Re: Fwd: Long time
I think the binary only "ltmodem" (lucent stuff) module should make his modem running... And the best way to get help - is by posting the output of lspci ;) Hetz On Thursday 21 February 2002 04:30, Amichai Rotman wrote: > Hi Gang, > > A friend of mine bought a Toshiba Laptop. He wants to install Linux on it. > The only thing keeping him from doin it is the Modem compatibility. This > one is an OnBoard Modem. You'll find the ATI output below. > > Any of you know how to make it work? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Sendsms to Orange
Hi, I downloaded and installed the sendsms scripts. They work fine for pele-phone, but only work about 30% of the time for Orange. I get the message "Sent successfully." in the log, but nothing happens on the phone. Is there a limit to the number of messages you can send in any one time, e.g. one every 5 minutes? Is there a problem with the web site not reporting an error? Is there a problem with the scripts not recognizing an error? Do I just have bad luck? TIA, Geoff. -- Geoffrey S. Mendelson Bloomberg L.P., BFM (Israel) 2 hours ahead of London, 7 hours ahead of New York. Tel: 972-(0)3-754-1158 Fax 972-(0)3-754-1236 Email: [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
problem compiling qt-copy for kde3
hi I've downloaded qt-copy from the kde3 cvs i put it in /usr/local/qt i set the enviroment variables: setenv QTDIR /usr/local/qt setenv PATH $QTDIR/bin:$PATH setenv LD_LIBRARY_PATH $QTDIR/lib:$LD_LIBRARY_PATH then cd $QRDIR /configure i get: Creating qmake. Please wait... In file included from /usr/local/qt/src/tools/qfileinfo.h:43, from /usr/local/qt/src/tools/qdir.h:43, from generators/mac/pbuilder_pbx.cpp:40: /usr/local/qt/src/tools/qdatetime.h:43:24: qnamespace.h: No such file or directory i look for it: erez@hal /usr/local/qt==> ls /usr/local/qt/src/kernel/qnamespace.h -rw-r--r--1 erez staff 18k Feb 21 12:01 /usr/local/qt/src/kernel/qnamespace.h so i do: /configure -I/usr/local/qt/src/kernel/ and again i get: In file included from /usr/local/qt/src/tools/qfileinfo.h:43, from /usr/local/qt/src/tools/qdir.h:43, from generators/mac/pbuilder_pbx.cpp:40: /usr/local/qt/src/tools/qdatetime.h:43:24: qnamespace.h: No such file or directory what am i doing wrong ? regards erez. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Fwd: Long time
On Thu, Feb 21, 2002, Hetz Ben Hamo wrote about "Re: Fwd: Long time": > I think the binary only "ltmodem" (lucent stuff) module should make his modem > running... The lucent driver is no longer binary only - you can get the source at (for example - I just googled) http://www.heby.de/ltmodem. However, apparently Lucent AMR modems are not supported by this driver, whatever that means... -- Nadav Har'El| Thursday, Feb 21 2002, 9 Adar 5762 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |I used to work in a pickle factory, until http://nadav.harel.org.il |I got canned. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Setting the font in gvim 6.0
I have a Mandrake 8.1 system and I installed vim-X11 6.0-6mdk. When I invoke /usr/X11R6/bin/gvim I get a very ugly font which I don't like. I tried to set it. However neither: /usr/X11R6/bin/gvim -font \ '-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1' Nor: /usr/X11R6/bin/gvim --cmd \ 'set guifont=-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1' Nor putting the "set guifont=" line in my .vimrc set the font on startup. I can set it up manually by typing "set guifont" after the window appears, but it would be annoying to do it, every time vim starts. What can I do? Regards, Shlomi Fish -- Shlomi Fish[EMAIL PROTECTED] Home Page: http://t2.technion.ac.il/~shlomif/ Home E-mail: [EMAIL PROTECTED] "Let's suppose you have a table with 2^n cups..." "Wait a second - is n a natural number?" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Fwd: Long time
