RE: ****RE: ****Re: ****Re: Linux Administration - Users in (any) database howto/why... SAMBA and CERTS

[Lisa Kachold]

I think the LDAP article(s) find a nice balance between complexity and 
simplicity - and those are just example ACL's Craig.  

Samba leaves a great deal to be desired as you so eloquently describe.  To get 
around the smbpasswd password changing issues, you can do a "csh" or "screen" 
before implementing the command, so no bash_history will be retained.  To 
automate user smbpasswd changes, you can run an exec from a ssh script on 
another server.  And you can yum install expect to wait for command line input 
and actually CHANGE the password from a central server script for all your 
systems in the farm, even referencing a database or doing a bind password 
comparison and netbios verification?

Hey, I am all about user education, especially when it comes to certs.  

Perhaps you might have a Intranet page, with clear questions and answers or 
write a little cscript "application" that prompts them through the process?  


www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM


> Subject: Re: RE: Re: Re: Linux Administration - Users in (any)
> database howto/why...
> From: craigwh...@azapple.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Fri, 2 Jan 2009 20:21:16 -0700
> 
> On Sat, 2009-01-03 at 02:48 +, Lisa Kachold wrote:
> > Here's the definitive guide for hammering down LDAP, noting defaults
> > for use, etc.
> > http://eatingsecurity.blogspot.com/2008/11/openldap-security.html
> 
> I'd hardly call it a definitive guide to hammering down LDAP when there
> are only 2 ACL's. I think a better handle for that URL is some thoughts
> about securing LDAP.
> 
> It makes me absolutely insane that the only way to set the bind password
> for samba is via a command line 'smbpasswd -w SOME_STINKIN_PASSWORD' so
> you have to clear history after performing such a command.
> 
> For the most part, I have found it useful to allow anonymous binds for
> virtually everything except self access to userPassword, sambaNTPassword
> and sambaLMPassword.
> 
> That way, all shared Address Books, all the various clients such as
> Postfix, Cyrus-IMAPd, etc. can get what they need without any
> credentials laying around and obviously try to require all
> authentication to happen via encrypted connections...which means that
> you have to educate users on how to get very stupid client applications
> like Outlook to accept self-signed certs, which means that I create
> certificates with long usage times and sort of is just a PITA.
> 
> I'm not sure which is worse, devices like an iPhone which just happily
> accepts just about any cert without much of a fuss or Firefox 3 which
> freaks people out when presented a self-signed cert.
> 
> Craig
> 
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
Send e-mail faster without improving your typing skills.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_speed_122008---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Ed]

On Fri, Jan 2, 2009 at 6:02 PM, Lisa Kachold  wrote:
> Correct!  Bingo!  You understand the process.
>
> So, your LDAP server optimally would:
>
> 1) Not have /etc/sudoers wide open (shells disabled, be unable to escape a
> vi to root command shell) and only do a few commands.
> 2) Have good permissions, and/or have no shell or X users with privs.
> 3) Be completely configured and tested, as well as patched to current
> standards.
>

would there be any sense, as an addition to the above, in making the
/etc/ldap.secret a soft link into an encrypted partition - for example
/var/aaa/ldap.secret?
one should take care with ownership and the umask, but I think it
would add a layer of protection - so long as being there for bootups
isn't a problem...

so long as proximity isn't a problem - is this an additional layer of
security worth the trouble?

> And even then.anyone on the same shared network could decrypt your TLS
> sessions snarfed via promiscious ethernet like any singing bird on the wire
> is heard (using crypt/john).  Add a nice VLAN or layer 3 switch (also well
> configured) and we have a VERY GOOD solution!
>
> Unfortunately, that's the same thing with Microsoft Netbios and other auth,
> while better with encryption, still trivial to intercept and exploit on a
> shared network with Metasploit.
>
> But.sLDAP integrated well is BETTER than two (or three counting web
> systems) admins adding two or three (or four with LTS) users at every
> change?
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> (503)754-4452
> 
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
>
>
>> Date: Fri, 2 Jan 2009 16:40:20 -0700
>> From: j...@nationnet.com
>> To: plug-discuss@lists.plug.phoenix.az.us
>> Subject: Re: Re: Linux Administration - Users in (any) database
>> howto/why...
>>
>> Good point on TLS. The /etc/ldap.secret is where I had the problem. If
>> you put that file on an end users machine, wouldn't they be able to boot
>> into single user mode or sudo and read that file? Doesn't that file
>> provide the keys to the kingdom? Once you have full read access to the
>> directory. can't you read all the user id's and hashes and gain access
>> to every other system? Sorry if this was already a hackfest activity and
>> I missed it.
>>
>> >
>>
>>
>> Craig White wrote:
>> >
>> > 
>> > ssl support as far as I know, has always been part of LDAP but it has
>> > mostly been deprecated in favor of using TLS. I know that Red Hat
>> > systems still launch both the ldap and ldaps listeners and if you use
>> > TLS, you don't use the ldaps connection. This actually makes sense
>> > because if you 'bind' via encryption, the rest of the data does not need
>> > to incur the overhead of encryption.
>> >
>> >
>>
>> > If you intend to use the system for user authentication, you will have
>> > to create /etc/ldap.secret, chmod it to 0600 and embed a suitable
>> > password that allows you access. Since you have to be root to read the
>> > file, I am not certain what your reservations are because if you are
>> > root, you certainly can do much more than read the LDAP password.
>> >
>> >
>>
>> > Craig
>> >
>> > ---
>> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> 
> Life on your PC is safer, easier, and more enjoyable with Windows Vista(R).
> See how
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****RE: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 21:08 -0700, Joe wrote:
> Sorry Craig, I had to jump in again. smbpasswd -w drives you crazy? From 
> the Eating Security page, this is what I was talking about eariler:
> 
> "Another file with a plain text password is /etc/ldap.secret. This file 
> must contain the rootdn password in plain text, but is again somewhat 
> mitigated with file permissions."
> 
> Help me out here. Doesn't that basically mean that the root id and 
> password will be in that file and all apps that use the directory 
> service can be compromised if that file is compromised? i.e. a 
> vulnerability in virus scanner, web server, email server, 
> 
> I think there is some really good information on that page and want to 
> explore it further. I would love to have a centralized ldap server that 
> if one of the apps were compromised, all the others could remain safe.
> 
> I totally agree that one would need more than 2 ACL's, but those are 
> hard to write properly and understand the ramifications.

In my setups, the only app that uses /etc/ldap.secret is pam itself for
authentication. Yes, it is a flat file but so
is /etc/passwd, /etc/shadow.

No, the file only contains rootbinddn password and nothing else. Of
course the rootbinddn id is discoverable from /etc/ldap.conf which is
pretty much world readable to be useful.

Again, I pretty much allow anonymous binds for most everything so it's
easy enough for anyone, anywhere without authentication to get info from
most of LDAP...

ldapsearch -x -D '' '(mail=craig*)' #note -D '' means an empty bind

and get replies. This pretty much satisfies Postfix and Cyrus for mail
deliveries. I'm not sure where you're going with web server - I mean I
do use mod_authz_ldap but I just set it to 'require valid user' or
'require group' and let the user supply authentication information so
again, the only thing that uses /etc/ldap.secret is nss/pam.

As far as everything being compromised if the file is compromised - sure
- it gives you root level access - i.e. - you can set your own user id
to 0 if you wish. It's the same as cracking /etc/shadow or changing root
password. The thing that you fail to equate that booting into run level
1 which allows you to read the /etc/ldap.secret file also allows you to
do virtually everything else equivalent (change root password,
copy /etc/shadow to user space, install key-loggers, etc.) Basically,
the way I figger, if you have users booting to run level 1, your network
security has already been compromised.

Heck - if it were me and my mind set were to become super user and I
booted to run level 1, I wouldn't waste my time with /etc/ldap.secret at
all...I would just
copy /etc/shadow, /var/log/wtmp, /var/log/secure, /root/.bash_history to
somewhere safe, change root password, up the run level, do my dirty
work, replace the files I copied and reboot.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****RE: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Joe]

Sorry Craig, I had to jump in again. smbpasswd -w drives you crazy? From 
the Eating Security page, this is what I was talking about eariler:

"Another file with a plain text password is /etc/ldap.secret. This file 
must contain the rootdn password in plain text, but is again somewhat 
mitigated with file permissions."

Help me out here. Doesn't that basically mean that the root id and 
password will be in that file and all apps that use the directory 
service can be compromised if that file is compromised? i.e. a 
vulnerability in virus scanner, web server, email server, 

I think there is some really good information on that page and want to 
explore it further. I would love to have a centralized ldap server that 
if one of the apps were compromised, all the others could remain safe.

I totally agree that one would need more than 2 ACL's, but those are 
hard to write properly and understand the ramifications.

Craig White wrote:
> On Sat, 2009-01-03 at 02:48 +, Lisa Kachold wrote:
>   
>> Here's the definitive guide for hammering down LDAP, noting defaults
>> for use, etc.
>> http://eatingsecurity.blogspot.com/2008/11/openldap-security.html
>> 
> 
> I'd hardly call it a definitive guide to hammering down LDAP when there
> are only 2 ACL's. I think a better handle for that URL is some thoughts
> about securing LDAP.
>
> It makes me absolutely insane that the only way to set the bind password
> for samba is via a command line 'smbpasswd -w SOME_STINKIN_PASSWORD' so
> you have to clear history after performing such a command.
>
> For the most part, I have found it useful to allow anonymous binds for
> virtually everything except self access to userPassword, sambaNTPassword
> and sambaLMPassword.
>
> That way, all shared Address Books, all the various clients such as
> Postfix, Cyrus-IMAPd, etc. can get what they need without any
> credentials laying around and obviously try to require all
> authentication to happen via encrypted connections...which means that
> you have to educate users on how to get very stupid client applications
> like Outlook to accept self-signed certs, which means that I create
> certificates with long usage times and sort of is just a PITA.
>
> I'm not sure which is worse, devices like an iPhone which just happily
> accepts just about any cert without much of a fuss or Firefox 3 which
> freaks people out when presented a self-signed cert.
>
> Craig
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>   
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****RE: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Sat, 2009-01-03 at 02:48 +, Lisa Kachold wrote:
> Here's the definitive guide for hammering down LDAP, noting defaults
> for use, etc.
> http://eatingsecurity.blogspot.com/2008/11/openldap-security.html

I'd hardly call it a definitive guide to hammering down LDAP when there
are only 2 ACL's. I think a better handle for that URL is some thoughts
about securing LDAP.

It makes me absolutely insane that the only way to set the bind password
for samba is via a command line 'smbpasswd -w SOME_STINKIN_PASSWORD' so
you have to clear history after performing such a command.

For the most part, I have found it useful to allow anonymous binds for
virtually everything except self access to userPassword, sambaNTPassword
and sambaLMPassword.

That way, all shared Address Books, all the various clients such as
Postfix, Cyrus-IMAPd, etc. can get what they need without any
credentials laying around and obviously try to require all
authentication to happen via encrypted connections...which means that
you have to educate users on how to get very stupid client applications
like Outlook to accept self-signed certs, which means that I create
certificates with long usage times and sort of is just a PITA.

I'm not sure which is worse, devices like an iPhone which just happily
accepts just about any cert without much of a fuss or Firefox 3 which
freaks people out when presented a self-signed cert.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

Good points Craig.  I can see you are a true "administrator" where you think in 
systemic terms and context is everything.
Black and White (good bad) simplistic and linear thinking is not the  moniker 
of the seasoned administrator.

LDAP is a good, well developed and heavily implemented tool.  It's not too 
complex, nor overkill, it's just foriegn and unfamilar if you are used to a 
simple database for LTS or kerberos passwords.  [Beware if you see yourself or 
others devolve to bad/good thinking after going past something they don't 
understand or when confronted with a simple complex yet unfamilar technology.  
We each learn to troubleshoot through our own ego defenses - such thinking is a 
defense, that must be treated in context.]  LDAP is simple (and secure) when 
implemented well, especially when changing passwords on diverse systems is 
required for PCI compliance every two months!

I also prefer to use a well supported solution:
1) LTS uses postgresql
2) LDAP is available for this LTS postgresql solution.

