the settings ... cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/19980ff9-4a8b-422a-90c4-71516d77b...@4lin.net
Cups: Shared vs unshared priner and broadcasts
hi, we have a big PC poolroom with 3 printers, that are shared and used via broadcast. The clients can use them, without any password. These printers are also available for the external users with there own laptops. Access to them is only allowed via username/password, but the printers aren't shared, because if I share them, the poolclients get them too, what is unnecessary, because, they are only duplicates. One example: Shared printer, access from the poolclients: Order allow, deny Allow localhost Allow 192.168.1.0/24 unshared printer, access only with username/password: Encryption IfRequested Order allow, deny Allow localhost Allow from All AuthType Basic AuthClass User Require valid-user The unshared, but accepting printer can used, but commands like "lp -d E003-external" or "lpr -P E003-external" ... can't access them ... and some other tools. Windows / OSX works, If I create a new printer with the printers URL, so I don't have to share this printer. So, my questions is: can I merge both printers to one, with the correct ACL, or can I share E003-external, but without broadcasting it to the poolclients. cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/42c9cd98-a765-47ef-9eb1-0f9e9ae57...@4lin.net
(solved) Re: Squeeze Debootstrap stoops on NFS4 Solaris10 share (on zfs dataset)
Am 24.04.2012 um 13:58 schrieb Denny Schierz: > hi, > > I have problems to get debootstrap squeeze /path/to/nfs4_solaris/share. It > extracting several archives and than you get a prompt, without any messages. > > [...] > I: Extracting libtext-wrapi18n-perl... > I: Extracting mawk... > I: Extracting libncurses5... > I: Extracting ncurses-base... > I: Extracting ncurses-bin... > I: Extracting libpam-modules... problem was, that tar couldn't change the group on the nfs4 share, because, "shadow:42" doesn't exist on the Solaris10 (which is normal). So, create a group with the same name and ID on the NFS server, "fixes" this problem. NFS3 doesn't take care, if the Id's exists or not, but NFS4 does. cu denny signature.asc Description: Message signed with OpenPGP using GPGMail
Squeeze Debootstrap stoops on NFS4 Solaris10 share (on zfs dataset)
hi, I have problems to get debootstrap squeeze /path/to/nfs4_solaris/share. It extracting several archives and than you get a prompt, without any messages. [...] I: Extracting libtext-wrapi18n-perl... I: Extracting mawk... I: Extracting libncurses5... I: Extracting ncurses-base... I: Extracting ncurses-bin... I: Extracting libpam-modules... root@hostname: # strace -f : [,,,] getppid() = 1700 stat64("/etc/lxc", {st_mode=S_IFDIR|0755, st_size=11, ...}) = 0 stat64(".", {st_mode=S_IFDIR|0755, st_size=11, ...}) = 0 open("/usr/sbin/debootstrap", O_RDONLY) = 3 fcntl64(3, F_DUPFD, 10) = 10 close(3)= 0 fcntl64(10, F_SETFD, FD_CLOEXEC)= 0 rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 0, 4294967295) = 0 rt_sigaction(SIGINT, {0x20dc0, ~[RT_0 RT_1], 0}, NULL, 0xf7aa8458, 4294967295) = 0 rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 0, 4294967295) = 0 rt_sigaction(SIGQUIT, {SIG_DFL, ~[RT_0 RT_1], 0}, NULL, 0xf7aa8458, 4294967295) = 0 rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 0, 4294967295) = 0 rt_sigaction(SIGTERM, {SIG_DFL, ~[RT_0 RT_1], 0}, NULL, 0xf7aa8458, 4294967295) = 0 read(10, "#!/bin/sh -e\n\nVERSION='1.0.26+sq"..., 8192) = 8192 stat64("/debootstrap/debootstrap", 0xfff83700) = -1 ENOENT (No such file or directory) open("/usr/share/debootstrap/functions", O_RDONLY) = 3 fcntl64(3, F_DUPFD, 10) = 11 close(3)= 0 fcntl64(11, F_SETFD, FD_CLOEXEC)= 0 read(11, ""..., 8192) = 8192 read(11, "n\n\t\t\tscp \"$ssh_dest\" \"$dest\"\n\t\t\t"..., 8192) = 8192 read(11, "s\"\n\t\tlocal pkgdest=\"$TARGET/$($D"..., 8192) = 8192 read(11, "..\n\t\tperl -le '\n$unique = shift "..., 8192) = 8192 stat64("/usr/bin/perl", {st_mode=S_IFREG|0755, st_size=5700, ...}) = 0 geteuid32() = 0 rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 0, 4294967295) = 0 rt_sigaction(SIGHUP, {0x20dc0, ~[RT_0 RT_1], 0}, NULL, 0xf7aa8458, 4294967295) = 0 rt_sigaction(SIGQUIT, {0x20dc0, ~[RT_0 RT_1], 0}, NULL, 0xf7aa8458, 4294967295) = 0 rt_sigaction(SIGTERM, {0x20dc0, ~[RT_0 RT_1], 0}, NULL, 0xf7aa8458, 4294967295) = 0 read(11, "\t\t}\n\t\tif (not $dynamic and $f[0]"..., 8192) = 1578 read(11, "", 8192) = 0 close(11) = 0 fcntl64(4, F_DUPFD, 10) = -1 EBADF (Bad file descriptor) dup2(1, 4) = 4 umask(0)= 022 umask(022) = 0 umask(022) = 022 read(10, " -a -n \"$2\" ]; then\n\t\t\tVARIANT=\""..., 8192) = 8192 stat64("/usr/bin/dpkg", {st_mode=S_IFREG|0755, st_size=216336, ...