On Thu, Feb 21, 2002, Nadav Har'El wrote about "Re: Fwd: Long time": > The lucent driver is no longer binary only - you can get the source at > (for example - I just googled) http://www.heby.de/ltmodem. After being put straight in the linux-kernel mailing list on the same issue, I need to correct myself here too. What looks like an open-source lucent driver is actually an open-source wrapper around some mysterious "ltmdmobj.o" object file from Lucent. The wrapper makes everything work properly in most Linux versions (compare this to the old binary-only module that worked only on very specific, old, versions of the kernel) but it's still not entirely open source, which is probably why distributions do not have it preinstalled :( -- Nadav Har'El| Thursday, Feb 21 2002, 9 Adar 5762 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |I would give my right arm to be http://nadav.harel.org.il |ambidextrous. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Setting the font in gvim 6.0
On Thu, 21 Feb 2002, Shlomi Fish wrote: > > I have a Mandrake 8.1 system and I installed vim-X11 6.0-6mdk. When I > invoke /usr/X11R6/bin/gvim I get a very ugly font which I don't like. > > I tried to set it. However neither: > > /usr/X11R6/bin/gvim -font \ > '-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1' Worked for me, *only after* I set LANG to "en" (I figure setting either LANG or LC_CTYPE to C may also work) Currently on my system: LANG=he LC_CTYPE="he" LC_NUMERIC="he" LC_TIME="he" LC_COLLATE="he" LC_MONETARY="he" LC_MESSAGES="he" LC_PAPER="he" LC_NAME="he" LC_ADDRESS="he" LC_TELEPHONE="he" LC_MEASUREMENT="he" LC_IDENTIFICATION="he" LC_ALL= (that is: LANG is set to "he" and everything else is set from it), there is also a valid /usr/share/locales/he which is actually he_IL.ISO-8859-8 Maybe this is it? > > Nor: > > /usr/X11R6/bin/gvim --cmd \ > 'set guifont=-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1' > > Nor putting the "set guifont=" line in my .vimrc set the font on startup. > > I can set it up manually by typing "set guifont" after the window appears, > but it would be annoying to do it, every time vim starts. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Solved [was Re: Setting the font in gvim 6.0]
After I removed the file /usr/share/vim/gvimrc everything worked fine, and gvim even started with a good font at startup. That file contained the line: set guifontset=-*-fixed-medium-r-normal--14-*-*-*-c-*-*-*,-*-*-medium-r-normal--14-*-*-*-c-*-*-*,-*-*-medium-r-normal--14-*-*-*-m-*-*-*,* Which apparently gave me some problems. Regards, Shlomi Fish On Thu, 21 Feb 2002, Shlomi Fish wrote: > > I have a Mandrake 8.1 system and I installed vim-X11 6.0-6mdk. When I > invoke /usr/X11R6/bin/gvim I get a very ugly font which I don't like. > > I tried to set it. However neither: > > /usr/X11R6/bin/gvim -font \ > '-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1' > > Nor: > > /usr/X11R6/bin/gvim --cmd \ > 'set guifont=-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1' > > Nor putting the "set guifont=" line in my .vimrc set the font on startup. > > I can set it up manually by typing "set guifont" after the window appears, > but it would be annoying to do it, every time vim starts. > > What can I do? > > Regards, > > Shlomi Fish > > > > -- > Shlomi Fish[EMAIL PROTECTED] > Home Page: http://t2.technion.ac.il/~shlomif/ > Home E-mail: [EMAIL PROTECTED] > > "Let's suppose you have a table with 2^n cups..." > "Wait a second - is n a natural number?" > > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > -- Shlomi Fish[EMAIL PROTECTED] Home Page: http://t2.technion.ac.il/~shlomif/ Home E-mail: [EMAIL PROTECTED] "Let's suppose you have a table with 2^n cups..." "Wait a second - is n a natural number?" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Setting the font in gvim 6.0
[ shlomi answered to himself, so I'll answer to myself as well ;-) ]
On Thu, 21 Feb 2002, Tzafrir Cohen wrote:
> On Thu, 21 Feb 2002, Shlomi Fish wrote:
>
> >
> > I have a Mandrake 8.1 system and I installed vim-X11 6.0-6mdk. When I
> > invoke /usr/X11R6/bin/gvim I get a very ugly font which I don't like.