Here's the definitive guide for hammering down LDAP, noting defaults for use, 
etc.

http://eatingsecurity.blogspot.com/2008/11/openldap-security.html

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM

> Subject: Re: ****Re: Re: Linux Administration - Users in (any) database   
> howto/why...
> From: craigwh...@azapple.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Fri, 2 Jan 2009 17:29:06 -0700
> 
> On Fri, 2009-01-02 at 16:40 -0700, Joe wrote:
> > Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
> > you put that file on an end users machine, wouldn't they be able to boot 
> > into single user mode or sudo and read that file? Doesn't that file 
> > provide the keys to the kingdom? Once you have full read access to the 
> > directory. can't you read all the user id's and hashes and gain access 
> > to every other system? Sorry if this was already a hackfest activity and 
> > I missed it.
> 
> sure...but if you can boot into runlevel 1, you simply make a user copy
> of /etc/shadow and run a password cracker on that - should be trivial
> enough to get root password from that too.
> 
> Awful easy to boot Windows with CD that resets local Administrator
> password too.
> 
> Basically, a computer is an insecure device unless locked in a closet
> where no hands can touch and no network to access it.
> 
> Craig
> 
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
Life on your PC is safer, easier, and more enjoyable with Windows Vista®. 
http://clk.atdmt.com/MRT/go/127032870/direct/01/---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

Under LDAP, the user exchanges a token (just like cookies), so they triangulate 
with the server.  But it's not "secure" any more than lock boxes are to 
physical home security where the combination can be  easily obtained.  If/when 
you install the recent OpenLDAP, the cilent obfuscates it's key via encryption 
that authenticates against either the server on Linux (kerberos) or via the AD 
in Windows server model.

Kerberos doesn't protect anything in LDAP over and above the standard password 
hash key exchange.  
In the case of SASL/GSSAPI, the client and server participate in
mutual Kerberos authentication exchange requiring each to obtain
appropriate tickets from the KDC.  See a site about Kerberos for details.

One can configure saslauthd to verify a user's password,
provided by the client to the server via SASL/PLAIN,
LDAP simple bind, etc., against Kerberos credential information
maintained by the KDC.  This is NOT Kerberos authentication.
This is password authentication.

Use of the latter violates the Kerberos security model as
it, amongst other things, exposes the user's password to the
server (and, if you don't adequately protect the LDAP bind
request, the world).

Note that this discussion is not really OpenLDAP-specific,
say applies to any application protocol server configured
to verify user passwords in this manner instead of using
a Kerberos-based authentication mechanism of that
protocol (SASL/GSSAPI in the case of LDAPv3).

OpenLDAP as a protocol is completely drop and designate in and of itself (using 
PAM/kerberos in linux).  Where access to the server token and client tokens are 
available it is a fairly open door.

You can intercept and decrypt the key exchanged ciphers with John/Crypt for 
regular user administration with access to the hash also.

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM

> Subject: Re: Re: Re: Linux Administration - Users in (any) database   
> howto/why...
> From: craigwh...@azapple.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Fri, 2 Jan 2009 17:40:17 -0700
> 
> On Fri, 2009-01-02 at 16:40 -0700, Joe wrote:
> > Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
> > you put that file on an end users machine, wouldn't they be able to boot 
> > into single user mode or sudo and read that file? Doesn't that file 
> > provide the keys to the kingdom? Once you have full read access to the 
> > directory. can't you read all the user id's and hashes and gain access 
> > to every other system? Sorry if this was already a hackfest activity and 
> > I missed it.
> 
> and I should mention that if you want to get around that issue, you
> implement kerberos in addition to LDAP.
> 
> Craig
> 
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
Life on your PC is safer, easier, and more enjoyable with Windows Vista®. 
http://clk.atdmt.com/MRT/go/127032870/direct/01/---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: ****Re: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

Correct!  Bingo!  You understand the process.

So, your LDAP server optimally would:

1) Not have /etc/sudoers wide open (shells disabled, be unable to escape a vi 
to root command shell) and only do a few commands.
2) Have good permissions, and/or have no shell or X users with privs.
3) Be completely configured and tested, as well as patched to current standards.

And even then.anyone on the same shared network could decrypt your TLS 
sessions snarfed via promiscious ethernet like any singing bird on the wire is 
heard (using crypt/john).  Add a nice VLAN or layer 3 switch (also well 
configured) and we have a VERY GOOD solution!

Unfortunately, that's the same thing with Microsoft Netbios and other auth, 
while better with encryption, still trivial to intercept and exploit on a 
shared network with Metasploit.

But.sLDAP integrated well is BETTER than two (or three counting web 
systems) admins adding two or three (or four with LTS) users at every change?  

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM


> Date: Fri, 2 Jan 2009 16:40:20 -0700
> From: j...@nationnet.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Re: Linux Administration - Users in (any)database
> howto/why...
> 
> Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
> you put that file on an end users machine, wouldn't they be able to boot 
> into single user mode or sudo and read that file? Doesn't that file 
> provide the keys to the kingdom? Once you have full read access to the 
> directory. can't you read all the user id's and hashes and gain access 
> to every other system? Sorry if this was already a hackfest activity and 
> I missed it.
> 
> >   
> 
> 
> Craig White wrote:
> >
> > 
> > ssl support as far as I know, has always been part of LDAP but it has
> > mostly been deprecated in favor of using TLS. I know that Red Hat
> > systems still launch both the ldap and ldaps listeners and if you use
> > TLS, you don't use the ldaps connection. This actually makes sense
> > because if you 'bind' via encryption, the rest of the data does not need
> > to incur the overhead of encryption.
> >
> >   
> 
> > If you intend to use the system for user authentication, you will have
> > to create /etc/ldap.secret, chmod it to 0600 and embed a suitable
> > password that allows you access. Since you have to be root to read the
> > file, I am not certain what your reservations are because if you are
> > root, you certainly can do much more than read the LDAP password.
> >
> >   
> 
> > Craig
> >
> > ---
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >   
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
Life on your PC is safer, easier, and more enjoyable with Windows Vista®. 
http://clk.atdmt.com/MRT/go/127032870/direct/01/---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 16:40 -0700, Joe wrote:
> Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
> you put that file on an end users machine, wouldn't they be able to boot 
> into single user mode or sudo and read that file? Doesn't that file 
> provide the keys to the kingdom? Once you have full read access to the 
> directory. can't you read all the user id's and hashes and gain access 
> to every other system? Sorry if this was already a hackfest activity and 
> I missed it.

and I should mention that if you want to get around that issue, you
implement kerberos in addition to LDAP.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 16:40 -0700, Joe wrote:
> Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
> you put that file on an end users machine, wouldn't they be able to boot 
> into single user mode or sudo and read that file? Doesn't that file 
> provide the keys to the kingdom? Once you have full read access to the 
> directory. can't you read all the user id's and hashes and gain access 
> to every other system? Sorry if this was already a hackfest activity and 
> I missed it.

sure...but if you can boot into runlevel 1, you simply make a user copy
of /etc/shadow and run a password cracker on that - should be trivial
enough to get root password from that too.

Awful easy to boot Windows with CD that resets local Administrator
password too.

Basically, a computer is an insecure device unless locked in a closet
where no hands can touch and no network to access it.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Joe]

Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
you put that file on an end users machine, wouldn't they be able to boot 
into single user mode or sudo and read that file? Doesn't that file 
provide the keys to the kingdom? Once you have full read access to the 
directory. can't you read all the user id's and hashes and gain access 
to every other system? Sorry if this was already a hackfest activity and 
I missed it.

>   


Craig White wrote:
>
> 
> ssl support as far as I know, has always been part of LDAP but it has
> mostly been deprecated in favor of using TLS. I know that Red Hat
> systems still launch both the ldap and ldaps listeners and if you use
> TLS, you don't use the ldaps connection. This actually makes sense
> because if you 'bind' via encryption, the rest of the data does not need
> to incur the overhead of encryption.
>
>   

> If you intend to use the system for user authentication, you will have
> to create /etc/ldap.secret, chmod it to 0600 and embed a suitable
> password that allows you access. Since you have to be root to read the
> file, I am not certain what your reservations are because if you are
> root, you certainly can do much more than read the LDAP password.
>
>   

> Craig
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>   
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: ****Re: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

sldap is available for gentoo, FedoraCore/Redhat/Centos, SLES/SUSE, 
Ubuntu/Debian.  

While it all uses encryption, many clients and server LDAP implementations 
include various exploits and on a shared network LDAP (and NIS) are sent clear 
text.  

Modern TSL is used in OpenLDAP, but can be trivially decrypted, with John/Crypt 
- hence the Layer 3 switch or VLAN exclusion.

It is all very easy to integrate with AD, mail and httpd.

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3


> Subject: Re: ****Re: Linux Administration - Users in (any) database   
> howto/why...
> From: craigwh...@azapple.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Fri, 2 Jan 2009 13:24:20 -0700
> 
> On Fri, 2009-01-02 at 13:09 -0700, Joe wrote:
> > Craig,
> > 
> > Thanks for the info on FreeIPA. It sounds like you have quite a bit of 
> > experience with LDAP. Maybe you can answer some questions.
> > 
> > In the past when I tried to configure LDAP with nsswitch, I remember 
> > that I had to put the Admin credentials in a file in /etc. Also, at the 
> > time ldap did not support ssl ( it was a long time ago :-) )
> > 
> > Can LDAP be used on client systems now where the credentials are secure? 
> > I didn't like the idea of having basically the root password in 
> > cleartext on every system. The same goes for using ldap to authenticate 
> > to an apache server. I would like to try again, but last time I spent 
> > weeks on getting it configured and found it easy to basically own the 
> > ldap server.
> 
> ssl support as far as I know, has always been part of LDAP but it has
> mostly been deprecated in favor of using TLS. I know that Red Hat
> systems still launch both the ldap and ldaps listeners and if you use
> TLS, you don't use the ldaps connection. This actually makes sense
> because if you 'bind' via encryption, the rest of the data does not need
> to incur the overhead of encryption.
> 
> If you intend to use the system for user authentication, you will have
> to create /etc/ldap.secret, chmod it to 0600 and embed a suitable
> password that allows you access. Since you have to be root to read the
> file, I am not certain what your reservations are because if you are
> root, you certainly can do much more than read the LDAP password.
> 
> Craig
> 
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
Send e-mail faster without improving your typing skills.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_speed_122008---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

[OT] Re: Linux Administration

[Craig White]

On Fri, 2009-01-02 at 15:04 -0700, Technomage wrote:
> Thats all fine and good, but when it comes down to it, we wouldn't have 
> a government if no one paid any taxes.
> That means no one to defend our borders, or make the laws or manage the 
> society properly...
> 
> Take a look at Ethiopia and you'll see an example of "lack of government"
> 
> a fair tax would be: 10% on all purchases, regardless of type. everyone 
> would pay the same regardless of economic group.
> Elimination of income tax would spur further growth (and spending)

This is a political discussion that has nothing to do with Linux.

Fair tax is regressive

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration

[Technomage]

Thats all fine and good, but when it comes down to it, we wouldn't have 
a government if no one paid any taxes.
That means no one to defend our borders, or make the laws or manage the 
society properly...

Take a look at Ethiopia and you'll see an example of "lack of government"

a fair tax would be: 10% on all purchases, regardless of type. everyone 
would pay the same regardless of economic group.
Elimination of income tax would spur further growth (and spending)


Mike Garfias wrote:
> The only fair tax is no tax.  Otherwise someone is being 
> hit disproportionately.  Of course that someone varies based on how 
> you score it.  Thus: fair tax = no tax.
>
> On Thu, Jan 1, 2009 at 8:34 AM, Lisa Kachold  > wrote:
>
> Abolishing the IRS?  Sure, that's got to save a mint!
>
> While I haven't digested the fair tax initiate, I groan knowing
> how much American's hate fairness.
>
> I also know in a very deep way, that the only real solutions will
> have to be broad reaching and deep, while American's are incapable
> of simplistic change, especially where finances are concerned.
>
>
> 
>

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration

[Mike Garfias]

The only fair tax is no tax.  Otherwise someone is being
hit disproportionately.  Of course that someone varies based on how you
score it.  Thus: fair tax = no tax.