}) = 0 geteuid32() = 0 open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3 fcntl64(1, F_DUPFD, 10) = 11 close(1)= 0 fcntl64(11, F_SETFD, FD_CLOEXEC)= 0 dup2(3, 1) = 1 close(3)= 0 fcntl64(2, F_DUPFD, 10) = 12 close(2)= 0 fcntl64(12, F_SETFD, FD_CLOEXEC)= 0 dup2(1, 2) = 2 clone(Process 1702 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xf7c1a738) = 1702 [pid 1701] wait4(-1, Process 1701 suspended [ctrl + c] == Mount: san:/pool2/lxc-sparc/ /var/lib/lxc nfs4 rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.2,minorversion=0,local_lock=none,addr=192.168.1.1 0 0 Solaris 10: zfs get sharenfs pool2/lxc-sparc NAME PROPERTY VALUE SOURCE pool2/lxc-sparc sharenfs rw=192.168.1.2,root=192.168.1.2 local We need NFS4, 'cause of ACLs. so, any suggestions? cu denny signature.asc Description: Message signed with OpenPGP using GPGMail
Re: FAI Squeeze and SPARC
hi, I'm closer to success: boot net3:dhcp root=/dev/nfs boot=live init=/init nfsroot:192.168.1.1:/srv/fai-sparc/nfsroot ip=eth3: debug the live.log shows: + mount -t aufs -o noatime,noxino,dirs=/cow=rw:/live/image/live/filesystem.dir=rr aufs /root mount: mounting aufs on /root failed: No such device + panic mount aufs on /root failed with option noatime,noxino,dirs=/cow=rw:/live/image/live/filesystem.dir=rr cu denny signature.asc Description: Message signed with OpenPGP using GPGMail
FAI Squeeze and SPARC
hi, I try to get FAI working for my SPARC machines and build a own kernel and let the kernel create the initrd. The most problem is the size of the tftp bootimage, which does not exceed 9.5MB, otherwise it can't load anymore. The complete SPARC environment was create under the target (config + NFSRoot) and copied to the real FAI Server (X86). Also some FAI initrd files I copied to my own initrd. Now I hang on the boot process: [...] [ 69.947437] tg3 :0c:04.1: eth3: Link is up at 1000 Mbps, full duplex [ 70.038007] tg3 :0c:04.1: eth3: Flow control is on for TX and on for RX [ 70.423596] tg3 :09:04.0: eth0: Link is up at 1000 Mbps, full duplex [ 70.511857] tg3 :09:04.0: eth0: Flow control is on for TX and on for RX [ 72.884113] . OK [ 74.409930] IP-Config: Got DHCP answer from 192.168.1.1, my address is 192.168.1.5 [ 74.664458] IP-Config: Complete: [ 74.706924] device=eth3, addr=192.168.1.5, mask=255.255.255.0, gw=192.168.1.1, [ 74.804398] host=template.rbg.foobar, domain=rbg.foobar, nis-domain=(none), [ 74.947630] bootserver=192.168.1.1, rootserver=192.168.1.1, rootpath=/srv/fai-sparc/nfsroot [ 75.066827] Warning: unable to open an initial console. [ 75.180306] udev[73]: starting version 164 BusyBox v1.17.1 (Debian 1:1.17.1-8) built-in shell (ash) Enter 'help' for a list of built-in commands. /bin/sh: can't access tty; job control turned off (initramfs) [...] the command line: boot net3:dhcp root=/dev/nfs nfsroot:192.168.1.1:/srv/fai-sparc/nfsroot ip=eth3: NFS itself is working: (initramfs) mount rootfs on / type rootfs (rw) none on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) none on /proc type proc (rw,nosuid,nodev,noexec,relatime) none on /dev type devtmpfs (rw,relatime,size=2071464k,nr_inodes=258933,mode=755) none on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) udev on /dev type tmpfs (rw,relatime,size=10240k,mode=755) none on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) (initramfs) mkdir /mnt (initramfs) nfsmount 192.168.1.1:/srv/fai-sparc/nfsroot /mnt (initramfs) ls /mnt live (initramfs) If I put into the command line "boot=live" than: [...] [ 77.044287] Sending DHCP and RARP requests . [ 79.036276] tg3 :0c:04.1: eth3: Link is up at 1000 Mbps, full duplex [ 79.126838] tg3 :0c:04.1: eth3: Flow control is on for TX and on for RX [ 79.219337] tg3 :09:04.0: eth0: Link is up at 1000 Mbps, full duplex [ 79.307565] tg3 :09:04.0: eth0: Flow control is on for TX and on for RX [ 81.444262] ., OK [ 82.973979] IP-Config: Got RARP answer from 192.168.1.1, my address is 192.168.1.5 [ 83.228600] IP-Config: Complete: [ 83.271074] device=eth3, addr=192.168.1.5, mask=255.255.255.0, gw=192.168.1.1, [ 83.368550] host=template.rbg.foobar, domain=rbg.foobar, nis-domain=(none), [ 83.511783] bootserver=192.168.1.1, rootserver=192.168.1.1, rootpath=/srv/fai-sparc/nfsroot [ 83.630980] Warning: unable to open an initial console. [ 83.78] udev[73]: starting version 164 [ 84.309317] Kernel panic - not syncing: Attempted to kill init! [ 84.387304] Call Trace: [ 84.419388] [0045b8f8] do_exit+0xa8/0x6bc [ 84.482394] [0045bf7c] do_group_exit+0x70/0xa8 [ 84.551142] [0045bfcc] SyS_exit_group+0x18/0x28 [ 84.621044] [00405fd4] linux_sparc_syscall32+0x34/0x40 [ 84.698955] Press Stop-A (L1-A) to return to the boot prom [...] So I have something missed ... any suggestions? It seems, that there must be a problem with "init". cu denny signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Squeeze64: LD_LIBRARY_PATH / ignored or overwritten under X *SOLVED*