> >
> > I tried to set it. However neither:
> >
> > /usr/X11R6/bin/gvim -font \
> > '-adobe-courier-medium-r-normal-*-*-140-*-*-m-*-iso8859-1'
>
> Worked for me, *only after* I set LANG to "en" (I figure setting either
> LANG or LC_CTYPE to C may also work)
Maybe this is because my ~/.gtkrc has:
style "gtk-default-he" {
fontset = "-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-8,\
-*-*-medium-r-normal--12-*-*-*-*-*-iso8859-8"
}
class "GtkWidget" style "gtk-default-he"
or because /etc/gtk/etcrc.he on my system has a similar content.
Never mind...
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
Re: problem compiling qt-copy for kde3
On Thursday 21 February 2002 12:16, Erez Doron wrote: > hi > > I've downloaded qt-copy from the kde3 cvs > i put it in /usr/local/qt > i set the enviroment variables: > setenv QTDIR /usr/local/qt > setenv PATH $QTDIR/bin:$PATH > setenv LD_LIBRARY_PATH $QTDIR/lib:$LD_LIBRARY_PATH > > then > > cd $QRDIR > /configure You missed few issues there (like make -f Makefile.cvs) and you need to read the README.qt-copy file - configure is definately not enough to compile QT. It's much more then that... Hetz = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Sendsms to Orange
I asked: > I downloaded and installed the sendsms scripts. They work fine for pele-phone, > but only work about 30% of the time for Orange. > > I get the message "Sent successfully." in the log, but nothing happens on > the phone. I found the answer. Walla will accept a message with quotes " ' or a pound sign # in it and "send it sucessfully", but it will not go anywhere. I added the following line to the sendsms script where I thought appropriate. $message =~ tr /"'#/---/; Which changes the unwanted characters to hyphens. -- Geoffrey S. Mendelson Bloomberg L.P., BFM (Israel) 2 hours ahead of London, 7 hours ahead of New York. Tel: 972-(0)3-754-1158 Fax 972-(0)3-754-1236 Email: [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Sendsms to Orange
> > I asked: > > > I downloaded and installed the sendsms scripts. They work fine for pele-phone, > > but only work about 30% of the time for Orange. > > > > I get the message "Sent successfully." in the log, but nothing happens on > > the phone. > > I found the answer. Walla will accept a message with quotes " ' or a pound > sign # in it and "send it sucessfully", but it will not go anywhere. > > I added the following line to the sendsms script where I thought appropriate. > > $message =~ tr /"'#/---/; > > Which changes the unwanted characters to hyphens. I must shamefully admit that I have never noticed the # (pound) problem... It is slightly more complicated: it seems that Orange-Walla expects a hex ascii value after the #. It does not work for many characters and when it doesn't, it causes the message to be silently dropped, as you reported. Thus, your solution might be the sanest one. I could not reproduce your problem with quotes and double quotes. they arrive finely to my phone. I would like to thank the orange subscriber who helped me find the pattern. Dan. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Sendsms to Orange
On Thu, Feb 21, 2002, Dan Kenigsberg wrote about "Re: Sendsms to Orange": > I must shamefully admit that I have never noticed the # (pound) problem... > It is slightly more complicated: it seems that Orange-Walla expects a hex ascii > value after the #. It does not work for many characters and when it doesn't, it > causes the message to be silently dropped, as you reported. > Thus, your solution might be the sanest one. What about an even more saner solution - replace '#' by '#23' (the hex for #), " by "#22" and ' by "#27" (assuming these are the problematic characters)? It's quite trivial to make that change. Dan, can you please test it and if it works I'll put it into the script? Thanks, Nadav. > I would like to thank the orange subscriber who helped me find the pattern. You'd really have to be a cryptography expert to catch that pattern ;) -- Nadav Har'El| Thursday, Feb 21 2002, 9 Adar 5762 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |An apple a day keeps the doctor away. An http://nadav.harel.org.il |onion a day keeps everyone away! = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
X Forwarding question
Hi, I have this problem: My machine IP is 192.168.1.2 and I'm connected to my other Linux machine which has the real IP. Now - I need to connect to another machine outside my network which is 10.1.1.1 (which means that machine is also under firewall).. Now - on that machine I don't have root previlages so I cannot do port forwarding... My question - how can I get the 10.1.1.1 X sessions to my 192.168.1.1 machine? Thanks, Hetz = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding question