On Thu, Jan 1, 2009 at 8:34 AM, Lisa Kachold wrote:

>  Abolishing the IRS?  Sure, that's got to save a mint!
>
> While I haven't digested the fair tax initiate, I groan knowing how much
> American's hate fairness.
>
> I also know in a very deep way, that the only real solutions will have to
> be broad reaching and deep, while American's are incapable of simplistic
> change, especially where finances are concerned.
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> --
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
>
> > From: kitepi...@kitepilot.com
> > To: plug-discuss@lists.plug.phoenix.az.us
> > Subject: Re: Linux Administration
> > Date: Thu, 1 Jan 2009 07:33:15 -0500
>
> >
> > http://www.fairtax.org/
> > ...
> >
> >
> >
> > Joshua Zeidner writes:
> >
> > > The cost of living would be much lower if we weren't taking tax
> > > money to prop up real estate prices. -jmz
> > >
> > > On Wed, Dec 31, 2008 at 6:43 PM, Lisa Kachold 
> wrote:
> > >> That's enough to feed 4 children and a grandparent in India. Who cares
> what
> > >> is in America?
> > >>
> > >> www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
> > >> hackfest.obnosis.com (503)754-4452
> > >> 
> > >> January PLUG HackFest = Kristy Westphal, AZ Department of Economic
> Security
> > >> Forensics @ UAT 1/10/09 12-3PM
> > >> Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take
> the Blue
> > >> [MS Upgrade] Pill & stay happily ignorant...
> > >>
> > >>> Date: Wed, 31 Dec 2008 15:31:55 -0800
> > >>> From: eculb...@yahoo.com
> > >>> Subject: RE: Linux Administration
> > >>> To: plug-discuss@lists.plug.phoenix.az.us
> > >>>
> > >>> Yep, and that's $1 below the new minimum wage starting at midnight!
> > >>>
> > >>> 73
> > >>>
> > >>> Ed/ke7feg Now that November is here, April can wait!
> > >>>
> > >>> On 2/23/2007 the morse code requirement was dropped for getting
> > >>> a ham license. Now just pass the written exams which are on the
> > >>> web at arrl.org for questions and http://www.kb0mga.net/exams/
> > >>>
> > >>>
> > >>> --- On Wed, 12/31/08, Jason  wrote:
> > >>>
> > >>> > From: Jason 
> > >>> > Subject: RE: Linux Administration
> > >>> > To: "Main PLUG discussion list" <
> plug-discuss@lists.plug.phoenix.az.us>
> > >>> > Cc: klsmith2...@yahoo.com
> > >>> > Date: Wednesday, December 31, 2008, 1:14 PM
> > >>> > I want to spend $250/month but I want you *available* 12
> > >>> > hours/day?
> > >>> > Now, I can do it for $250/month retainer, billable hours at
> > >>> > $50/hour
> > >>> > with a 1 hour minimum per contact. So, once you have my
> > >>> > attention for 5
> > >>> > hours, you pay more.
> > >>> >
> > >>> > That's the way I would run the agreement.
> > >>> >
> > >>> > He even states an estimate of 10 hours/week. So, that
> > >>> > translates to
> > >>> > $6.25/hour.
> > >>> >
> > >>> > Pretty comical. :)
> > >>> >
> > >>> >
> > >>> >
> > >>> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
> > >>> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
> > >>> > >
> > >>> > > Working with people who could juggle 20 projects with
> > >>> > laughing ease,
> > >>> > > rebuild a 24X7 server and swap IP Addresses, knowing
> > >>> > how to clear the
> > >>> > > arp cache on everything (which we, of course had
> > >>> > access to,
> > >>> > > controlling all routers, switches and firewalls)
> > >>&

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 13:09 -0700, Joe wrote:
> Craig,
> 
> Thanks for the info on FreeIPA. It sounds like you have quite a bit of 
> experience with LDAP. Maybe you can answer some questions.
> 
> In the past when I tried to configure LDAP with nsswitch, I remember 
> that I had to put the Admin credentials in a file in /etc. Also, at the 
> time ldap did not support ssl ( it was a long time ago :-) )
> 
> Can LDAP be used on client systems now where the credentials are secure? 
> I didn't like the idea of having basically the root password in 
> cleartext on every system. The same goes for using ldap to authenticate 
> to an apache server. I would like to try again, but last time I spent 
> weeks on getting it configured and found it easy to basically own the 
> ldap server.

ssl support as far as I know, has always been part of LDAP but it has
mostly been deprecated in favor of using TLS. I know that Red Hat
systems still launch both the ldap and ldaps listeners and if you use
TLS, you don't use the ldaps connection. This actually makes sense
because if you 'bind' via encryption, the rest of the data does not need
to incur the overhead of encryption.

If you intend to use the system for user authentication, you will have
to create /etc/ldap.secret, chmod it to 0600 and embed a suitable
password that allows you access. Since you have to be root to read the
file, I am not certain what your reservations are because if you are
root, you certainly can do much more than read the LDAP password.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[Joe]

Craig,

Thanks for the info on FreeIPA. It sounds like you have quite a bit of 
experience with LDAP. Maybe you can answer some questions.

In the past when I tried to configure LDAP with nsswitch, I remember 
that I had to put the Admin credentials in a file in /etc. Also, at the 
time ldap did not support ssl ( it was a long time ago :-) )

Can LDAP be used on client systems now where the credentials are secure? 
I didn't like the idea of having basically the root password in 
cleartext on every system. The same goes for using ldap to authenticate 
to an apache server. I would like to try again, but last time I spent 
weeks on getting it configured and found it easy to basically own the 
ldap server.

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 10:07 -0700, Stephen wrote:
> open-LikeWise will not synchronise as far as i can tell, its more of a
> authentication tool, or the free one is. but if your on a Linux
> machine and need to auth against a Domain its handy.
> 
> It also appears that the next version of freeIPA (2.0) is looking to
> make it less fedora only. which will be very nice. but im unsure of
> that. in any case it is a more complete integration. if you don't mind
> only useing fedora.

Samba's winbind daemon is more than capable of providing auth against AD
- that's always been its mission.

LDAP is pretty well defined set of standards and for the most part, the
actual underlying LDAP provider is not material.

Synchronizing an LDAP DSA on Linux with AD (which is after all, LDAP) is
somewhat tricky and as far as I know, only FDS (Fedora Directory Server)
has that capability.

FDS also has a rather nice console application (java based) and some
interesting web applications but it is more painful to set up and is
lower performance than OpenLDAP - which probably doesn't matter for when
you have 1000 accounts or less but when you get into large
organizations, performance is definitely going to matter.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Stephen]

open-LikeWise will not synchronise as far as i can tell, its more of a
authentication tool, or the free one is. but if your on a Linux
machine and need to auth against a Domain its handy.

It also appears that the next version of freeIPA (2.0) is looking to
make it less fedora only. which will be very nice. but im unsure of
that. in any case it is a more complete integration. if you don't mind
only useing fedora.

On Fri, Jan 2, 2009 at 9:13 AM, Craig White  wrote:
> On Fri, 2009-01-02 at 15:55 +, Lisa Kachold wrote:
>> AD takes care of the Windows side completely to include Domain Admin,
>> etc.  OpenLDAP is trivial to configure for this.
>>
>> open-likewise simply puts it's own framework over it all.
>> I would build up test systems to see what you like, but really LDAP is
>> easy once you get the hang of it.
>>
>> I have implemented LDAP under Gentoo, and OpenSuse/SLES, as well as
>> with single sign on systems under Apache and I love cross platform
>> integration - it's the ONLY WAY to go!
> 
> I think you have to evaluate what the goal actually is.
>
> FedoraDS is actually capable of synchronizing user accounts with AD
> where OpenLDAP is not.
>
> FreeIPA arches even further though some of the features (I think
> Policy/Audit) are not implemented in stable release yet. I believe that
> the future is FreeIPA.
>
> I haven't looked at Likewise and will refrain from commenting on it.
>
> Craig
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 15:55 +, Lisa Kachold wrote:
> AD takes care of the Windows side completely to include Domain Admin,
> etc.  OpenLDAP is trivial to configure for this.
> 
> open-likewise simply puts it's own framework over it all.
> I would build up test systems to see what you like, but really LDAP is
> easy once you get the hang of it.
> 
> I have implemented LDAP under Gentoo, and OpenSuse/SLES, as well as
> with single sign on systems under Apache and I love cross platform
> integration - it's the ONLY WAY to go!

I think you have to evaluate what the goal actually is.

FedoraDS is actually capable of synchronizing user accounts with AD
where OpenLDAP is not.

FreeIPA arches even further though some of the features (I think
Policy/Audit) are not implemented in stable release yet. I believe that
the future is FreeIPA.

I haven't looked at Likewise and will refrain from commenting on it.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Stephen]

any suggested reading?

On Fri, Jan 2, 2009 at 8:55 AM, Lisa Kachold  wrote:
> AD takes care of the Windows side completely to include Domain Admin, etc.
> OpenLDAP is trivial to configure for this.
>
> open-likewise simply puts it's own framework over it all.
>
> I would build up test systems to see what you like, but really LDAP is easy
> once you get the hang of it.
>
> I have implemented LDAP under Gentoo, and OpenSuse/SLES, as well as with
> single sign on systems under Apache and I love cross platform integration -
> it's the ONLY WAY to go!
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> (503)754-4452
> 
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
>
>
>> Date: Fri, 2 Jan 2009 08:47:23 -0700
>> From: cryptwo...@gmail.com
>> To: plug-discuss@lists.plug.phoenix.az.us
>> Subject: Re: Re: Linux Administration - Users in (any) database
>> howto/why...
>>
>> ok now here is a question.
>>
>> how well would this concept play with something like open-likewise and
>> domain authentication?
>>
>> how closely do you think we could merge the two user databases in this
>> case?
>>
>> (im a Linux machine stuck in a windows network. but at least i can admin
>> both!)
>>
>> On Fri, Jan 2, 2009 at 8:37 AM, Lisa Kachold 
>> wrote:
>> > I agree completely that LDAP as a standard, especially with Postgresql
>> > LFS
>> > authentication (including web systems scalability) is a viable, already
>> > engineered solution that will do what he needs.
>> >
>> > If he follows the HowTo's initially, he should be able to get this
>> > solution
>> > up and running and be able to scale systems as he goes along. Once he
>> > pokes
>> > it a few times, he will catch on. One doesn't need to go deep into the
>> > mechanics and embrace the complexity immediately? Also, LDAP has an
>> > added
>> > benefit of being able to convert trivially to Open Directory management,
>> > so
>> > he could actually have the WINDOWS ADMINS DO USER MAINTENANCE
>> >
>> > www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
>> > (503)754-4452
>> > 
>> > January PLUG HackFest = Kristy Westphal, AZ Department of Economic
>> > Security
>> > Forensics @ UAT 1/10/09 12-3PM
>> >
>> >> Subject: Re: Re: Linux Administration - Users in (any) database
>> >> howto/why...
>> >> From: craigwh...@azapple.com
>> >> To: plug-discuss@lists.plug.phoenix.az.us
>> >> Date: Thu, 1 Jan 2009 09:36:32 -0700
>> >>
>> >> On Thu, 2009-01-01 at 11:24 -0500, kitepi...@kitepilot.com wrote:
>> >> > I think that LDAP is overkill for my application.
>> >> > My users will authenticate only in/for one server, and probably to
>> >> > either
>> >> > update a WEB site or drop/retrieve e-mail.
>> >> >
>> >> > Some users may have WEB sites, some users may have e-mail, some users
>> >> > may be
>> >> > signed up in the wireless network, and some users may have any
>> >> > combination
>> >> > of those services, but those details can be easily stored at the
>> >> > database
>> >> > level.
>> >> > Even if I split some functionality among various servers.
>> >> > I hope... :)
>> >> > Thanks!
>> >> > Enrique
>> >> >
>> >> > PS: LDAP stuff:
>> >> > http://www.ucalgary.ca/it/directories/identity/ldap-pam
>> >> 
>> >> LDAP is overkill when considering only one purpose. The value of LDAP
>> >> is
>> >> portability, lots of clients understand how to speak the language
>> >> including many authentication systems and there is built-in
>> >> replication.
>> >>
>> >> Once you decide that symmetry of UID's, GID's and passwords across
>> >> systems has considerable value, LDAP becomes the way to go.
>> >>
>> >> Add in things like shared contacts/address books and automatic NFS
>> >> mounts, e-mail routing/aliases are terrific bonuses.
>> >>
>> >> Craig
>> >>
>> >> ---
>> >> PLUG-discuss mailing list - PLUG-discuss@lis

RE: ****Re: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

AD takes care of the Windows side completely to include Domain Admin, etc.  
OpenLDAP is trivial to configure for this.

open-likewise simply puts it's own framework over it all.I would build up test 
systems to see what you like, but really LDAP is easy once you get the hang of 
it.

I have implemented LDAP under Gentoo, and OpenSuse/SLES, as well as with single 
sign on systems under Apache and I love cross platform integration - it's the 
ONLY WAY to go!