hi, Am 12.01.2012 um 23:11 schrieb Andrei Popescu: > On Jo, 12 ian 12, 12:58:42, Denny Schierz wrote: >> >> What could be the problem? > > Your display manager doesn't source the system shell configuration > files. If you need a solution per user put that stuff in ~/.xsessionrc > otherwise move the file under /etc/X11/Xsession.d/ nope, that isn't the problem. The ssh-agent resets the variable. Disable ssh-agent in /etc/X11/Xsession.options and it works (again). My display-manager is GDM2. cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/b94c87d8-d074-4f37-942f-8cd24c204...@4lin.net
Re: Squeeze64: LD_LIBRARY_PATH / ignored or overwritten under X
hi, Am 12.01.2012 um 13:56 schrieb emmanuel segura: > Try to use /etc/ld.so.conf for load your library nope, Sun Java parses the LD_LIBRARY_PATH variable, so it won't work: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/366728 http://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg1511703.html disable ssh-agent in Xsession/options helps. cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0ca626a6-deb3-4dd2-a0ff-2faad149c...@4lin.net
Squeeze64: LD_LIBRARY_PATH / ignored or overwritten under X
hi, I've created a file /etc/profile.d/path.sh with: LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib/jni" export LD_LIBRARY_PATH If you log in on a plain shell, it works, but if you log in via X (kde/gnome/fluxbox) and open a terminal (konsole/gnome-terminal/xterm) my special path "/usr/lib/jni" is missing. If you start in a terminal "bash -l" you get the missing path. I need "/usr/lib/jni" for Eclipse (I really hate java), otherwise Eclipse doesn't find SVN libs. What could be the problem? cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/9996c20a-27f0-43a5-9ad0-706180c67...@4lin.net
Squeeze: Create LVM from 2x raid5 + 12x 2TB disks
hi, my problem is, that I loosing several terabytes 12 x 2TB I create on one JBOD with 12 disks two raid 5 with one spare: mdadm --create /dev/md7 --level=5 -x 1 --raid-disks=5 --bitmap=internal /dev/sd["cdefgh"]1 mdadm --create /dev/md8 --level=5 -x 1 --raid-disks=5 --bitmap=internal /dev/sd["ijklmn"]1 # fdisk -l /dev/md8 Disk /dev/md8: 8001.6 GB, 8001589084160 bytes 2 heads, 4 sectors/track, 1953512960 cylinders Units = cylinders of 8 * 512 = 4096 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 524288 bytes / 2097152 bytes Disk identifier: 0x Only 8TB ... md8 : active raid5 sdm1[6] sdn1[5](S) sdl1[3] sdk1[2] sdj1[1] sdi1[0] 7814051840 blocks super 1.2 level 5, 512k chunk, algorithm 2 [5/4] [_] [>] recovery = 4.1% (80504380/1953512960) finish=330.3min speed=94493K/sec bitmap: 1/15 pages [4KB], 65536KB chunk md7 : active raid5 sdg1[6] sdh1[5](S) sdf1[3] sde1[2] sdd1[1] sdc1[0] 7814051840 blocks super 1.2 level 5, 512k chunk, algorithm 2 [5/4] [_] [>] recovery = 4.1% (80857984/1953512960) finish=334.0min speed=93427K/sec bitmap: 1/15 pages [4KB], 65536KB chunk root@iscsihead-s:~# pvscan PV /dev/md7 lvm2 [7.28 TiB] PV /dev/md8 lvm2 [7.28 TiB] Total: 3 [14.78 TiB] / in use: 1 [233.81 GiB] / in no VG: 2 [14.55 TiB] only 14TB from 20TB (2 disks are spare = 4TB) ? that couldn't be only metadata ... I also used --level=6 but nothing more than 8TB ... If I create one big MD with all 12 disks and raid6, than I get 20TB (also ~4TB metadata?) fdisk -l /dev/md7 Disk /dev/md7: 20004.0 GB, 20003972710400 bytes 2 heads, 4 sectors/track, -1 cylinders Units = cylinders of 8 * 512 = 4096 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 524288 bytes / 5242880 bytes Disk identifier: 0x With raid5 22TB, which seems to be better ... But, what is the best? To create only one big MD is something bad, I think. On FreeBSD I have with ZFS and 2 x raidz round about 21TB. any suggestions? cu denny signature.asc Description: This is a digitally signed message part
LDAP: Switch to SHA512 Hash Lenny/Squeeze