On Thu, Feb 21, 2002, Hetz Ben Hamo wrote about "X Forwarding question": > My question - how can I get the 10.1.1.1 X sessions to my 192.168.1.1 machine? If you can ssh to the remote machine, the simplest would be to do "ssh -X 10.1.1.1". In the shell you'll get, you'll automatically have DISPLAY=10.1.1.1:10 (or something similar), and X clients will automagically work! Ssh runs an X proxy on that machine to forward all connections to :10 through the ssh connection. Since all data passes through the same ssh connection (as far as I know), you will not have any firewall problems in addition to getting it to allow ssh. -- Nadav Har'El| Thursday, Feb 21 2002, 9 Adar 5762 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |Ways to Relieve Stress #10: Make up a http://nadav.harel.org.il |language and ask people for directions. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding question
> If you can ssh to the remote machine, the simplest would be to do "ssh -X > 10.1.1.1". In the shell you'll get, you'll automatically have > DISPLAY=10.1.1.1:10 (or something similar), and X clients will > automagically work! Ssh runs an X proxy on that machine to forward all > connections to :10 through the ssh connection. Since all data passes > through the same ssh connection (as far as I know), you will not have any > firewall problems in addition to getting it to allow ssh. You can't - 10.1.1.1 is not accessible from outside, only through ssh'ing the gateway and then to 10.1.1.1 look: <192.168.1.2> --> --> --> <10.1.1.1> So, 192.168.1.2 cannot reach directly 10.1.1.1, which means I do: ssh -X other-side-GW-IP, and from there - ssh -X 10.1.1.1 this still doesn't work, and doing: export DISPLAY=192.168.1.2:0.0 and then running xlogo for example - doesn't give me anything... Suggestions? Hetz = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding question
> This should work. *Don't* set DISPLAY yourself - use the one ssh gives you. > What DISPLAY do you get on the gateway (in the middle of the ssh sequence)? > What DISPLAY do you get finally on 10.1.1.1? > What do you mean by "doesn't work" and "doesn't give me anything"? Sorry for the trouble - apparently the xauth was missing, so installing it fixes the problem. Thanks, Hetz = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding question
On Thu, Feb 21, 2002, Hetz Ben Hamo wrote about "Re: X Forwarding question": > You can't - 10.1.1.1 is not accessible from outside, only through ssh'ing the > gateway and then to 10.1.1.1 So what? You can do two "stages" of ssh -X, from your machine to the gateway, and then from the gateway to 10.1.1.1. Connections to (say) 10.1.1.1:10 will be forwarded to gateway:10, and these connections will be forwarded to yourmachine:0. Everything should be completely automatic - just run ssh -X instead of ssh. You don't even have to set DISPLAY (except on your machine, before the initial ssh, of course), ssh does it for you. > ssh -X other-side-GW-IP, and from there - ssh -X 10.1.1.1 > this still doesn't work, and doing: export DISPLAY=192.168.1.2:0.0 and then > running xlogo for example - doesn't give me anything... This should work. *Don't* set DISPLAY yourself - use the one ssh gives you. What DISPLAY do you get on the gateway (in the middle of the ssh sequence)? What DISPLAY do you get finally on 10.1.1.1? What do you mean by "doesn't work" and "doesn't give me anything"? -- Nadav Har'El| Thursday, Feb 21 2002, 10 Adar 5762 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |Lumber Cartel member #2224. http://nadav.harel.org.il |http://come.to/the.lumber.cartel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Gnome Panel & Menus
I trying to figure out where the menu defintitions are for the main menu on the panel. I once installed ximian gnome, and since then my main menu has four elements: Programs, Favorites, Settings, Desktop. The regular menu editors that come with gnome, and Mandrake (I'm using Mandrake 8.1) do not see these menus, and make a mess when I try to change the Programs menu. I want to know, also for personal knowlegde which are the configuration files that tell the panel (or menus) how to format them selves. I could see that there is some connection with the directory structure under .gnome/apps and .gnome/apps-mdk, however these do not describe the top level menus. Any info will be appreciated. Shai = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Gnome Panel & Menus