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM


> Date: Fri, 2 Jan 2009 08:47:23 -0700
> From: cryptwo...@gmail.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Re: Linux Administration - Users in (any) database   
> howto/why...
> 
> ok now here is a question.
> 
> how well would this concept play with something like open-likewise and
> domain authentication?
> 
> how closely do you think we could merge the two user databases in this case?
> 
> (im a Linux machine stuck in a windows network. but at least i can admin 
> both!)
> 
> On Fri, Jan 2, 2009 at 8:37 AM, Lisa Kachold  wrote:
> > I agree completely that LDAP as a standard, especially with Postgresql LFS
> > authentication (including web systems scalability) is a viable, already
> > engineered solution that will do what he needs.
> >
> > If he follows the HowTo's initially, he should be able to get this solution
> > up and running and be able to scale systems as he goes along.  Once he pokes
> > it a few times, he will catch on.  One doesn't need to go deep into the
> > mechanics and embrace the complexity immediately?  Also, LDAP has an added
> > benefit of being able to convert trivially to Open Directory management, so
> > he could actually have the WINDOWS ADMINS DO USER MAINTENANCE
> >
> > www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> > (503)754-4452
> > ____________
> > January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> > Forensics @ UAT 1/10/09 12-3PM
> >
> >> Subject: Re: Re: Linux Administration - Users in (any) database
> >> howto/why...
> >> From: craigwh...@azapple.com
> >> To: plug-discuss@lists.plug.phoenix.az.us
> >> Date: Thu, 1 Jan 2009 09:36:32 -0700
> >>
> >> On Thu, 2009-01-01 at 11:24 -0500, kitepi...@kitepilot.com wrote:
> >> > I think that LDAP is overkill for my application.
> >> > My users will authenticate only in/for one server, and probably to
> >> > either
> >> > update a WEB site or drop/retrieve e-mail.
> >> >
> >> > Some users may have WEB sites, some users may have e-mail, some users
> >> > may be
> >> > signed up in the wireless network, and some users may have any
> >> > combination
> >> > of those services, but those details can be easily stored at the
> >> > database
> >> > level.
> >> > Even if I split some functionality among various servers.
> >> > I hope... :)
> >> > Thanks!
> >> > Enrique
> >> >
> >> > PS: LDAP stuff:
> >> > http://www.ucalgary.ca/it/directories/identity/ldap-pam
> >> 
> >> LDAP is overkill when considering only one purpose. The value of LDAP is
> >> portability, lots of clients understand how to speak the language
> >> including many authentication systems and there is built-in replication.
> >>
> >> Once you decide that symmetry of UID's, GID's and passwords across
> >> systems has considerable value, LDAP becomes the way to go.
> >>
> >> Add in things like shared contacts/address books and automatic NFS
> >> mounts, e-mail routing/aliases are terrific bonuses.
> >>
> >> Craig
> >>
> >> ---
> >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> > 
> > It's the same Hotmail(R). If by "same" you mean up to 70% faster. Get your
> > account now.
> > ---
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://li

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Stephen]

ok now here is a question.

how well would this concept play with something like open-likewise and
domain authentication?

how closely do you think we could merge the two user databases in this case?

(im a Linux machine stuck in a windows network. but at least i can admin both!)

On Fri, Jan 2, 2009 at 8:37 AM, Lisa Kachold  wrote:
> I agree completely that LDAP as a standard, especially with Postgresql LFS
> authentication (including web systems scalability) is a viable, already
> engineered solution that will do what he needs.
>
> If he follows the HowTo's initially, he should be able to get this solution
> up and running and be able to scale systems as he goes along.  Once he pokes
> it a few times, he will catch on.  One doesn't need to go deep into the
> mechanics and embrace the complexity immediately?  Also, LDAP has an added
> benefit of being able to convert trivially to Open Directory management, so
> he could actually have the WINDOWS ADMINS DO USER MAINTENANCE
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> (503)754-4452
> 
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
>
>> Subject: Re: Re: Linux Administration - Users in (any) database
>> howto/why...
>> From: craigwh...@azapple.com
>> To: plug-discuss@lists.plug.phoenix.az.us
>> Date: Thu, 1 Jan 2009 09:36:32 -0700
>>
>> On Thu, 2009-01-01 at 11:24 -0500, kitepi...@kitepilot.com wrote:
>> > I think that LDAP is overkill for my application.
>> > My users will authenticate only in/for one server, and probably to
>> > either
>> > update a WEB site or drop/retrieve e-mail.
>> >
>> > Some users may have WEB sites, some users may have e-mail, some users
>> > may be
>> > signed up in the wireless network, and some users may have any
>> > combination
>> > of those services, but those details can be easily stored at the
>> > database
>> > level.
>> > Even if I split some functionality among various servers.
>> > I hope... :)
>> > Thanks!
>> > Enrique
>> >
>> > PS: LDAP stuff:
>> > http://www.ucalgary.ca/it/directories/identity/ldap-pam
>> 
>> LDAP is overkill when considering only one purpose. The value of LDAP is
>> portability, lots of clients understand how to speak the language
>> including many authentication systems and there is built-in replication.
>>
>> Once you decide that symmetry of UID's, GID's and passwords across
>> systems has considerable value, LDAP becomes the way to go.
>>
>> Add in things like shared contacts/address books and automatic NFS
>> mounts, e-mail routing/aliases are terrific bonuses.
>>
>> Craig
>>
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> 
> It's the same Hotmail(R). If by "same" you mean up to 70% faster. Get your
> account now.
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: ****Re: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

I agree completely that LDAP as a standard, especially with Postgresql LFS 
authentication (including web systems scalability) is a viable, already 
engineered solution that will do what he needs.

If he follows the HowTo's initially, he should be able to get this solution up 
and running and be able to scale systems as he goes along.  Once he pokes it a 
few times, he will catch on.  One doesn't need to go deep into the mechanics 
and embrace the complexity immediately?  Also, LDAP has an added benefit of 
being able to convert trivially to Open Directory management, so he could 
actually have the WINDOWS ADMINS DO USER MAINTENANCE

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
(503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM

> Subject: Re: ****Re: Linux Administration - Users in (any) database   
> howto/why...
> From: craigwh...@azapple.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Thu, 1 Jan 2009 09:36:32 -0700
> 
> On Thu, 2009-01-01 at 11:24 -0500, kitepi...@kitepilot.com wrote:
> > I think that LDAP is overkill for my application.
> > My users will authenticate only in/for one server, and probably to either 
> > update a WEB site or drop/retrieve e-mail. 
> > 
> > Some users may have WEB sites, some users may have e-mail, some users may 
> > be 
> > signed up in the wireless network, and some users may have any combination 
> > of those services, but those details can be easily stored at the database 
> > level.
> > Even if I split some functionality among various servers.
> > I hope...   :)
> > Thanks!
> > Enrique 
> > 
> > PS: LDAP stuff:
> > http://www.ucalgary.ca/it/directories/identity/ldap-pam 
> 
> LDAP is overkill when considering only one purpose. The value of LDAP is
> portability, lots of clients understand how to speak the language
> including many authentication systems and there is built-in replication.
> 
> Once you decide that symmetry of UID's, GID's and passwords across
> systems has considerable value, LDAP becomes the way to go.
> 
> Add in things like shared contacts/address books and automatic NFS
> mounts, e-mail routing/aliases are terrific bonuses.
> 
> Craig
> 
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
It’s the same Hotmail®. If by “same” you mean up to 70% faster.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: Linux Administration - Users in (any) database howto/why...

[Lisa Kachold]

Okay, so you could use Pluggable Authentication Modules, but why not go for 
OpenLDAP with postgresql under LFS?

http://www.samse.fr/GPL/ldap_pg/HOWTO/

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.

> From: kitepi...@kitepilot.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Linux Administration - Users in (any) database howto/why...
> Date: Thu, 1 Jan 2009 10:40:16 -0500
> 
> OK, I've reached that (long postponed) point of my life where I *HAVE* to 
> ditch /etc/passwd and /etc/group in favor of storing my users in a database.
> Any database... 
> 
> Unless there is a *COMPELLING* reason not to, I will store my users in 
> Postgres, but I don't see why generic concepts should not be applied to 
> *ANY* database. 
> 
> All I find in the howto's is how to install (laundry list here), but what I 
> need is a fairly general cookbook about how-to-configure-what to allow my 
> machine to validate users contained in my database.
> Most of this howto's are useless to my because I run LFS and it right there 
> voids any reference to apt-get/yum/rpm/etc. 
> 
> Furthermore, I want to login with my trusted  /etc/passwd - /etc/group 
> combination when I SSH into (or console) into my machine and I want the 
> "other" users (people hosting WEB sites and/or receiving e-mail) be 
> authenticated against the Postgres table. 
> 
> So the final question is:
> What do I need?
> specifically, do I need PAM?  (Probably...)
> What do I configure? 
> 
> I don't need too many details, I just need something along the lines of:
> You need this list of packages and you need to edit this configuration files 
> to accomplish (fill in the blanks)
> Lisa?   :)
> HAPPY NEW YEAR!!!
> Enrique
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
Send e-mail anywhere. No map, no compass.
http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[James Mcphee]

If you still feel the need to have local authentication via postgres, there
is a PAM module for it that occassionally works.

On Thu, Jan 1, 2009 at 12:18 PM, Ben Browning  wrote:

> kitepi...@kitepilot.com wrote:
>
>> I suggest you keep /etc/passwd and /etc/group for real linux users and
 add "virtual users" support to each of the applications that need it.

>>> This is exactly what I am trying to do.
>> If I understand you well, I am devising a solution for a problem that I
>> don't have...   :(
>>
>
> Yes, basically- you are trying to make the screwdriver work when what you
> want is a crescent wrench. ProFTPD and Postfix can both work with MySQL
> backends, and I believe with Postgres too but I am a MySQL guy so I stick
> with that. With a little work, you can make them work with the same DB.
>
> That said, LDAP is indeed the better option if you ever plan to scale a lot
> and/or add services.
>
> ~Ben
>
> --
>  Ben Browning 
> Linux Systems Architect and Administrator
> http://www.bensbrowning.com/
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
James McPhee
jmc...@gmail.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[Ben Browning]

kitepi...@kitepilot.com wrote:

I suggest you keep /etc/passwd and /etc/group for real linux users and
add "virtual users" support to each of the applications that need it.

This is exactly what I am trying to do.
If I understand you well, I am devising a solution for a problem that I 
don't have...   :(


Yes, basically- you are trying to make the screwdriver work when what 
you want is a crescent wrench. ProFTPD and Postfix can both work with 
MySQL backends, and I believe with Postgres too but I am a MySQL guy so 
I stick with that. With a little work, you can make them work with the 
same DB.


That said, LDAP is indeed the better option if you ever plan to scale a 
lot and/or add services.


~Ben

--
  Ben Browning 
Linux Systems Architect and Administrator
 http://www.bensbrowning.com/
begin:vcard
fn:Ben S Browning
n:Browning;Ben S
adr:;;;Tempe;AZ;85282;United States of America
email;internet:b...@bensbrowning.com
tel;cell:(602)206-8203
x-mozilla-html:FALSE
url:http://www.bensbrowning.com/
version:2.1
end:vcard

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[kitepi...@kitepilot.com]

>> I suggest you keep /etc/passwd and /etc/group for real linux users and
>> add "virtual users" support to each of the applications that need it.
This is exactly what I am trying to do.
If I understand you well, I am devising a solution for a problem that I 
don't have...   :(
Is it?
Thanks!
ET 

 

 

Dale Farnsworth writes: 

> Enrique wrote:
>> OK, I've reached that (long postponed) point of my life where I *HAVE* to 
>> ditch /etc/passwd and /etc/group in favor of storing my users in a database.
>> Any database... 
> 
>> [...]
> 
>> Furthermore, I want to login with my trusted  /etc/passwd - /etc/group 
>> combination when I SSH into (or console) into my machine and I want the 
>> "other" users (people hosting WEB sites and/or receiving e-mail) be 
>> authenticated against the Postgres table. 
> 
> So you really don't want to ditch /etc/passwd and /etc/group.  I think
> that's a good decision. 
> 
>> So the final question is:
>> What do I need?
>> specifically, do I need PAM?  (Probably...)
>> What do I configure? 
> 
> I suggest you keep /etc/passwd and /etc/group for real linux users and
> add "virtual users" support to each of the applications that need it.
> The implementation of virtual users varies with each specific
> application, i.e. qmail, postfix and exim each have their own ways
> of handling virtual users, as do many applications running on web servers. 
> 
> -Dale
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Thu, 2009-01-01 at 11:24 -0500, kitepi...@kitepilot.com wrote:
> I think that LDAP is overkill for my application.
> My users will authenticate only in/for one server, and probably to either 
> update a WEB site or drop/retrieve e-mail. 
> 
> Some users may have WEB sites, some users may have e-mail, some users may be 
> signed up in the wireless network, and some users may have any combination 
> of those services, but those details can be easily stored at the database 
> level.
> Even if I split some functionality among various servers.
> I hope...   :)
> Thanks!
> Enrique 
> 
> PS: LDAP stuff:
> http://www.ucalgary.ca/it/directories/identity/ldap-pam 

LDAP is overkill when considering only one purpose. The value of LDAP is
portability, lots of clients understand how to speak the language
including many authentication systems and there is built-in replication.

Once you decide that symmetry of UID's, GID's and passwords across
systems has considerable value, LDAP becomes the way to go.

Add in things like shared contacts/address books and automatic NFS
mounts, e-mail routing/aliases are terrific bonuses.