hi, we want switch from old DES crypt to SHA512 on our Lenny and Squeeze images. It works for local accounts, but I'm not sure, if it works also in LDAP. If I change the password from a LDAP user, than I expecting a longer string: local user: foobar:$6$rounds=65536$7NJOqSFw $UDB6zSUxHiFwnTs/cZvUkv4LMWYs7tdtqH1CkC1ubkxnKa2A7q2EXiXcTjvVGoV3I17d2yuqZKCQQbF6QhFDc/:15264:0:9:7::: LDAP User: binary(20b): {crypt}HCBEYA1is79bB in /etc/pam_ldap.config and /etc/libnss_ldap.conf: pam_password crypt /etc/login.defs ENCRYPT_METHOD SHA512 /etc/pam.d/common-passwd: [...] password sufficient pam_unix.so nullok use_authtok sha512 shadow rounds=65536 use_first_pass [...] Our LDAP Server is openldap-2.4.23 on Solaris 10 any suggestions? Is the CRYPT in LDAP a hash over the SHA512? cu denny signature.asc Description: This is a digitally signed message part
Re: Squeeze: Possible? Don't resolv NFS Links/path
hi, Am Donnerstag, den 08.09.2011, 11:30 +0100 schrieb Darac Marjal: > Presumably you have a symlink such as: > /home/foobar -> /nethome/disc01/users/homes/foobar > > You could try using pam-mount to create a bind mount in /home/$user. I'm not sure, if it fits for ~2000 students ... but interesting hint. thanks cu denny signature.asc Description: This is a digitally signed message part
Squeeze: Possible? Don't resolv NFS Links/path
hi, We have the NFS homes on something like: /nethome/disc01/users/homes/foobar /nethome/disc02/users/homes/bla /nethome/disc03/users/homes/golem and a special mountpoint for /home, that contains links to the real homepath: pwd shows "/nethome/disc02/users/homes/bla" instead of /home/bla. But not all programs shows this. The KDE terminal has "~" lxterminal "/nethome/disc02/users/homes/bla" ... So, is it possible to "hide" the real path? getent passwd foobar foobar:x:14103:26:Foobar student:/home/foobar:/bin/bash The NFS Server resides on Solaris 10. any suggestions? signature.asc Description: This is a digitally signed message part
Why nfs fstab entries need if-up? -> kernel level autoconfiguration / initramfs
hi, from my point of view, it is a bug: I build a new diskless rootfs based on Squeeze and most works, but NFS mounts from /etc/fstab. I search a very long time, whats the reason and found it. This enries are only mounted, if the if-up.d/mountnfs is executed. But in my case, it doesn't work, because I get all information for the eth0 from initramfs/kernel, so the device is up and running. if-up.d/mountnfs is never executed. In my case I had luck, because I have a second network card, configured with a static IP and if-up.d/mountnfs is executed. I think, there must be a better way to check, if the network is reachable. cu denny signature.asc Description: This is a digitally signed message part
Re: sed or awk: decode base64 string in passwd-like file
hi, Am Freitag, den 01.07.2011, 00:24 +0200 schrieb Javier Barroso: > perl -F: -a -ne ' $F1=`echo $F[1] | openssl base64 -d`; print join > (":",$F[0],$F1,@F[2 .. $#F])' file thanks, I try it :-) cu Denny signature.asc Description: This is a digitally signed message part
Re: sed or awk: decode base64 string in passwd-like file
hi, Am Freitag, den 01.07.2011, 00:03 +0200 schrieb Arno Schuring: > > echo e0NSWVBUfVUx= | openssl base64 -d > I certainly hope you're not expecting to recover the plaintext nope :-) They are still crypted, but readable for other Daemons, like Dovecot: If you do some like: echo e0NSWVBUfVUx= | openssl base64 -d then you get: {CRYPT} :-) signature.asc Description: This is a digitally signed message part
sed or awk: decode base64 string in passwd-like file
hi, I have a file with strings like: tes...@domain.foo:e0NSWVBUfVUx=:500:12002::/imap/spool/domain.foo/%1n/% n:storage=50 I need to decode the second field (password field), with something like: echo e0NSWVBUfVUx= | openssl base64 -d How can I do this with all other lines? I have already a small awk script, that converts my ldapsearch output to a Dovecot readable passwd file. === /^uid: / {uid=$2} /^uid: / {uid=$2; u=tolower(substr(uid,1,1));} /^postalAddress:/ {maildomain=$2} /^myMailQuota/ {mailquota=$2} /^userPassword/ {userpassword=$2} /^dn/ {printf("%s@%s:%s:500:12002::/imap/spool/%s/%s/%s:storage=%s \n",uid,maildomain,userpassword,maildomain,u,uid,mailquota)} END {printf("%s@%s:%s:500:12002::/imap/spool/%s/%s/%s:storage=%s \n",uid,maildomain,userpassword,maildomain,u,uid,mailquota)} the third %s must be changed, means decoded from base64. any suggestions? signature.asc Description: This is a digitally signed message part
NFS rootfs initramfs NFSv4
hi, we want to use the security advantages from NFSv4 for our diskless clients. I Build the initrams under Squeeze but the client won't boot, if I tell Solaris10 to accept NFSv4 only :-/ I saw the bug #409271 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409271) for Lenny, but why doesn't support Sqeeze that? Is it working in testing or unstable? cu denny signature.asc Description: This is a digitally signed message part
Clarkdale VGA (HDMI) support under Lenny?