On Thu, 21 Feb 2002, Shai Bentin wrote: > I trying to figure out where the menu defintitions are for the main menu > on the panel. I once installed ximian gnome, and since then my main menu > has four elements: Programs, Favorites, Settings, Desktop. > > The regular menu editors that come with gnome, and Mandrake (I'm using > Mandrake 8.1) do not see these menus, and make a mess when I try to > change the Programs menu. > > I want to know, also for personal knowlegde which are the configuration > files that tell the panel (or menus) how to format them selves. > > I could see that there is some connection with the directory structure > under .gnome/apps and .gnome/apps-mdk, however these do not describe the > top level menus. > > Any info will be appreciated. Mandrake uses the menu system that is borrowed from debian. Maybe debian's docuemntation has better descrition of it. Any pakage that wants to add entries to menus adds files with those entries to /usr/lib/menu , /etc/menu or $HOME/.menu (I may got some paths wrong). Any program that wishes to present a menu adds a script /etc/menu-methods . This script should be able to reconstruct the menus for the program from the menu entries. The reason Mandrake later changed the path of their created menus to apps-mdk instead of apps is that in case you don't like their system, you can easily disable it, and use gnome's (or ximian's) default. You can probably try to merge the two systems together (either add some ximian menu entries to /etc/menu and modify the configuration to use apps-mdk, or copy the entries mandrake creates to ximian's empty menu) HTH -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Secure NFS with untrusted clients
Hello, I wonder about the following scenario, which is quite common: A large network consisting of many users and many Unix boxes. Users aren't supposed to have root access to any box. All home directories reside on a central fileserver. How do you configure the networked filesystem? The obvious solution is to (auto)mount the home directories to the individual boxes via NFS, using NIS or LDAP to keep the user accounts consistent. This is terribly insecure -- if *any* box is compromised, *all* home directories are available to the attacker. The NFS security model relies on the client boxes for doing the user authentication, which is a terrible assumption. Note that root_squash and suchlike are of little help, since root can 'su' into any user. Things are even worse if users have their own workstations, to which they do have root access, but still need to mount personal directories from a fileserver. You can solve this if you know in advance which user works on which client, and NFS-export each home directory separately with appropriate host restrictions. But this "off-line central authentication" is clearly impractical. Interestingly, the NT domain model (incarnated as SMB) seems to be the best possible in this respect, at least in theory. Namely, as long as a user hasn't actually typed his password into a any compromised box, his files are safe. This is because of the challenge-response authentication against the domain controller, and the distinction between local and domain-wide "Administrator" accounts. Kerberos has a comparable model, but I couldn't find any info about combining it with NFS (plain NFS+pam_krb5 obviously doesn't solve anything). Is there such a combination, or a viable alternative? Regards, Eran Tromer = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Forms? DB?
Hi Gang, I want to create a DB of people for whom I fixed their computer in the past: Contact info, hardware inventory, recoed of what I did... Is there something I can use? Should I create a DB? Should I create forms? I want to get to their house and fill in a form with tas many details as possible, so if they call me on the phone i can look it up and know what's going on... 10x, Amichai. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Secure NFS with untrusted clients
On Fri, 22 Feb 2002, Eran Tromer wrote: > Hello, > > I wonder about the following scenario, which is quite common: > A large network consisting of many users and many Unix boxes. Users > aren't supposed to have root access to any box. All home directories > reside on a central fileserver. How do you configure the networked > filesystem? > > The obvious solution is to (auto)mount the home directories to the > individual boxes via NFS, using NIS or LDAP to keep the user accounts > consistent. This is terribly insecure -- if *any* box is compromised, > *all* home directories are available to the attacker. The NFS security > model relies on the client boxes for doing the user authentication, > which is a terrible assumption. Note that root_squash and suchlike are > of little help, since root can 'su' into any user. > > Things are even worse if users have their own workstations, to which > they do have root access, but still need to mount personal directories > from a fileserver. > > You can solve this if you know in advance which user works on which > client, and NFS-export each home directory separately with appropriate > host restrictions. But this "off-line central authentication" is clearly > impractical. > > Interestingly, the NT domain model (incarnated as SMB) seems to be the > best possible in this respect, at least in theory. Namely, as long as a > user hasn't actually typed his password into a any compromised box, his > files are safe. This is because of the challenge-response authentication > against the domain controller, and the distinction between local and > domain-wide "Administrator" accounts. > > Kerberos has a comparable model, but I couldn't find any info about > combining it with NFS (plain NFS+pam_krb5 obviously doesn't solve > anything). Is there such a combination, or a viable alternative? AFS? CODA? intermezzo? I'm not sure how mature are the latter two. AFS and CODA are built around kerberos, AFAIR. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding question
-=O0~O0=- "He took his vorpal sword in hand: Long time the manxome foe he sought - So rested he by the Tumtum tree. And stood awhile in thought." [L.Carrol "Jabberwacky"] On Thu, 21 Feb 2002, Hetz Ben Hamo wrote: > > This should work. *Don't* set DISPLAY yourself - use the one ssh gives you. > > What DISPLAY do you get on the gateway (in the middle of the ssh sequence)? > > What DISPLAY do you get finally on 10.1.1.1? > > What do you mean by "doesn't work" and "doesn't give me anything"? general question: what if the gateway has no X on it and therefore its ssh doesn't support X fowarding? Max. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Forms? DB?
-=O0~O0=- "He took his vorpal sword in hand: Long time the manxome foe he sought - So rested he by the Tumtum tree. And stood awhile in thought." [L.Carrol "Jabberwacky"] On Fri, 22 Feb 2002, Amichai Rotman wrote: > Hi Gang, > > I want to create a DB of people for whom I fixed their computer in the past: > > Contact info, hardware inventory, recoed of what I did... > > Is there something I can use? > > Should I create a DB? > > Should I create forms? the answer depends on the past and the future: do you have many such clients from the past ? do you plan to be in this "fixing" business in the future ? sql is an option, but if you don't get too many records, maybe you should hack some php message board to serve you [i assume you do run apache, with php... maybe i'm wrong, insted "new post" - "new record" etc.] for security reasons you can lock adding new users feature.. tell me if you like the idea > > I want to get to their house and fill in a form with tas many details as > possible, so if they call me on the phone i can look it up and know what's > going on... > > 10x, > > Amichai. > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: X Forwarding question
On Fri, 22 Feb 2002, Max Kovgan wrote: > -=O0~O0=- > "He took his vorpal sword in hand: > Long time the manxome foe he sought - > So rested he by the Tumtum tree. > And stood awhile in thought." > > [L.Carrol "Jabberwacky"] > > On Thu, 21 Feb 2002, Hetz Ben Hamo wrote: > > > > This should work. *Don't* set DISPLAY yourself - use the one ssh gives you. > > > What DISPLAY do you get on the gateway (in the middle of the ssh sequence)? > > > What DISPLAY do you get finally on 10.1.1.1? > > > What do you mean by "doesn't work" and "doesn't give me anything"? > > general question: > > what if the gateway has no X on it and therefore its ssh > doesn't support X fowarding? > Max. Tunnel port 22 of 10.1.1.1: ssh -L 10022:10.0.0.1:22 user@server -f 'echo "connected"; sleep 100' # using ssh -n might have been better? # now you have 100 seconds to establish a connection by: ssh -p 10022 localhost The ssh connection to 'server' will only close after the last user of it will quit, that is, after the end of 'sleep 100' and/or after the end of your other connections. I haven't experimented with 'ssh -n' Note that I'm not sure Hetz could originally do that. He mentioned he could not forward ports. In this case you need to be able to allocate a listening port on your machine. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Forms? DB?
On Fri, 22 Feb 2002, Amichai Rotman wrote: > Hi Gang, > > I want to create a DB of people for whom I fixed their computer in the past: > > Contact info, hardware inventory, recoed of what I did... > > Is there something I can use? > > Should I create a DB? > > Should I create forms? > > I want to get to their house and fill in a form with tas many details as > possible, so if they call me on the phone i can look it up and know what's > going on... Forms: for what environment: X? web? terminal? all three? (The perfect system should have at least the first two, plus a command-line interface for scripting. But development time also counts) -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