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Thu, 2009-01-01 at 09:01 -0700, Joe wrote:
> That is a great question. First, let me say I don't have an answer. The 
> reason I'm responding is that Postgres scares me. The reason it scares 
> me is that I have had a number of times when upgrading postgres, the DB 
> files were not compatible with the older version and it wasn't till 
> after the upgrade that I found out. Make sure that if you do use 
> postgres, that you plan to export the DB's to load files so that if you 
> do hit the upgrade issue you have a way to reload the DB.

Usage of any sql db should incorporate a plan to back up on a regular
basis which in postgres should incorporate some form of a pg_dump.
Upgrades that seem to work seamlessly suggest the ability to ignore
corruption.

> I have tried using ldap a number of times for what you are asking and 
> have not been successful. I tried Fedora Directory Server and it still 
> is a complex setup. I still think ldap would be the way to go, but the 
> management tools for ldap leave a bit to be desired. Also the initial 
> setup has a steep learning curve.

FDS is a decent enough system and it seems that they are working hard to
integrate into freeIPA and provide a fairly robust authentication
system. http://freeipa.org/page/Main_Page

It is possible to use an SQL database with OpenLDAP but if you aren't
familiar with LDAP usage, it adds another layer of complexity that would
make the process more daunting.

> My other issue with a central auth mechanism is that I want the user 
> id's and passwords to be secure going to the backend. I didn't want 
> wireshark to be able to pick up the credentials. Also, what happens when 
> the DB goes down? No one will be able to auth.
> 
> Another problem I ran up against was having the DB admin ID/password 
> located on each client. At least the shadow file protected the passwords 
> from normal user access. I do think ldap solves this issue, but 
> configuring the ACL's is not a trivial task.
> 
> Again, a great question and I look forward to hear what others have done.
> 
> kitepi...@kitepilot.com wrote:
> > OK, I've reached that (long postponed) point of my life where I *HAVE* to 
> > ditch /etc/passwd and /etc/group in favor of storing my users in a database.
> > Any database... 
> >
> > Unless there is a *COMPELLING* reason not to, I will store my users in 
> > Postgres, but I don't see why generic concepts should not be applied to 
> > *ANY* database. 
> >
> > All I find in the howto's is how to install (laundry list here), but what I 
> > need is a fairly general cookbook about how-to-configure-what to allow my 
> > machine to validate users contained in my database.
> > Most of this howto's are useless to my because I run LFS and it right there 
> > voids any reference to apt-get/yum/rpm/etc. 
> >
> > Furthermore, I want to login with my trusted  /etc/passwd - /etc/group 
> > combination when I SSH into (or console) into my machine and I want the 
> > "other" users (people hosting WEB sites and/or receiving e-mail) be 
> > authenticated against the Postgres table. 
> >
> > So the final question is:
> > What do I need?
> > specifically, do I need PAM?  (Probably...)
> > What do I configure? 
> >
> > I don't need too many details, I just need something along the lines of:
> > You need this list of packages and you need to edit this configuration 
> > files 
> > to accomplish (fill in the blanks)
> > Lisa?   :)
> > HAPPY NEW YEAR!!!
> > Enrique

at this stage, if I wanted to start implementing a robust, multi-system
authentication package, I would give freeIPA a serious look - I don't
know how difficult it would be to implement on LFS though.

As for needing PAM - I would think so - that is the point of PAM
(Pluggable Authentication Module I think is the acronym)

Craig

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[Dale Farnsworth]

Enrique wrote:
> OK, I've reached that (long postponed) point of my life where I *HAVE* to 
> ditch /etc/passwd and /etc/group in favor of storing my users in a database.
> Any database... 

> [...]

> Furthermore, I want to login with my trusted  /etc/passwd - /etc/group 
> combination when I SSH into (or console) into my machine and I want the 
> "other" users (people hosting WEB sites and/or receiving e-mail) be 
> authenticated against the Postgres table. 

So you really don't want to ditch /etc/passwd and /etc/group.  I think
that's a good decision.

> So the final question is:
> What do I need?
> specifically, do I need PAM?  (Probably...)
> What do I configure? 

I suggest you keep /etc/passwd and /etc/group for real linux users and
add "virtual users" support to each of the applications that need it.
The implementation of virtual users varies with each specific
application, i.e. qmail, postfix and exim each have their own ways
of handling virtual users, as do many applications running on web servers.

-Dale
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[kitepi...@kitepilot.com]

I think that LDAP is overkill for my application.
My users will authenticate only in/for one server, and probably to either 
update a WEB site or drop/retrieve e-mail. 

Some users may have WEB sites, some users may have e-mail, some users may be 
signed up in the wireless network, and some users may have any combination 
of those services, but those details can be easily stored at the database 
level.
Even if I split some functionality among various servers.
I hope...   :)
Thanks!
Enrique 

PS: LDAP stuff:
http://www.ucalgary.ca/it/directories/identity/ldap-pam 

 

 

Joe writes: 

> That is a great question. First, let me say I don't have an answer. The 
> reason I'm responding is that Postgres scares me. The reason it scares 
> me is that I have had a number of times when upgrading postgres, the DB 
> files were not compatible with the older version and it wasn't till 
> after the upgrade that I found out. Make sure that if you do use 
> postgres, that you plan to export the DB's to load files so that if you 
> do hit the upgrade issue you have a way to reload the DB. 
> 
> I have tried using ldap a number of times for what you are asking and 
> have not been successful. I tried Fedora Directory Server and it still 
> is a complex setup. I still think ldap would be the way to go, but the 
> management tools for ldap leave a bit to be desired. Also the initial 
> setup has a steep learning curve. 
> 
> My other issue with a central auth mechanism is that I want the user 
> id's and passwords to be secure going to the backend. I didn't want 
> wireshark to be able to pick up the credentials. Also, what happens when 
> the DB goes down? No one will be able to auth. 
> 
> Another problem I ran up against was having the DB admin ID/password 
> located on each client. At least the shadow file protected the passwords 
> from normal user access. I do think ldap solves this issue, but 
> configuring the ACL's is not a trivial task. 
> 
> Again, a great question and I look forward to hear what others have done. 
> 
> kitepi...@kitepilot.com wrote:
>> OK, I've reached that (long postponed) point of my life where I *HAVE* to 
>> ditch /etc/passwd and /etc/group in favor of storing my users in a database.
>> Any database...  
>>
>> Unless there is a *COMPELLING* reason not to, I will store my users in 
>> Postgres, but I don't see why generic concepts should not be applied to 
>> *ANY* database.  
>>
>> All I find in the howto's is how to install (laundry list here), but what I 
>> need is a fairly general cookbook about how-to-configure-what to allow my 
>> machine to validate users contained in my database.
>> Most of this howto's are useless to my because I run LFS and it right there 
>> voids any reference to apt-get/yum/rpm/etc.  
>>
>> Furthermore, I want to login with my trusted  /etc/passwd - /etc/group 
>> combination when I SSH into (or console) into my machine and I want the 
>> "other" users (people hosting WEB sites and/or receiving e-mail) be 
>> authenticated against the Postgres table.  
>>
>> So the final question is:
>> What do I need?
>> specifically, do I need PAM?  (Probably...)
>> What do I configure?  
>>
>> I don't need too many details, I just need something along the lines of:
>> You need this list of packages and you need to edit this configuration files 
>> to accomplish (fill in the blanks)
>> Lisa?   :)
>> HAPPY NEW YEAR!!!
>> Enrique
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>   
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration - Users in (any) database howto/why...

[Joe]

That is a great question. First, let me say I don't have an answer. The 
reason I'm responding is that Postgres scares me. The reason it scares 
me is that I have had a number of times when upgrading postgres, the DB 
files were not compatible with the older version and it wasn't till 
after the upgrade that I found out. Make sure that if you do use 
postgres, that you plan to export the DB's to load files so that if you 
do hit the upgrade issue you have a way to reload the DB.

I have tried using ldap a number of times for what you are asking and 
have not been successful. I tried Fedora Directory Server and it still 
is a complex setup. I still think ldap would be the way to go, but the 
management tools for ldap leave a bit to be desired. Also the initial 
setup has a steep learning curve.

My other issue with a central auth mechanism is that I want the user 
id's and passwords to be secure going to the backend. I didn't want 
wireshark to be able to pick up the credentials. Also, what happens when 
the DB goes down? No one will be able to auth.

Another problem I ran up against was having the DB admin ID/password 
located on each client. At least the shadow file protected the passwords 
from normal user access. I do think ldap solves this issue, but 
configuring the ACL's is not a trivial task.

Again, a great question and I look forward to hear what others have done.

kitepi...@kitepilot.com wrote:
> OK, I've reached that (long postponed) point of my life where I *HAVE* to 
> ditch /etc/passwd and /etc/group in favor of storing my users in a database.
> Any database... 
>
> Unless there is a *COMPELLING* reason not to, I will store my users in 
> Postgres, but I don't see why generic concepts should not be applied to 
> *ANY* database. 
>
> All I find in the howto's is how to install (laundry list here), but what I 
> need is a fairly general cookbook about how-to-configure-what to allow my 
> machine to validate users contained in my database.
> Most of this howto's are useless to my because I run LFS and it right there 
> voids any reference to apt-get/yum/rpm/etc. 
>
> Furthermore, I want to login with my trusted  /etc/passwd - /etc/group 
> combination when I SSH into (or console) into my machine and I want the 
> "other" users (people hosting WEB sites and/or receiving e-mail) be 
> authenticated against the Postgres table. 
>
> So the final question is:
> What do I need?
> specifically, do I need PAM?  (Probably...)
> What do I configure? 
>
> I don't need too many details, I just need something along the lines of:
> You need this list of packages and you need to edit this configuration files 
> to accomplish (fill in the blanks)
> Lisa?   :)
> HAPPY NEW YEAR!!!
> Enrique
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>   
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: Linux Administration

[Lisa Kachold]

Abolishing the IRS?  Sure, that's got to save a mint!

While I haven't digested the fair tax initiate, I groan knowing how much 
American's hate fairness.

I also know in a very deep way, that the only real solutions will have to be 
broad reaching and deep, while American's are incapable of simplistic change, 
especially where finances are concerned.

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM

> From: kitepi...@kitepilot.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Linux Administration
> Date: Thu, 1 Jan 2009 07:33:15 -0500
> 
> http://www.fairtax.org/
> ... 
> 
>  
> 
> Joshua Zeidner writes: 
> 
> >   The cost of living would be much lower if we weren't taking tax
> > money to prop up real estate prices.  -jmz 
> > 
> > On Wed, Dec 31, 2008 at 6:43 PM, Lisa Kachold  
> > wrote:
> >> That's enough to feed 4 children and a grandparent in India.  Who cares 
> >> what
> >> is in America? 
> >>
> >> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> >> hackfest.obnosis.com (503)754-4452
> >> 
> >> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> >> Forensics @ UAT 1/10/09 12-3PM
> >> Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take the 
> >> Blue
> >> [MS Upgrade] Pill & stay happily ignorant... 
> >>
> >>> Date: Wed, 31 Dec 2008 15:31:55 -0800
> >>> From: eculb...@yahoo.com
> >>> Subject: RE: Linux Administration
> >>> To: plug-discuss@lists.plug.phoenix.az.us 
> >>>
> >>> Yep, and that's $1 below the new minimum wage starting at midnight! 
> >>>
> >>> 73 
> >>>
> >>> Ed/ke7feg Now that November is here, April can wait! 
> >>>
> >>> On 2/23/2007 the morse code requirement was dropped for getting
> >>> a ham license. Now just pass the written exams which are on the
> >>> web at arrl.org for questions and http://www.kb0mga.net/exams/ 
> >>>
> >>>
> >>> --- On Wed, 12/31/08, Jason  wrote: 
> >>>
> >>> > From: Jason 
> >>> > Subject: RE: Linux Administration
> >>> > To: "Main PLUG discussion list" 
> >>> > Cc: klsmith2...@yahoo.com
> >>> > Date: Wednesday, December 31, 2008, 1:14 PM
> >>> > I want to spend $250/month but I want you *available* 12
> >>> > hours/day?
> >>> > Now, I can do it for $250/month retainer, billable hours at
> >>> > $50/hour
> >>> > with a 1 hour minimum per contact. So, once you have my
> >>> > attention for 5
> >>> > hours, you pay more.
> >>> >
> >>> > That's the way I would run the agreement.
> >>> >
> >>> > He even states an estimate of 10 hours/week. So, that
> >>> > translates to
> >>> > $6.25/hour.
> >>> >
> >>> > Pretty comical. :)
> >>> >
> >>> >
> >>> >
> >>> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
> >>> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
> >>> > >
> >>> > > Working with people who could juggle 20 projects with
> >>> > laughing ease,
> >>> > > rebuild a 24X7 server and swap IP Addresses, knowing
> >>> > how to clear the
> >>> > > arp cache on everything (which we, of course had
> >>> > access to,
> >>> > > controlling all routers, switches and firewalls)
> >>> > pretty much ruined
> >>> > > me.
> >>> > >
> >>> > > I also have some contempt for the American who
> >>> > egotistically holds
> >>> > > down a chair, after working with dull and
> >>> > inexperienced, yet extremely
> >>> > > motivated Hindis.
> >>> > >
> >>> > > www.Obnosis.com |
> >>> > http://en.wiktionary.org/wiki/Citations:obnosis |
> >>> > > hackfest.obnosis.com (503)754-4452
> >>> > >
> >>> > >
> >>> > 

Re: Linux Administration

[kitepi...@kitepilot.com]

The difference between the mafia and the IRS,
is that the mafia has a code of honor... 