hi, we want to change the studies pc pool and switch to a new i3 Clarkdale CPU with integrated graphic card. We have a recently kernel (2.6.36), running, but how good is the support from Lenny itself? The display is connected via HDMI. The mainboard is a Zotac H55ITX-C-E. Any suggestions? cu denny signature.asc Description: This is a digitally signed message part
Lenny -> Squeeze : Apache2:LDAP SSL auth not working anymore
hi, after upgrading Lenny to Squeeze, ldap auth over .htacces/virtual-host.config stops working when using SSL. I've searched hours on friday and though packages are missing or broken. Apache2 brings only "Internal Server Error", but nothing in the error/debug logfiles. Apache asks for the username/password and the user can type anything, after some seconds you get the error page. Then I switched to non SSL and, voila .. it works == AuthType Basic AuthName "Icinga Monitoring" AuthBasicProvider ldap AuthLDAPURL "ldap://ldap2/cn=accounts,dc=domain,dc=foo?uid?sub?(objectClass=*)" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On AuthzLDAPAuthoritative Off # Define allowed LDAP users Require ldap-group cn=rbg,cn=admins,cn=groups,dc=domain,dc=doo === this works but not: === AuthType Basic AuthName "Icinga Monitoring" AuthBasicProvider ldap AuthLDAPURL "ldaps://ldap2:636/cn=accounts,dc=domain,dc=foo?uid?sub?(objectClass=*)" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On AuthzLDAPAuthoritative Off # Define allowed LDAP users Require ldap-group cn=rbg,cn=admins,cn=groups,dc=domain,dc=foo === any suggestions? cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/9ea677a5-7eab-49b3-b377-1d036fbb6...@4lin.net
Re: Two node storage failover with lvm and ISCSI
hi, Am Montag, den 21.02.2011, 17:16 -0600 schrieb Stan Hoeppner: > I'm guessing your setup is different than this or you wouldn't be > askig > about RAID. Could you please describe your storage back end? 4 x LSI 630J Storage with 12 x SAS HDD connected to a SAS Switch. From the SAS switch one SAS cable goes to each host, into a SAS HBA. Nothing more. cu denny signature.asc Description: This is a digitally signed message part
Re: Two node storage failover with lvm and ISCSI
hi Stan, Am Sonntag, den 20.02.2011, 20:13 -0600 schrieb Stan Hoeppner: > It's not clear to me at this point if you need real time > file/filesystem sharing or simply manual fail over from a dead host to > a backup server. than it's my fault :-) I want failover (the second in your words). If node 1 fails, node 2 take over the IP and fire up the ISCSI target daemon. There is no cluster filesystems involved. There is no need for them. Problem is: we have have bunch of disks connected to _both_ hosts. So we need raid, if disks fails in the storage, on the top LVM for manage the space and export them via ISCSI. I hope, is more clear :-) cu denny signature.asc Description: This is a digitally signed message part
Re: Two node storage failover with lvm and ISCSI
hi, Am Freitag, den 18.02.2011, 20:37 +0800 schrieb Justin Jereza: > I'd consider running clvm + gfs2 instead. That way, both nodes can > stay up and connected to the same filesystem at the same time. The > only decision left would be which node to use. OTOH, you can have an > HA configuration as well. two points against gfs: 1. I red very often, that GFS is very slow 1.1 So we have to create files and export them too as ISCSI targets. 2. We want to export ISCSI devises for other OS, like Windows, Solaris, OSX etc. So we stick on plain ISCSI exports: @Stan? For what we need drbd? Cloning? We don't need, cause all hosts can see the disks. cu denny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1298224570.4312.18.camel@mac
Two node storage failover with lvm and ISCSI
hi, we have two nodes connected to one big SAS storage (LSI 630j Jbod) with SAS HBAs and they can see all disks at same time. Now we want build a failover construct for lvm with ISCSI: LSI Jbod -> node* | raid | lvm | ISCSI -> Global IP ->> Client If the primary node fails, start raid on node two, activate lvm, export them via ISCSI, take over the IP address. There are many layers, that can fails, like raid, lvm, timing any suggestions? cu denny signature.asc Description: This is a digitally signed message part
Re: Lenny Apache2: ReverseProxy -> https -> http://localhost:port
hi, Am Montag, den 24.01.2011, 11:41 -0700 schrieb Bob Proulx: > Turn the rewrite engine on and then try it again. I think that is the > missing component for you. > > RewriteEngine On nothing helps. It's all the same. Maybe a bug, or unsupported. Or a configuration problem with the proxy module hmmm cu denny signature.asc Description: This is a digitally signed message part
Lenny Apache2: ReverseProxy -> https -> http://localhost:port
hi, I don't know, whats the problem: My ReverseProxy works with non-ssl to non-ssl, but not from ssl to non-ssl: == NameVirtualHost 1.2.3.4:443 ServerAdmin webmas...@foobar.bla ServerName www.foobar.bla SSLEngine on SSLCertificateFile "/etc/ssl/certs/foobar-www.pem" SSLCertificateKeyFile "/etc/ssl/private/foobar-www.pem" SetOutputFilter proxy-html # SSLProxyEngine on ErrorLog /var/www/user/websites/foobar.bla/log/error-ssl.log CustomLog /var/www/user/websites/foobar.bla/log/access-ssl.log combined php_admin_flag engine on php_admin_value open_basedir "/var/www/user/websites/foobar.bla/htdocs/:/var/www/user/websites/foobar.bla/tmp/:/usr/share/pear:/usr/share/php/:." php_admin_value upload_tmp_dir "/var/www/user/websites/foobar.bla/tmp/" php_admin_value session.save_path "/var/www/user/websites/foobar.bla/tmp/" DocumentRoot /var/www/user/websites/foobar.bla/htdocs/ ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/ Alias /pipermail/ /var/lib/mailman/archives/public/ Alias /images/mailman/ /usr/share/images/mailman/ AllowOverride All Order allow,deny Allow from all ProxyRequests Off Order deny,allow Allow from all ProxyPass /calendars/ http://localhost:8008/calendars/ ProxyPassReverse /calendars/ http://localhost:8008/calendars/ ProxyPass /principals/ http://localhost:8008/principals/ ProxyPassReverse /principals/ http://localhost:8008/principals/ === The exactly same lines, works for the non-ssl virtual host. the log says, "File does not exist: /var/www/user/websites/foobar.bla/htdocs/calendars" the best: if you type in" https://foobar.bla/calendars/user/foobar/..."; the log says only: "File does not exist: /var/www/user/websites/foobar.bla/htdocs/calendars" Very strange. The proxy Enginge doesn't start, with https ... any suggestions? Please note: I want to https -> http, not https -> https :-) cu denny signature.asc Description: This is a digitally signed message part
Re: NIS: /etc/nsswitch seems (a bit) ignored from /usr/bin/passwd *solved*
hi, nscd was the problem. He cached the local passwd ... cu denny signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
NIS: /etc/nsswitch seems (a bit) ignored from /usr/bin/passwd
hi, I have a real strange problem. We have a NIS system with Debian Lenny clients and LDAP as second system, but LDAP is not the problem here. I want, that the user have to use the passwd command (cause of cracklib support via pam). Here some facts on one client: /etc/nsswitch.conf passwd: file nis shadow: files group: files nis /etc/passwd [...] testck:x:6290:4000:test test:/home/testck:/bin/bash +: [...] Shadow passes are disabled. /etc/pam.d/common-password password required pam_unix.so nullok md5 nis debug I can do: getent passwd | grep testck testck:x:6290:4000:test test:/home/testck:/bin/bash testck:[md5 hash]:6290:4000:test test:/home/testck:/bin/bash You see, user testck is listed twice. One of /etc/passwd, one from another location, nis. So, the main problem is, if the user wants to change the password, passwd breaks immediately, after asking the Old Password, however, NIS isn't involved ... If I remove the testck from the local /etc/passwd, getent list only the nis one (cool), but, "su - testck" doesn't work anymore. the user is unknown. I' don't know, why the users are listed in the local /etc/passwd file, I'm new to the system, but it looks a bit strange to me. ( i tested everything without reboot) So, the main problem is, that passwd breaks cause of the missing password in /etc/passwd and passwd doesn't look in the the NIS map, where the password resides. any suggestions? cu denny signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: compiling ZSNES from source
hi, Am Samstag, den 27.06.2009, 13:59 +0800 schrieb Umarzuki Mochlis: > # sdl-config --version > 1.2.13 > that is weird. > config.log >> http://pastebin.com/f5459ec04 > hope somebody can give me direction on solving this. you need the header package from sdl: aptitude install libsdl1.2-dev cu denny signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Lenny/Ubuntu: ipsec over ipv6
hi, i don't get it working. I want to create a vpn tunnel between two computers connected with a sixxs IPv6 address. I use on one side Debian Lenny with freeswan and on the other side Ubuntu 8.10 (intrepid). my ipsec conf and verify: left: ### # ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.4.12/K2.6.27-14-generic (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause the sending of bogus ICMP redirects! NETKEY detected, testing for disabled ICMP accept_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects! Checking for RSA private key (/etc/ipsec.secrets) [DISABLED] ipsec showhostkey: no default key in "/etc/ipsec.secrets" Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding[OK] Checking NAT and MASQUERADEing [N/A] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support[DISABLED] version 2.0 # Connection between two computers conn kusanagi-sakura leftsubnet= left=2a01:198:000:000::1 leftnexthop=%direct leftid="C=DE, CN=trainer-vm" leftcert=/etc/ipsec.d/certs/trainer-vm-pub.pem rightnexthop=%direct right=2a01:198:000:000::2 rightsubnet= auto=start ## right: ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.4.12/K2.6.26-1-xen-amd64 (netkey) Checking for IPsec support in kernel[OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [DISABLED] ipsec showhostkey: no default key in "/etc/ipsec.secrets" Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding[OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support[DISABLED] conn kusanagi-sakura leftsubnet= left=2a01:198:000:000::1 leftnexthop=%direct leftid="C=DE, CN=trainer-vm" #leftcert=/etc/ipsec.d/certs/trainer-vm-pub.pem rightnexthop=%direct right=2a01:198:000:000::2 rightcert=/etc/ipsec.d/certs/vpn-2-pub.pem rightsubnet= auto=start i get on left (Ubuntu): Jun 27 01:41:52 kusanagi ipsec_setup: Starting Openswan IPsec 2.4.12... Jun 27 01:41:52 kusanagi ipsec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") Jun 27 01:41:52 kusanagi ipsec__plutorun: whack error: "kusanagi-sakura" non-ipv6 address may not contain `:' "2a01:198:000:000::2" Jun 27 01:41:52 kusanagi ipsec__plutorun: ...could not add conn "kusanagi-sakura" any suggestions? cu denny signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: manipulate initrd from Debian installer
hi, Mark Allums schrieb: > Ahh, I beg your pardon. no problem at all ;-) > I don't see where you made the modules or installed them. (You said in > your earlier post that you copied them to a directory.) However, it i copied them from /lib/modules to the unpacked initrd dir. > looks like your new kernel is looking for something and not finding it. > You seem to be trying to create a custom live CD. Do you use any gnu > or debian tools to automate the process? i use gzip/gunzip/cpio/cp/mkisofs nothing more. > If it is a CD, it may need support for the ISO 9660 CD standard. Did as i said, it is the netinstall.iso :-) > you compile that into the kernel, or the initrd? Once the kernel takes > over from the boot loader, it doesn't know about filesystems unless they > have been compiled in. filesystems are always compiled into the kernel and it don't need the ISO filesystem, cause the initrd could be found in a ram disk cu denny -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de signature.asc Description: OpenPGP digital signature
Re: manipulate initrd from Debian installer
hi Mark, Mark Allums schrieb: >> Where to start... well, I don't know your level of sophistication with >> the kernel, but did you compile the kernel the "Debian way" or the shame on me ;-) I used the Debian way via make-kpkg --rootcmd fakeroot kernel_image --initrd --append_to_version=.denny It isn't complicated to get a running Kernel on my system, but it is, to create a kernel for the Debian Installer. cu denny -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: manipulate initrd from Debian installer
hi Mark, Mark Allums schrieb: >> Where to start... well, I don't know your level of sophistication with >> the kernel, but did you compile the kernel the "Debian way" or the shame on me ;-) I used the Debian way via make-kpkg --rootcmd fakeroot kernel_image --initrd --append_to_version=.denny It isn't complicated to get a running Kernel on my system, but it is, to create a kernel for the Debian Installer. cu denny -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de signature.asc Description: OpenPGP digital signature
manipulate initrd from Debian installer
hi, i have to recompile a kernel (2.6.25.9) to get some hardware working, for example network cards and 3ware SCSI SATA controller from the installer (debian-testing-amd64-netinst.iso). But I'm unable to create a valid kernel and/or initrd. i did something like: # mount loop .iso # copy the contents into a directory # compile kernel and copy them to cd/install.amd/vmlinuz # unpack initrd.gz # copy the modules to lib/modules # recompress with cpio and gzip (cd ramdisk/ ; find . -depth -print | cpio -oc > ../newinitrd ; cd .. ; gzip newinitrd) # copy the new initrd.gz to cd/install.amd/initrd.gz # create mkisofs # starting ... But, however. I get a) tried reiserfs,ext3,ext2,cramfs "Kernel panic - Unable to mount " b) or if i do mkcramfs ramdisk/ new.cramfs and copy them to cd/install.amd/initrd.gz, i get "Unable to mount root fs on unknown-block(253,0)" and he lists some partitions from ram0 till ram15. He said, i tried to boot from as root= so, what i have to do. Most pages and Howtos are old. I want to change only the kernel with his modules, nothing more. cu denn -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
manipulate initrd from Debian installer
hi, i have to recompile a kernel (2.6.25.9) to get some hardware working, for example network cards and 3ware SCSI SATA controller from the installer (debian-testing-amd64-netinst.iso). But I'm unable to create a valid kernel and/or initrd. i did something like: # mount loop .iso # copy the contents into a directory # compile kernel and copy them to cd/install.amd/vmlinuz # unpack initrd.gz # copy the modules to lib/modules # recompress with cpio and gzip (cd ramdisk/ ; find . -depth -print | cpio -oc > ../newinitrd ; cd .. ; gzip newinitrd) # copy the new initrd.gz to cd/install.amd/initrd.gz # create mkisofs # starting ... But, however. I get a) tried reiserfs,ext3,ext2,cramfs "Kernel panic - Unable to mount " b) or if i do mkcramfs ramdisk/ new.cramfs and copy them to cd/install.amd/initrd.gz, i get "Unable to mount root fs on unknown-block(253,0)" and he lists some partitions from ram0 till ram15. He said, i tried to boot from as root= so, what i have to do. Most pages and Howtos are old. I want to change only the kernel with his modules, nothing more. cu denn -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de signature.asc Description: OpenPGP digital signature
Re: how to install ,deb files?
hi, Pantor schrieb: > would you be able to advice, please, how to install .deb files. Say > amaya_wx-9.55-2_i386.deb file that's lie of the Desktop now. > Thank's a lot. dpkg -i ~/Desktop/amaya_wx-9.55-2_i386.deb as root. cu denny -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de signature.asc Description: OpenPGP digital signature
Etch: Problem Grub, AMD64, initrd, Error 16, Inconsistent filesystem structure
hi, i want to install etch on softraid1 with AMD64 packages. Testing grub fails all the time. It is a Root Server without physical access to it. any suggestions? ### root (hd0,0) grub> kernel /vmlinuz kernel /vmlinuz [Linux-bzImage, setup=0x1e00, size=0x16fb27] grub> initrd /initrd.img initrd /initrd.img Error 16: Inconsistent filesystem structure grub> quit ### Kernel is: vmlinuz-2.6.18-5-amd64 initrd.img-2.6.18-5-amd64 ### grub> geometry (hd0) geometry (hd0) drive 0x80: C/H/S = 38913/255/63, The number of sectors = 625142448, /dev/sda Partition num: 0, Filesystem type is ext2fs, partition type 0xfd Partition num: 1, Filesystem type unknown, partition type 0x82 Partition num: 4, Filesystem type is ext2fs, partition type 0xfd Partition num: 5, Filesystem type unknown, partition type 0xfd grub> geometry (hd1) geometry (hd1) drive 0x81: C/H/S = 38913/255/63, The number of sectors = 625142448, /dev/sdb Partition num: 0, Filesystem type is ext2fs, partition type 0xfd Partition num: 1, Filesystem type unknown, partition type 0x82 Partition num: 4, Filesystem type is ext2fs, partition type 0xfd Partition num: 5, Filesystem type unknown, partition type 0xfd grub> ### i tried some other Kernels, but without luck. ### [EMAIL PROTECTED]:~# sfdisk -d /dev/sd[a,b] # partition table of /dev/sda unit: sectors /dev/sda1 : start= 63, size= 289107, Id=fd, bootable /dev/sda2 : start= 289170, size= 1959930, Id=82 /dev/sda3 : start= 2249100, size=622888245, Id= 5 /dev/sda4 : start=0, size=0, Id= 0 /dev/sda5 : start= 2249163, size= 3903732, Id=fd /dev/sda6 : start= 6152958, size=618984387, Id=fd # partition table of /dev/sdb unit: sectors /dev/sdb1 : start= 63, size= 289107, Id=fd, bootable /dev/sdb2 : start= 289170, size= 1959930, Id=82 /dev/sdb3 : start= 2249100, size=622888245, Id= 5 /dev/sdb4 : start=0, size=0, Id= 0 /dev/sdb5 : start= 2249163, size= 3903732, Id=fd /dev/sdb6 : start= 6152958, size=618984387, Id=fd ### sd 0:0:0:0: [sda] 625142448 512-byte hardware sectors (320073 MB) sd 0:0:0:0: [sda] Write Protect is off sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sd 0:0:0:0: [sda] 625142448 512-byte hardware sectors (320073 MB) sd 0:0:0:0: [sda] Write Protect is off sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sda: sda1 sda2 sda3 < sda5 sda6 > sd 0:0:0:0: [sda] Attached SCSI disk sd 1:0:0:0: [sdb] 625142448 512-byte hardware sectors (320073 MB) sd 1:0:0:0: [sdb] Write Protect is off sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00 sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sd 1:0:0:0: [sdb] 625142448 512-byte hardware sectors (320073 MB) sd 1:0:0:0: [sdb] Write Protect is off sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00 sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sdb: sdb1 sdb2 sdb3 < sdb5 sdb6 > sd 1:0:0:0: [sdb] Attached SCSI disk ### dpkg -l | grep grub ii grub 0.97-27 GRand Unified Bootloader ### [EMAIL PROTECTED]:~# lspci 00:00.0 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge 00:00.1 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge 00:00.2 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge 00:00.3 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge 00:00.4 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge 00:00.7 Host bridge: VIA Technologies, Inc. K8T800Pro Host Bridge 00:01.0 PCI bridge: VIA Technologies, Inc. VT8237 PCI bridge [K8T800/K8T890 South] 00:0f.0 RAID bus controller: VIA Technologies, Inc. VIA VT6420 SATA RAID Controller (rev 80) 00:0f.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06) 00:11.0 ISA bridge: VIA Technologies, Inc. VT8237 ISA bridge [KT600/K8T800/K8T890 South] 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control -- Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog: http://www.nopsis.de signature.asc Description: OpenPGP digital signature