 

 

kitepi...@kitepilot.com writes: 

> http://www.fairtax.org/
> ...  
> 
>   
> 
> Joshua Zeidner writes:  
> 
>>   The cost of living would be much lower if we weren't taking tax
>> money to prop up real estate prices.  -jmz  
>> 
>> On Wed, Dec 31, 2008 at 6:43 PM, Lisa Kachold  
>> wrote:
>>> That's enough to feed 4 children and a grandparent in India.  Who cares what
>>> is in America?  
>>>
>>> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
>>> hackfest.obnosis.com (503)754-4452
>>> 
>>> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
>>> Forensics @ UAT 1/10/09 12-3PM
>>> Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take the Blue
>>> [MS Upgrade] Pill & stay happily ignorant...  
>>>
>>>> Date: Wed, 31 Dec 2008 15:31:55 -0800
>>>> From: eculb...@yahoo.com
>>>> Subject: RE: Linux Administration
>>>> To: plug-discuss@lists.plug.phoenix.az.us  
>>>>
>>>> Yep, and that's $1 below the new minimum wage starting at midnight!  
>>>>
>>>> 73  
>>>>
>>>> Ed/ke7feg Now that November is here, April can wait!  
>>>>
>>>> On 2/23/2007 the morse code requirement was dropped for getting
>>>> a ham license. Now just pass the written exams which are on the
>>>> web at arrl.org for questions and http://www.kb0mga.net/exams/  
>>>>
>>>>
>>>> --- On Wed, 12/31/08, Jason  wrote:  
>>>>
>>>> > From: Jason 
>>>> > Subject: RE: Linux Administration
>>>> > To: "Main PLUG discussion list" 
>>>> > Cc: klsmith2...@yahoo.com
>>>> > Date: Wednesday, December 31, 2008, 1:14 PM
>>>> > I want to spend $250/month but I want you *available* 12
>>>> > hours/day?
>>>> > Now, I can do it for $250/month retainer, billable hours at
>>>> > $50/hour
>>>> > with a 1 hour minimum per contact. So, once you have my
>>>> > attention for 5
>>>> > hours, you pay more.
>>>> >
>>>> > That's the way I would run the agreement.
>>>> >
>>>> > He even states an estimate of 10 hours/week. So, that
>>>> > translates to
>>>> > $6.25/hour.
>>>> >
>>>> > Pretty comical. :)
>>>> >
>>>> >
>>>> >
>>>> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
>>>> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
>>>> > >
>>>> > > Working with people who could juggle 20 projects with
>>>> > laughing ease,
>>>> > > rebuild a 24X7 server and swap IP Addresses, knowing
>>>> > how to clear the
>>>> > > arp cache on everything (which we, of course had
>>>> > access to,
>>>> > > controlling all routers, switches and firewalls)
>>>> > pretty much ruined
>>>> > > me.
>>>> > >
>>>> > > I also have some contempt for the American who
>>>> > egotistically holds
>>>> > > down a chair, after working with dull and
>>>> > inexperienced, yet extremely
>>>> > > motivated Hindis.
>>>> > >
>>>> > > www.Obnosis.com |
>>>> > http://en.wiktionary.org/wiki/Citations:obnosis |
>>>> > > hackfest.obnosis.com (503)754-4452
>>>> > >
>>>> > >
>>>> > __
>>>> > > January PLUG HackFest = Kristy Westphal, AZ Department
>>>> > of Economic
>>>> > > Security Forensics @ UAT 1/10/09 12-3PM
>>>> > >
>>>> > >
>>>> > ______
>>>> > > Date: Mon, 29 Dec 2008 20:09:37 -0700
>>>> > > From: m...@garfias.org
>>>> > > To: klsmith2...@yahoo.com;
>>>> > plug-discuss@lists.plug.phoenix.az.us
>>>> > > Subject: Re: Linux Administration
>>>> > >
>>>> > > What a dork. And expecting good people for that much?
>&

Re: Linux Administration

[kitepi...@kitepilot.com]

http://www.fairtax.org/
... 

 

Joshua Zeidner writes: 

>   The cost of living would be much lower if we weren't taking tax
> money to prop up real estate prices.  -jmz 
> 
> On Wed, Dec 31, 2008 at 6:43 PM, Lisa Kachold  wrote:
>> That's enough to feed 4 children and a grandparent in India.  Who cares what
>> is in America? 
>>
>> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
>> hackfest.obnosis.com (503)754-4452
>> 
>> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
>> Forensics @ UAT 1/10/09 12-3PM
>> Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take the Blue
>> [MS Upgrade] Pill & stay happily ignorant... 
>>
>>> Date: Wed, 31 Dec 2008 15:31:55 -0800
>>> From: eculb...@yahoo.com
>>> Subject: RE: Linux Administration
>>> To: plug-discuss@lists.plug.phoenix.az.us 
>>>
>>> Yep, and that's $1 below the new minimum wage starting at midnight! 
>>>
>>> 73 
>>>
>>> Ed/ke7feg Now that November is here, April can wait! 
>>>
>>> On 2/23/2007 the morse code requirement was dropped for getting
>>> a ham license. Now just pass the written exams which are on the
>>> web at arrl.org for questions and http://www.kb0mga.net/exams/ 
>>>
>>>
>>> --- On Wed, 12/31/08, Jason  wrote: 
>>>
>>> > From: Jason 
>>> > Subject: RE: Linux Administration
>>> > To: "Main PLUG discussion list" 
>>> > Cc: klsmith2...@yahoo.com
>>> > Date: Wednesday, December 31, 2008, 1:14 PM
>>> > I want to spend $250/month but I want you *available* 12
>>> > hours/day?
>>> > Now, I can do it for $250/month retainer, billable hours at
>>> > $50/hour
>>> > with a 1 hour minimum per contact. So, once you have my
>>> > attention for 5
>>> > hours, you pay more.
>>> >
>>> > That's the way I would run the agreement.
>>> >
>>> > He even states an estimate of 10 hours/week. So, that
>>> > translates to
>>> > $6.25/hour.
>>> >
>>> > Pretty comical. :)
>>> >
>>> >
>>> >
>>> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
>>> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
>>> > >
>>> > > Working with people who could juggle 20 projects with
>>> > laughing ease,
>>> > > rebuild a 24X7 server and swap IP Addresses, knowing
>>> > how to clear the
>>> > > arp cache on everything (which we, of course had
>>> > access to,
>>> > > controlling all routers, switches and firewalls)
>>> > pretty much ruined
>>> > > me.
>>> > >
>>> > > I also have some contempt for the American who
>>> > egotistically holds
>>> > > down a chair, after working with dull and
>>> > inexperienced, yet extremely
>>> > > motivated Hindis.
>>> > >
>>> > > www.Obnosis.com |
>>> > http://en.wiktionary.org/wiki/Citations:obnosis |
>>> > > hackfest.obnosis.com (503)754-4452
>>> > >
>>> > >
>>> > __
>>> > > January PLUG HackFest = Kristy Westphal, AZ Department
>>> > of Economic
>>> > > Security Forensics @ UAT 1/10/09 12-3PM
>>> > >
>>> > >
>>> > __
>>> > > Date: Mon, 29 Dec 2008 20:09:37 -0700
>>> > > From: m...@garfias.org
>>> > > To: klsmith2...@yahoo.com;
>>> > plug-discuss@lists.plug.phoenix.az.us
>>> > > Subject: Re: Linux Administration
>>> > >
>>> > > What a dork. And expecting good people for that much?
>>> > Jeez. Maybe if
>>> > > I was a junior guy and needed beer money it might be
>>> > ok, but no
>>> > > thanks.
>>> > >
>>> > > On Sun, Dec 28, 2008 at 6:58 PM, keith smith
>>> > 
>>> > > wrote:
>>> > >
>>> > > I see this stuff from time to time. He is in
>>> > for a rude
>>> > > awakening since they are asleep while we are
>>> > awake.
>>> > >
>>> > > Funn

RE: Linux Administration

[Lisa Kachold]

Course, I guess we could still live in France or Canada and work for Sun 
(although their tax structure is high also)?

I am sure there's still someplace in New Zealand or Ireland that doesn't have a 
punitive profit based tax structure.

Course, I think the economic variables can all be fed into a futurist super 
computer and REAL solution arrived at complete with graphs and milestones, 
legislation and trade mandates?

Or is the FFEF The Foundation for Economic Freedom, or some other similar laise 
faire think tanks bankrupt also?

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.




> Date: Wed, 31 Dec 2008 19:24:20 -0700
> From: jjzeid...@gmail.com
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Linux Administration
> 
>   The cost of living would be much lower if we weren't taking tax
> money to prop up real estate prices.  -jmz
> 
> On Wed, Dec 31, 2008 at 6:43 PM, Lisa Kachold  wrote:
> > That's enough to feed 4 children and a grandparent in India.  Who cares what
> > is in America?
> >
> > www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> > hackfest.obnosis.com (503)754-4452
> > 
> > January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> > Forensics @ UAT 1/10/09 12-3PM
> > Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take the Blue
> > [MS Upgrade] Pill & stay happily ignorant...
> >
> >> Date: Wed, 31 Dec 2008 15:31:55 -0800
> >> From: eculb...@yahoo.com
> >> Subject: RE: Linux Administration
> >> To: plug-discuss@lists.plug.phoenix.az.us
> >>
> >> Yep, and that's $1 below the new minimum wage starting at midnight!
> >>
> >> 73
> >>
> >> Ed/ke7feg Now that November is here, April can wait!
> >>
> >> On 2/23/2007 the morse code requirement was dropped for getting
> >> a ham license. Now just pass the written exams which are on the
> >> web at arrl.org for questions and http://www.kb0mga.net/exams/
> >>
> >>
> >> --- On Wed, 12/31/08, Jason  wrote:
> >>
> >> > From: Jason 
> >> > Subject: RE: Linux Administration
> >> > To: "Main PLUG discussion list" 
> >> > Cc: klsmith2...@yahoo.com
> >> > Date: Wednesday, December 31, 2008, 1:14 PM
> >> > I want to spend $250/month but I want you *available* 12
> >> > hours/day?
> >> > Now, I can do it for $250/month retainer, billable hours at
> >> > $50/hour
> >> > with a 1 hour minimum per contact. So, once you have my
> >> > attention for 5
> >> > hours, you pay more.
> >> >
> >> > That's the way I would run the agreement.
> >> >
> >> > He even states an estimate of 10 hours/week. So, that
> >> > translates to
> >> > $6.25/hour.
> >> >
> >> > Pretty comical. :)
> >> >
> >> >
> >> >
> >> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
> >> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
> >> > >
> >> > > Working with people who could juggle 20 projects with
> >> > laughing ease,
> >> > > rebuild a 24X7 server and swap IP Addresses, knowing
> >> > how to clear the
> >> > > arp cache on everything (which we, of course had
> >> > access to,
> >> > > controlling all routers, switches and firewalls)
> >> > pretty much ruined
> >> > > me.
> >> > >
> >> > > I also have some contempt for the American who
> >> > egotistically holds
> >> > > down a chair, after working with dull and
> >> > inexperienced, yet extremely
> >> > > motivated Hindis.
> >> > >
> >> > > www.Obnosis.com |
> >> > http://en.wiktionary.org/wiki/Citations:obnosis |
> >> > > hackfest.obnosis.com (503)754-4452
> >> > >
> >> > >
> >> > __
> >> > > January PLUG HackFest = Kristy Westphal, AZ Department
> >> > of Economic
> >> > > Security Forensics @ UAT 1/10/09 12-3PM
&g

Re: Linux Administration

[Joshua Zeidner]

  The cost of living would be much lower if we weren't taking tax
money to prop up real estate prices.  -jmz

On Wed, Dec 31, 2008 at 6:43 PM, Lisa Kachold  wrote:
> That's enough to feed 4 children and a grandparent in India.  Who cares what
> is in America?
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> 
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take the Blue
> [MS Upgrade] Pill & stay happily ignorant...
>
>> Date: Wed, 31 Dec 2008 15:31:55 -0800
>> From: eculb...@yahoo.com
>> Subject: RE: Linux Administration
>> To: plug-discuss@lists.plug.phoenix.az.us
>>
>> Yep, and that's $1 below the new minimum wage starting at midnight!
>>
>> 73
>>
>> Ed/ke7feg Now that November is here, April can wait!
>>
>> On 2/23/2007 the morse code requirement was dropped for getting
>> a ham license. Now just pass the written exams which are on the
>> web at arrl.org for questions and http://www.kb0mga.net/exams/
>>
>>
>> --- On Wed, 12/31/08, Jason  wrote:
>>
>> > From: Jason 
>> > Subject: RE: Linux Administration
>> > To: "Main PLUG discussion list" 
>> > Cc: klsmith2...@yahoo.com
>> > Date: Wednesday, December 31, 2008, 1:14 PM
>> > I want to spend $250/month but I want you *available* 12
>> > hours/day?
>> > Now, I can do it for $250/month retainer, billable hours at
>> > $50/hour
>> > with a 1 hour minimum per contact. So, once you have my
>> > attention for 5
>> > hours, you pay more.
>> >
>> > That's the way I would run the agreement.
>> >
>> > He even states an estimate of 10 hours/week. So, that
>> > translates to
>> > $6.25/hour.
>> >
>> > Pretty comical. :)
>> >
>> >
>> >
>> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
>> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
>> > >
>> > > Working with people who could juggle 20 projects with
>> > laughing ease,
>> > > rebuild a 24X7 server and swap IP Addresses, knowing
>> > how to clear the
>> > > arp cache on everything (which we, of course had
>> > access to,
>> > > controlling all routers, switches and firewalls)
>> > pretty much ruined
>> > > me.
>> > >
>> > > I also have some contempt for the American who
>> > egotistically holds
>> > > down a chair, after working with dull and
>> > inexperienced, yet extremely
>> > > motivated Hindis.
>> > >
>> > > www.Obnosis.com |
>> > http://en.wiktionary.org/wiki/Citations:obnosis |
>> > > hackfest.obnosis.com (503)754-4452
>> > >
>> > >
>> > __
>> > > January PLUG HackFest = Kristy Westphal, AZ Department
>> > of Economic
>> > > Security Forensics @ UAT 1/10/09 12-3PM
>> > >
>> > >
>> > __
>> > > Date: Mon, 29 Dec 2008 20:09:37 -0700
>> > > From: m...@garfias.org
>> > > To: klsmith2...@yahoo.com;
>> > plug-discuss@lists.plug.phoenix.az.us
>> > > Subject: Re: Linux Administration
>> > >
>> > > What a dork. And expecting good people for that much?
>> > Jeez. Maybe if
>> > > I was a junior guy and needed beer money it might be
>> > ok, but no
>> > > thanks.
>> > >
>> > > On Sun, Dec 28, 2008 at 6:58 PM, keith smith
>> > 
>> > > wrote:
>> > >
>> > > I see this stuff from time to time. He is in
>> > for a rude
>> > > awakening since they are asleep while we are
>> > awake.
>> > >
>> > > Funny thing is the phone shops are starting to
>> > come back to
>> > > the US.
>> > >
>> > > Even though I can hire a PHP programmer for $5
>> > - $12 and hour
>> > > offshore I would never. I've seen their
>> > work and I'll pass.
>> > > Not to mention the copyright issues that
>> > arise.
>> > >
>> > >
>> > > 
>> > > Keith 

RE: Linux Administration

[Lisa Kachold]

That's enough to feed 4 children and a grandparent in India.  Who cares what is 
in America?

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Security] Pill & leave IT-Marketing-Matrix, or take the Blue 
[MS Upgrade] Pill & stay happily ignorant...

> Date: Wed, 31 Dec 2008 15:31:55 -0800
> From: eculb...@yahoo.com
> Subject: RE: Linux Administration
> To: plug-discuss@lists.plug.phoenix.az.us
> 
> Yep, and that's $1 below the new minimum wage starting at midnight!
> 
> 73
> 
> Ed/ke7feg  Now that November is here, April can wait!
> 
> On 2/23/2007 the morse code requirement was dropped for getting 
> a ham license. Now just pass the written exams which are on the 
> web at arrl.org for questions and http://www.kb0mga.net/exams/
> 
> 
> --- On Wed, 12/31/08, Jason  wrote:
> 
> > From: Jason 
> > Subject: RE: Linux Administration
> > To: "Main PLUG discussion list" 
> > Cc: klsmith2...@yahoo.com
> > Date: Wednesday, December 31, 2008, 1:14 PM
> > I want to spend $250/month but I want you *available* 12
> > hours/day? 
> > Now, I can do it for $250/month retainer, billable hours at
> > $50/hour
> > with a 1 hour minimum per contact. So, once you have my
> > attention for 5
> > hours, you pay more. 
> > 
> > That's the way I would run the agreement. 
> > 
> > He even states an estimate of 10 hours/week. So, that
> > translates to
> > $6.25/hour. 
> > 
> > Pretty comical. :)
> > 
> > 
> > 
> > On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
> > > I worked 60 hours a week at $30,000 in 1995 at an ISP.
> > > 
> > > Working with people who could juggle 20 projects with
> > laughing ease,
> > > rebuild a 24X7 server and swap IP Addresses, knowing
> > how to clear the
> > > arp cache on everything (which we, of course had
> > access to,
> > > controlling all routers, switches and firewalls)
> > pretty much ruined
> > > me.
> > > 
> > > I also have some contempt for the American who
> > egotistically holds
> > > down a chair, after working with dull and
> > inexperienced, yet extremely
> > > motivated Hindis.  
> > > 
> > > www.Obnosis.com | 
> > http://en.wiktionary.org/wiki/Citations:obnosis |
> > > hackfest.obnosis.com (503)754-4452
> > > 
> > >
> > __________
> > > January PLUG HackFest = Kristy Westphal, AZ Department
> > of Economic
> > > Security Forensics @ UAT 1/10/09 12-3PM
> > > 
> > >
> > __
> > > Date: Mon, 29 Dec 2008 20:09:37 -0700
> > > From: m...@garfias.org
> > > To: klsmith2...@yahoo.com;
> > plug-discuss@lists.plug.phoenix.az.us
> > > Subject: Re: Linux Administration
> > > 
> > > What a dork. And expecting good people for that much? 
> > Jeez.  Maybe if
> > > I was a junior guy and needed beer money it might be
> > ok, but no
> > > thanks.
> > > 
> > > On Sun, Dec 28, 2008 at 6:58 PM, keith smith
> > 
> > > wrote:
> > > 
> > > I see this stuff from time to time.  He is in
> > for a rude
> > > awakening since they are asleep while we are
> > awake.
> > > 
> > > Funny thing is the phone shops are starting to
> > come back to
> > > the US.  
> > > 
> > > Even though I can hire a PHP programmer for $5
> > - $12 and hour
> > > offshore I would never.  I've seen their
> > work and I'll pass.
> > > Not to mention the copyright issues that
> > arise.  
> > > 
> > > 
> > > 
> > > Keith Smith
> > > 
> > > 
> > > 
> > > --- On Sun, 12/28/08, Lisa Kachold
> > 
> > > wrote:
> > > 
> > > From: Lisa Kachold
> > 
> > > 
> > > Subject: RE: Linux Administration
> > > To: klsmith2...@yahoo.com,
> > > plug-discuss@lists.plug.phoenix.az.us
> > > Date:

RE: Linux Administration

[eculbert]

Yep, and that's $1 below the new minimum wage starting at midnight!

73

Ed/ke7feg  Now that November is here, April can wait!

On 2/23/2007 the morse code requirement was dropped for getting 
a ham license. Now just pass the written exams which are on the 
web at arrl.org for questions and http://www.kb0mga.net/exams/


--- On Wed, 12/31/08, Jason  wrote:

> From: Jason 
> Subject: RE: Linux Administration
> To: "Main PLUG discussion list" 
> Cc: klsmith2...@yahoo.com
> Date: Wednesday, December 31, 2008, 1:14 PM
> I want to spend $250/month but I want you *available* 12
> hours/day? 
> Now, I can do it for $250/month retainer, billable hours at
> $50/hour
> with a 1 hour minimum per contact. So, once you have my
> attention for 5
> hours, you pay more. 
> 
> That's the way I would run the agreement. 
> 
> He even states an estimate of 10 hours/week. So, that
> translates to
> $6.25/hour. 
> 
> Pretty comical. :)
> 
> 
> 
> On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
> > I worked 60 hours a week at $30,000 in 1995 at an ISP.
> > 
> > Working with people who could juggle 20 projects with
> laughing ease,
> > rebuild a 24X7 server and swap IP Addresses, knowing
> how to clear the
> > arp cache on everything (which we, of course had
> access to,
> > controlling all routers, switches and firewalls)
> pretty much ruined
> > me.
> > 
> > I also have some contempt for the American who
> egotistically holds
> > down a chair, after working with dull and
> inexperienced, yet extremely
> > motivated Hindis.  
> > 
> > www.Obnosis.com | 
> http://en.wiktionary.org/wiki/Citations:obnosis |
> > hackfest.obnosis.com (503)754-4452
> > 
> >
> __
> > January PLUG HackFest = Kristy Westphal, AZ Department
> of Economic
> > Security Forensics @ UAT 1/10/09 12-3PM
> > 
> >
> __
> > Date: Mon, 29 Dec 2008 20:09:37 -0700
> > From: m...@garfias.org
> > To: klsmith2...@yahoo.com;
> plug-discuss@lists.plug.phoenix.az.us
> > Subject: Re: Linux Administration
> > 
> > What a dork. And expecting good people for that much? 
> Jeez.  Maybe if
> > I was a junior guy and needed beer money it might be
> ok, but no
> > thanks.
> > 
> > On Sun, Dec 28, 2008 at 6:58 PM, keith smith
> 
> > wrote:
> > 
> > I see this stuff from time to time.  He is in
> for a rude
> > awakening since they are asleep while we are
> awake.
> > 
> > Funny thing is the phone shops are starting to
> come back to
> > the US.  
> > 
> > Even though I can hire a PHP programmer for $5
> - $12 and hour
> > offshore I would never.  I've seen their
> work and I'll pass.
> > Not to mention the copyright issues that
> arise.  
> > 
> > 
> > 
> > Keith Smith
> > 
> > 
> > 
> > --- On Sun, 12/28/08, Lisa Kachold
> 
> > wrote:
> > 
> > From: Lisa Kachold
> 
> > 
> > Subject: RE: Linux Administration
> > To: klsmith2...@yahoo.com,
> > plug-discuss@lists.plug.phoenix.az.us
> > Date: Sunday, December 28, 2008, 6:25
> PM
> > 
> > 
> > 
> > I personally was slightly aghast that
> people were
> > offering to provide offshore based
> linux
> > administration for $250 for a month?
> > 
> > Did you see that?
> > 
> > www.Obnosis.com |
> >
> http://en.wiktionary.org/wiki/Citations:obnosis |
> > hackfest.obnosis.com (503)754-4452
> > 
> >
> __________
> > January PLUG HackFest = Kristy
> Westphal, AZ Department
> > of Economic Security Forensics @ UAT
> 1/10/09 12-3PM
> > Take the Black [Linux BT3] Pill &
> leave
> > SecurityMatrix, or take the Blue
> [XP/Vista Pill] &
> > stay happily ignora

RE: Linux Administration

[Jason]

I want to spend $250/month but I want you *available* 12 hours/day? 
Now, I can do it for $250/month retainer, billable hours at $50/hour
with a 1 hour minimum per contact. So, once you have my attention for 5
hours, you pay more. 

That's the way I would run the agreement. 

He even states an estimate of 10 hours/week. So, that translates to
$6.25/hour. 

Pretty comical. :)



On Tue, 2008-12-30 at 04:51 +, Lisa Kachold wrote:
> I worked 60 hours a week at $30,000 in 1995 at an ISP.
> 
> Working with people who could juggle 20 projects with laughing ease,
> rebuild a 24X7 server and swap IP Addresses, knowing how to clear the
> arp cache on everything (which we, of course had access to,
> controlling all routers, switches and firewalls) pretty much ruined
> me.
> 
> I also have some contempt for the American who egotistically holds
> down a chair, after working with dull and inexperienced, yet extremely
> motivated Hindis.  
> 
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> 
> __
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic
> Security Forensics @ UAT 1/10/09 12-3PM
> 
> __
> Date: Mon, 29 Dec 2008 20:09:37 -0700
> From: m...@garfias.org
> To: klsmith2...@yahoo.com; plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Linux Administration
> 
> What a dork. And expecting good people for that much?  Jeez.  Maybe if
> I was a junior guy and needed beer money it might be ok, but no
> thanks.
> 
> On Sun, Dec 28, 2008 at 6:58 PM, keith smith 
> wrote:
> 
> I see this stuff from time to time.  He is in for a rude
> awakening since they are asleep while we are awake.
> 
> Funny thing is the phone shops are starting to come back to
> the US.  
> 
> Even though I can hire a PHP programmer for $5 - $12 and hour
> offshore I would never.  I've seen their work and I'll pass.
> Not to mention the copyright issues that arise.  
> 
> 
> 
> Keith Smith
> 
> 
> 
> --- On Sun, 12/28/08, Lisa Kachold 
> wrote:
> 
> From: Lisa Kachold 
> 
> Subject: RE: Linux Administration
> To: klsmith2...@yahoo.com,
> plug-discuss@lists.plug.phoenix.az.us
> Date: Sunday, December 28, 2008, 6:25 PM
> 
> 
> 
> I personally was slightly aghast that people were
> offering to provide offshore based linux
> administration for $250 for a month?
> 
> Did you see that?
> 
> www.Obnosis.com |
> http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> 
> __
> January PLUG HackFest = Kristy Westphal, AZ Department
> of Economic Security Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux BT3] Pill & leave
> SecurityMatrix, or take the Blue [XP/Vista Pill] &
> stay happily ignorant.
> 
> 
> __
> Date: Sun, 28 Dec 2008 10:00:32 -0800
> From: klsmith2...@yahoo.com
> Subject: Re: Linux Administration
> To: plug-discuss@lists.plug.phoenix.az.us
> 
> 
> 
> I'm not sure what you are trying to tell us Lisa.
> Please be more verbose.
> 
> 
> 
> 
> Keith 
> 
> 
> 
> 
> --- On Sat, 12/27/08, Lisa Kachold
>  wrote:
> From: Lisa Kachold 
> Subject: Linux Administration
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Saturday, December 27, 2008, 7:02 PM
> 
> 
> http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html
> 

Re: Linux Administration

[Stephen]

I love my chair, its a much loved respite from the running around :-)


On 12/29/08, Lisa Kachold  wrote:
>
> I worked 60 hours a week at $30,000 in 1995 at an ISP.
>
> Working with people who could juggle 20 projects with laughing ease, rebuild
> a 24X7 server and swap IP Addresses, knowing how to clear the arp cache on
> everything (which we, of course had access to, controlling all routers,
> switches and firewalls) pretty much ruined me.
>
> I also have some contempt for the American who egotistically holds down a
> chair, after working with dull and inexperienced, yet extremely motivated
> Hindis.
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Date: Mon, 29 Dec 2008 20:09:37 -0700
> From: m...@garfias.org
> To: klsmith2...@yahoo.com; plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Linux Administration
>
> What a dork. And expecting good people for that much?  Jeez.  Maybe if I was
> a junior guy and needed beer money it might be ok, but no thanks.
> On Sun, Dec 28, 2008 at 6:58 PM, keith smith  wrote:
>
>
> I see this stuff from time to time.  He is in for a rude awakening since
> they are asleep while we are awake.
>
>
> Funny thing is the phone shops are starting to come back to the US.
>
> Even though I can hire a PHP programmer for $5 - $12 and hour offshore I
> would never.  I've seen their work and I'll pass.  Not to mention the
> copyright issues that arise.
>
>
>
> --------
> Keith Smith
>
>
> --- On Sun, 12/28/08, Lisa Kachold  wrote:
>
> From: Lisa Kachold 
>
> Subject: RE: Linux  Administration
> To: klsmith2...@yahoo.com, plug-discuss@lists.plug.phoenix.az.us
>
> Date: Sunday, December 28, 2008, 6:25 PM
>
>
>
>
> I personally was slightly aghast that people were offering to provide
> offshore based linux administration for $250 for a month?
>
> Did you see that?
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
>
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue
> [XP/Vista Pill] & stay happily ignorant.
>
>
> Date: Sun, 28 Dec 2008 10:00:32 -0800
> From: klsmith2...@yahoo.com
> Subject: Re: Linux  Administration
> To: plug-discuss@lists.plug.phoenix.az.us
>
>
>
>
>
> I'm not sure what you are trying to tell us Lisa.  Please be more verbose.
>
>
>
> 
> Keith
>
>
>
>
>
> --- On Sat, 12/27/08, Lisa Kachold  wrote:
> From: Lisa Kachold 
>
> Subject: Linux  Administration
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Saturday, December 27, 2008, 7:02 PM
>
>
>
>
> http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
>
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue
> [XP/Vista Pill] & stay happily ignorant.
>
>
>
>
> Send e-mail faster without improving your typing skills. Get your Hotmail(R)
> account.
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
>
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> It's the same Hotmail(R). If by "same" you mean up to 70% faster. Get your
> account now.
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
>
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
>
> ---
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>
> To subscribe, unsubscribe, or to change your mail settings:
>
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> _
> Life on your PC is safer, easier, and more enjoyable with Windows Vista(R).
> http://clk.atdmt.com/MRT/go/127032870/direct/01/

-- 
Sent from my mobile device

A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: Linux Administration

[Lisa Kachold]

I worked 60 hours a week at $30,000 in 1995 at an ISP.

Working with people who could juggle 20 projects with laughing ease, rebuild a 
24X7 server and swap IP Addresses, knowing how to clear the arp cache on 
everything (which we, of course had access to, controlling all routers, 
switches and firewalls) pretty much ruined me.

I also have some contempt for the American who egotistically holds down a 
chair, after working with dull and inexperienced, yet extremely motivated 
Hindis.  

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Date: Mon, 29 Dec 2008 20:09:37 -0700
From: m...@garfias.org
To: klsmith2...@yahoo.com; plug-discuss@lists.plug.phoenix.az.us
Subject: Re: Linux Administration

What a dork. And expecting good people for that much?  Jeez.  Maybe if I was a 
junior guy and needed beer money it might be ok, but no thanks.
On Sun, Dec 28, 2008 at 6:58 PM, keith smith  wrote:


I see this stuff from time to time.  He is in for a rude awakening since they 
are asleep while we are awake.


Funny thing is the phone shops are starting to come back to the US.  

Even though I can hire a PHP programmer for $5 - $12 and hour offshore I would 
never.  I've seen their work and I'll pass.  Not to mention the copyright 
issues that arise.  




Keith Smith


--- On Sun, 12/28/08, Lisa Kachold  wrote:

From: Lisa Kachold 

Subject: RE: Linux  Administration
To: klsmith2...@yahoo.com, plug-discuss@lists.plug.phoenix.az.us

Date: Sunday, December 28, 2008, 6:25 PM




I personally was slightly aghast that people were offering to provide offshore 
based linux administration for $250 for a month?

Did you see that?

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452

January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.


Date: Sun, 28 Dec 2008 10:00:32 -0800
From: klsmith2...@yahoo.com
Subject: Re: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us





I'm not sure what you are trying to tell us Lisa.  Please be more verbose.




Keith 





--- On Sat, 12/27/08, Lisa Kachold  wrote:
From: Lisa Kachold 

Subject: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us
Date: Saturday, December 27, 2008, 7:02 PM




http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452

January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.




Send e-mail faster without improving your typing skills. Get your Hotmail® 
account. 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

It's the same Hotmail®. If by "same" you mean up to 70% faster. Get your 
account now. 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




  
---

PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us

To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


_
Life on your PC is safer, easier, and more enjoyable with Windows Vista®. 
http://clk.atdmt.com/MRT/go/127032870/direct/01/---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration

[Mike Garfias]

What a dork. And expecting good people for that much?  Jeez.  Maybe if I was
a junior guy and needed beer money it might be ok, but no thanks.
On Sun, Dec 28, 2008 at 6:58 PM, keith smith  wrote:

>
> I see this stuff from time to time.  He is in for a rude awakening since
> they are asleep while we are awake.
>
> Funny thing is the phone shops are starting to come back to the US.
>
> Even though I can hire a PHP programmer for $5 - $12 and hour offshore I
> would never.  I've seen their work and I'll pass.  Not to mention the
> copyright issues that arise.
>
>
> 
> Keith Smith
>
>
> --- On *Sun, 12/28/08, Lisa Kachold * wrote:
>
> From: Lisa Kachold 
> Subject: RE: Linux Administration
> To: klsmith2...@yahoo.com, plug-discuss@lists.plug.phoenix.az.us
> Date: Sunday, December 28, 2008, 6:25 PM
>
>
> I personally was slightly aghast that people were offering to provide
> offshore based linux administration for $250 for a month?
>
> Did you see that?
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> --
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue
> [XP/Vista Pill] & stay happily ignorant.
>
> ------
> Date: Sun, 28 Dec 2008 10:00:32 -0800
> From: klsmith2...@yahoo.com
> Subject: Re: Linux Administration
> To: plug-discuss@lists.plug.phoenix.az.us
>
>
>
> I'm not sure what you are trying to tell us Lisa.  Please be more verbose.
>
>
>
> 
> Keith
> <http://www.netcodeman.com/>
>
>
>
> --- On *Sat, 12/27/08, Lisa Kachold * wrote:
>
> From: Lisa Kachold 
> Subject: Linux Administration
> To: plug-discuss@lists.plug.phoenix.az.us
> Date: Saturday, December 27, 2008, 7:02 PM
>
>
> http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> --
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue
> [XP/Vista Pill] & stay happily ignorant.
>
>
>
> --
> Send e-mail faster without improving your typing skills. Get your Hotmail(R)
> account.<http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_speed_122008>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> It's the same Hotmail(R). If by "same" you mean up to 70% faster. Get your
> account 
> now.<http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: Linux Administration

[keith smith]

I see this stuff from time to time.  He is in for a rude awakening since they 
are asleep while we are awake.

Funny thing is the phone shops are starting to come back to the US.  

Even though I can hire a PHP programmer for $5 - $12 and hour offshore I would 
never.  I've seen their work and I'll pass.  Not to mention the copyright 
issues that arise.  



Keith Smith


--- On Sun, 12/28/08, Lisa Kachold  wrote:
From: Lisa Kachold 
Subject: RE: Linux  Administration
To: klsmith2...@yahoo.com, plug-discuss@lists.plug.phoenix.az.us
Date: Sunday, December 28, 2008, 6:25 PM




#yiv203743324 .hmmessage P
{
margin:0px;padding:0px;}
#yiv203743324 {
font-size:10pt;font-family:Verdana;}

I personally was slightly aghast that people were offering to provide offshore 
based linux administration for $250 for a month?

Did you see that?

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.

Date: Sun, 28 Dec 2008 10:00:32 -0800
From: klsmith2...@yahoo.com
Subject: Re: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us



I'm not sure what you are trying to tell us Lisa.  Please be more verbose.




Keith 




--- On Sat, 12/27/08, Lisa Kachold  wrote:
From: Lisa Kachold 
Subject: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us
Date: Saturday, December 27, 2008, 7:02 PM




#yiv203743324 .ExternalClass #EC_yiv1614215407 .EC_hmmessage P
{padding:0px;}
#yiv203743324 .ExternalClass #EC_yiv1614215407
{font-size:10pt;font-family:Verdana;}

http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.



Send e-mail faster without improving your typing skills. Get your Hotmail® 
account. 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

It’s the same Hotmail®. If by “same” you mean up to 70% faster. Get your 
account now. 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


  ---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

RE: Linux Administration

[Lisa Kachold]

I personally was slightly aghast that people were offering to provide offshore 
based linux administration for $250 for a month?

Did you see that?

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.

Date: Sun, 28 Dec 2008 10:00:32 -0800
From: klsmith2...@yahoo.com
Subject: Re: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us



I'm not sure what you are trying to tell us Lisa.  Please be more verbose.




Keith 




--- On Sat, 12/27/08, Lisa Kachold  wrote:
From: Lisa Kachold 
Subject: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us
Date: Saturday, December 27, 2008, 7:02 PM




http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.



Send e-mail faster without improving your typing skills. Get your Hotmail® 
account. 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_
It’s the same Hotmail®. If by “same” you mean up to 70% faster.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Linux Administration

[keith smith]

I'm not sure what you are trying to tell us Lisa.  Please be more verbose.




Keith 




--- On Sat, 12/27/08, Lisa Kachold  wrote:
From: Lisa Kachold 
Subject: Linux  Administration
To: plug-discuss@lists.plug.phoenix.az.us
Date: Saturday, December 27, 2008, 7:02 PM




#yiv1614215407 .hmmessage P
{
margin:0px;padding:0px;}
#yiv1614215407 {
font-size:10pt;font-family:Verdana;}

http://www.getafreelancer.com/projects/Linux/Level-System-Admin-for-EST.html

www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  
hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security 
Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue 
[XP/Vista Pill] & stay happily ignorant.



Send e-mail faster without improving your typing skills. Get your Hotmail® 
account. 
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


  ---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss