Search Results

Search found 59 results on 3 pages for 'nss'.

Page 2/3 | < Previous Page | 1 2 3 | Next Page >

Yum Update Failing mod_ssl and glibc_devel

- by Kerry

Any ideas on how to get this to not fail? # yum update Freeing read locks for locker 0x82: 4189/140342084876032 Freeing read locks for locker 0x84: 4189/140342084876032 Freeing read locks for locker 0x85: 4189/140342084876032 Freeing read locks for locker 0x86: 4189/140342084876032 Freeing read locks for locker 0x87: 4189/140342084876032 Freeing read locks for locker 0x9a: 4189/140342084876032 Freeing read locks for locker 0x9c: 4189/140342084876032 Freeing read locks for locker 0x9d: 4189/140342084876032 Freeing read locks for locker 0x9e: 4189/140342084876032 Freeing read locks for locker 0x9f: 4189/140342084876032 Freeing read locks for locker 0xa0: 4189/140342084876032 Freeing read locks for locker 0xa1: 4189/140342084876032 Freeing read locks for locker 0xa2: 4189/140342084876032 Freeing read locks for locker 0xa3: 4189/140342084876032 Freeing read locks for locker 0xa4: 4189/140342084876032 Freeing read locks for locker 0xa5: 4189/140342084876032 Freeing read locks for locker 0xa6: 4189/140342084876032 Freeing read locks for locker 0xa7: 4189/140342084876032 Freeing read locks for locker 0xa8: 4189/140342084876032 Freeing read locks for locker 0xa9: 4189/140342084876032 Freeing read locks for locker 0xaa: 4189/140342084876032 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.hmc.edu * epel: mirrors.kernel.org * extras: centos.mirror.freedomvoice.com * updates: mirrors.sonic.net Setting up Update Process Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them. The program yum-complete-transaction is found in the yum-utils package. --> Running transaction check ---> Package device-mapper-persistent-data.x86_64 0:0.2.8-2.el6 will be updated ---> Package device-mapper-persistent-data.x86_64 0:0.2.8-4.el6_5 will be an update ---> Package glibc-headers.x86_64 0:2.12-1.132.el6 will be updated --> Processing Dependency: glibc-headers = 2.12-1.132.el6 for package: glibc-devel-2.12-1.132.el6.x86_64 ---> Package glibc-headers.x86_64 0:2.12-1.132.el6_5.2 will be an update ---> Package httpd.x86_64 0:2.2.15-29.el6.centos will be updated --> Processing Dependency: httpd = 2.2.15-29.el6.centos for package: 1:mod_ssl-2.2.15-29.el6.centos.x86_64 ---> Package httpd.x86_64 0:2.2.15-30.el6.centos will be an update ---> Package kernel.x86_64 0:2.6.32-431.17.1.el6 will be installed ---> Package kernel-devel.x86_64 0:2.6.32-431.17.1.el6 will be installed ---> Package selinux-policy-targeted.noarch 0:3.7.19-231.el6_5.1 will be updated ---> Package selinux-policy-targeted.noarch 0:3.7.19-231.el6_5.3 will be an update --> Finished Dependency Resolution Error: Package: 1:mod_ssl-2.2.15-29.el6.centos.x86_64 (@base) Requires: httpd = 2.2.15-29.el6.centos Removing: httpd-2.2.15-29.el6.centos.x86_64 (@base) httpd = 2.2.15-29.el6.centos Updated By: httpd-2.2.15-30.el6.centos.x86_64 (updates) httpd = 2.2.15-30.el6.centos Error: Package: glibc-devel-2.12-1.132.el6.x86_64 (@base) Requires: glibc-headers = 2.12-1.132.el6 Removing: glibc-headers-2.12-1.132.el6.x86_64 (@base) glibc-headers = 2.12-1.132.el6 Updated By: glibc-headers-2.12-1.132.el6_5.2.x86_64 (updates) glibc-headers = 2.12-1.132.el6_5.2 Available: glibc-headers-2.12-1.132.el6_5.1.x86_64 (updates) glibc-headers = 2.12-1.132.el6_5.1 You could try using --skip-broken to work around the problem ** Found 34 pre-existing rpmdb problem(s), 'yum check' output follows: audit-2.2-4.el6_5.x86_64 is a duplicate with audit-2.2-2.el6.x86_64 audit-libs-2.2-4.el6_5.x86_64 is a duplicate with audit-libs-2.2-2.el6.x86_64 curl-7.19.7-37.el6_5.3.x86_64 is a duplicate with curl-7.19.7-37.el6_4.x86_64 device-mapper-multipath-0.4.9-72.el6_5.2.x86_64 is a duplicate with device-mapper-multipath-0.4.9-72.el6_5.1.x86_64 device-mapper-multipath-libs-0.4.9-72.el6_5.2.x86_64 is a duplicate with device-mapper-multipath-libs-0.4.9-72.el6_5.1.x86_64 2:ethtool-3.5-1.4.el6_5.x86_64 is a duplicate with 2:ethtool-3.5-1.2.el6_5.x86_64 glibc-2.12-1.132.el6_5.2.x86_64 is a duplicate with glibc-2.12-1.132.el6.x86_64 glibc-common-2.12-1.132.el6_5.2.x86_64 is a duplicate with glibc-common-2.12-1.132.el6.x86_64 glibc-devel-2.12-1.132.el6_5.2.x86_64 is a duplicate with glibc-devel-2.12-1.132.el6.x86_64 glibc-devel-2.12-1.132.el6_5.2.x86_64 has missing requires of glibc-headers = ('0', '2.12', '1.132.el6_5.2') gnutls-2.8.5-14.el6_5.x86_64 is a duplicate with gnutls-2.8.5-13.el6_5.x86_64 httpd-2.2.15-29.el6.centos.x86_64 has missing requires of httpd-tools = ('0', '2.2.15', '29.el6.centos') httpd-manual-2.2.15-30.el6.centos.noarch has missing requires of httpd = ('0', '2.2.15', '30.el6.centos') iproute-2.6.32-32.el6_5.x86_64 is a duplicate with iproute-2.6.32-31.el6.x86_64 kernel-firmware-2.6.32-431.17.1.el6.noarch is a duplicate with kernel-firmware-2.6.32-431.11.2.el6.noarch kernel-headers-2.6.32-431.17.1.el6.x86_64 is a duplicate with kernel-headers-2.6.32-431.11.2.el6.x86_64 kpartx-0.4.9-72.el6_5.2.x86_64 is a duplicate with kpartx-0.4.9-72.el6_5.1.x86_64 krb5-libs-1.10.3-15.el6_5.1.x86_64 is a duplicate with krb5-libs-1.10.3-10.el6_4.6.x86_64 libblkid-2.17.2-12.14.el6_5.x86_64 is a duplicate with libblkid-2.17.2-12.14.el6.x86_64 libcurl-7.19.7-37.el6_5.3.x86_64 is a duplicate with libcurl-7.19.7-37.el6_4.x86_64 libcurl-devel-7.19.7-37.el6_5.3.x86_64 is a duplicate with libcurl-devel-7.19.7-37.el6_4.x86_64 libtasn1-2.3-6.el6_5.x86_64 is a duplicate with libtasn1-2.3-3.el6_2.1.x86_64 libuuid-2.17.2-12.14.el6_5.x86_64 is a duplicate with libuuid-2.17.2-12.14.el6.x86_64 libxml2-2.7.6-14.el6_5.1.x86_64 is a duplicate with libxml2-2.7.6-14.el6.x86_64 mdadm-3.2.6-7.el6_5.2.x86_64 is a duplicate with mdadm-3.2.6-7.el6.x86_64 1:mod_ssl-2.2.15-30.el6.centos.x86_64 is a duplicate with 1:mod_ssl-2.2.15-29.el6.centos.x86_64 1:mod_ssl-2.2.15-30.el6.centos.x86_64 has missing requires of httpd = ('0', '2.2.15', '30.el6.centos') nss-softokn-3.14.3-10.el6_5.x86_64 is a duplicate with nss-softokn-3.14.3-9.el6.x86_64 openssl-1.0.1e-16.el6_5.7.x86_64 is a duplicate with openssl-1.0.1e-16.el6_5.4.x86_64 openssl-1.0.1e-16.el6_5.14.x86_64 is a duplicate with openssl-1.0.1e-16.el6_5.7.x86_64 openssl-devel-1.0.1e-16.el6_5.14.x86_64 is a duplicate with openssl-devel-1.0.1e-16.el6_5.7.x86_64 selinux-policy-3.7.19-231.el6_5.3.noarch is a duplicate with selinux-policy-3.7.19-231.el6_5.1.noarch tzdata-2014d-1.el6.noarch is a duplicate with tzdata-2014b-1.el6.noarch util-linux-ng-2.17.2-12.14.el6_5.x86_64 is a duplicate with util-linux-ng-2.17.2-12.14.el6.x86_64 UPDATE I installed and ran yum-complete-transaction as requested, it finished some things and suggested I run package-cleanup --problems, which yielded this: package-cleanup --problems Loaded plugins: fastestmirror Package httpd-manual-2.2.15-30.el6.centos.noarch requires httpd = ('0', '2.2.15', '30.el6.centos') Package httpd-2.2.15-29.el6.centos.x86_64 requires httpd-tools = ('0', '2.2.15', '29.el6.centos') Package mod_ssl-2.2.15-30.el6.centos.x86_64 requires httpd = ('0', '2.2.15', '30.el6.centos') Package glibc-devel-2.12-1.132.el6_5.2.x86_64 requires glibc-headers = ('0', '2.12', '1.132.el6_5.2') I'm definitely not a sys-admin, what would be the next step? UPDATE 2 I ran yum distro-sync: # yum distro-sync Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.hmc.edu * epel: mirrors.kernel.org * extras: centos.mirror.freedomvoice.com * updates: mirrors.sonic.net Setting up Distribution Synchronization Process Resolving Dependencies --> Running transaction check ---> Package glibc-headers.x86_64 0:2.12-1.132.el6 will be updated --> Processing Dependency: glibc-headers = 2.12-1.132.el6 for package: glibc-devel-2.12-1.132.el6.x86_64 ---> Package glibc-headers.x86_64 0:2.12-1.132.el6_5.2 will be an update ---> Package httpd.x86_64 0:2.2.15-29.el6.centos will be updated --> Processing Dependency: httpd = 2.2.15-29.el6.centos for package: 1:mod_ssl-2.2.15-29.el6.centos.x86_64 ---> Package httpd.x86_64 0:2.2.15-30.el6.centos will be an update --> Finished Dependency Resolution Error: Package: 1:mod_ssl-2.2.15-29.el6.centos.x86_64 (@base) Requires: httpd = 2.2.15-29.el6.centos Removing: httpd-2.2.15-29.el6.centos.x86_64 (@base) httpd = 2.2.15-29.el6.centos Updated By: httpd-2.2.15-30.el6.centos.x86_64 (updates) httpd = 2.2.15-30.el6.centos Error: Package: glibc-devel-2.12-1.132.el6.x86_64 (@base) Requires: glibc-headers = 2.12-1.132.el6 Removing: glibc-headers-2.12-1.132.el6.x86_64 (@base) glibc-headers = 2.12-1.132.el6 Updated By: glibc-headers-2.12-1.132.el6_5.2.x86_64 (updates) glibc-headers = 2.12-1.132.el6_5.2 Available: glibc-headers-2.12-1.132.el6_5.1.x86_64 (updates) glibc-headers = 2.12-1.132.el6_5.1 You could try using --skip-broken to work around the problem ** Found 34 pre-existing rpmdb problem(s), 'yum check' output follows: audit-2.2-4.el6_5.x86_64 is a duplicate with audit-2.2-2.el6.x86_64 audit-libs-2.2-4.el6_5.x86_64 is a duplicate with audit-libs-2.2-2.el6.x86_64 curl-7.19.7-37.el6_5.3.x86_64 is a duplicate with curl-7.19.7-37.el6_4.x86_64 device-mapper-multipath-0.4.9-72.el6_5.2.x86_64 is a duplicate with device-mapper-multipath-0.4.9-72.el6_5.1.x86_64 device-mapper-multipath-libs-0.4.9-72.el6_5.2.x86_64 is a duplicate with device-mapper-multipath-libs-0.4.9-72.el6_5.1.x86_64 2:ethtool-3.5-1.4.el6_5.x86_64 is a duplicate with 2:ethtool-3.5-1.2.el6_5.x86_64 glibc-2.12-1.132.el6_5.2.x86_64 is a duplicate with glibc-2.12-1.132.el6.x86_64 glibc-common-2.12-1.132.el6_5.2.x86_64 is a duplicate with glibc-common-2.12-1.132.el6.x86_64 glibc-devel-2.12-1.132.el6_5.2.x86_64 is a duplicate with glibc-devel-2.12-1.132.el6.x86_64 glibc-devel-2.12-1.132.el6_5.2.x86_64 has missing requires of glibc-headers = ('0', '2.12', '1.132.el6_5.2') gnutls-2.8.5-14.el6_5.x86_64 is a duplicate with gnutls-2.8.5-13.el6_5.x86_64 httpd-2.2.15-29.el6.centos.x86_64 has missing requires of httpd-tools = ('0', '2.2.15', '29.el6.centos') httpd-manual-2.2.15-30.el6.centos.noarch has missing requires of httpd = ('0', '2.2.15', '30.el6.centos') iproute-2.6.32-32.el6_5.x86_64 is a duplicate with iproute-2.6.32-31.el6.x86_64 kernel-firmware-2.6.32-431.17.1.el6.noarch is a duplicate with kernel-firmware-2.6.32-431.11.2.el6.noarch kernel-headers-2.6.32-431.17.1.el6.x86_64 is a duplicate with kernel-headers-2.6.32-431.11.2.el6.x86_64 kpartx-0.4.9-72.el6_5.2.x86_64 is a duplicate with kpartx-0.4.9-72.el6_5.1.x86_64 krb5-libs-1.10.3-15.el6_5.1.x86_64 is a duplicate with krb5-libs-1.10.3-10.el6_4.6.x86_64 libblkid-2.17.2-12.14.el6_5.x86_64 is a duplicate with libblkid-2.17.2-12.14.el6.x86_64 libcurl-7.19.7-37.el6_5.3.x86_64 is a duplicate with libcurl-7.19.7-37.el6_4.x86_64 libcurl-devel-7.19.7-37.el6_5.3.x86_64 is a duplicate with libcurl-devel-7.19.7-37.el6_4.x86_64 libtasn1-2.3-6.el6_5.x86_64 is a duplicate with libtasn1-2.3-3.el6_2.1.x86_64 libuuid-2.17.2-12.14.el6_5.x86_64 is a duplicate with libuuid-2.17.2-12.14.el6.x86_64 libxml2-2.7.6-14.el6_5.1.x86_64 is a duplicate with libxml2-2.7.6-14.el6.x86_64 mdadm-3.2.6-7.el6_5.2.x86_64 is a duplicate with mdadm-3.2.6-7.el6.x86_64 1:mod_ssl-2.2.15-30.el6.centos.x86_64 is a duplicate with 1:mod_ssl-2.2.15-29.el6.centos.x86_64 1:mod_ssl-2.2.15-30.el6.centos.x86_64 has missing requires of httpd = ('0', '2.2.15', '30.el6.centos') nss-softokn-3.14.3-10.el6_5.x86_64 is a duplicate with nss-softokn-3.14.3-9.el6.x86_64 openssl-1.0.1e-16.el6_5.7.x86_64 is a duplicate with openssl-1.0.1e-16.el6_5.4.x86_64 openssl-1.0.1e-16.el6_5.14.x86_64 is a duplicate with openssl-1.0.1e-16.el6_5.7.x86_64 openssl-devel-1.0.1e-16.el6_5.14.x86_64 is a duplicate with openssl-devel-1.0.1e-16.el6_5.7.x86_64 selinux-policy-3.7.19-231.el6_5.3.noarch is a duplicate with selinux-policy-3.7.19-231.el6_5.1.noarch tzdata-2014d-1.el6.noarch is a duplicate with tzdata-2014b-1.el6.noarch util-linux-ng-2.17.2-12.14.el6_5.x86_64 is a duplicate with util-linux-ng-2.17.2-12.14.el6.x86_64

Read the article
Authenticate users with Zimbra LDAP Server from other CentOS clients

- by efesaid

I'am wondering that how can integrate my database,web,backup etc.. centos servers with Zimbra LDAP Server. Does it require more advanced configuration than standart ldap authentication ? My zimbra server version is [zimbra@zimbra ~]$ zmcontrol -v Release 8.0.5_GA_5839.RHEL6_64_20130910123908 RHEL6_64 FOSS edition. My LDAP Server status is [zimbra@ldap ~]$ zmcontrol status Host ldap.domain.com ldap Running snmp Running stats Running zmconfigd Running I already installed nss-pam-ldapd packages to my servers. [root@www]# rpm -qa | grep ldap nss-pam-ldapd-0.7.5-18.2.el6_4.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 pam_ldap-185-11.el6.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 My /etc/nslcd.conf is [root@www]# tail -n 7 /etc/nslcd.conf uid nslcd gid ldap # This comment prevents repeated auto-migration of settings. uri ldap://ldap.domain.com base dc=domain,dc=com binddn uid=zimbra,cn=admins,cn=zimbra bindpw **pass** ssl no tls_cacertdir /etc/openldap/cacerts When i run [root@www ~]# id username id: username: No such user But i am sure that username user exist on ldap server. EDIT : When i run ldapsearch command i got all result with credentials and dn. [root@www ~]# ldapsearch -H ldap://ldap.domain.com:389 -w **pass** -D uid=zimbra,cn=admins,cn=zimbra -x 'objectclass=*' # extended LDIF # # LDAPv3 # base <dc=domain,dc=com> (default) with scope subtree # filter: objectclass=* # requesting: ALL # # domain.com dn: dc=domain,dc=com zimbraDomainType: local zimbraDomainStatus: active . . .

Read the article
Joining an Ubuntu 14.04 machine to active directory with realm and sssd

- by tubaguy50035

I've tried following this guide to set up realmd and sssd with active directory: http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/ When I run the command realm –verbose join domain.company.com –user-principal=c-u14-dev1/[email protected] –unattended everything seems to connect. My sssd.conf looks like the following: [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [sssd] domains = DOMAIN.COMPANY.COM config_file_version = 2 services = nss, pam [domain/DOMAIN.COMPANY.COM] ad_domain = DOMAIN.COMPANY.COM krb5_realm = DOMAIN.COMPANY.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u access_provider = ad My /etc/pam.d/common-auth looks like this: auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_sss.so use_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_cap.so However, when I try to SSH into the machine with my active directory user, I see the following in auth.log: Aug 21 10:35:59 c-u14-dev1 sshd[11285]: Invalid user nwalke from myip Aug 21 10:35:59 c-u14-dev1 sshd[11285]: input_userauth_request: invalid user nwalke [preauth] Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_krb5(sshd:auth): authentication failure; logname=nwalke uid=0 euid=0 tty=ssh ruser= rhost=myiphostname Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_unix(sshd:auth): check pass; user unknown Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myiphostname Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myiphostname user=nwalke Aug 21 10:36:10 c-u14-dev1 sshd[11285]: pam_sss(sshd:auth): received for user nwalke: 10 (User not known to the underlying authentication module) Aug 21 10:36:12 c-u14-dev1 sshd[11285]: Failed password for invalid user nwalke from myip port 34455 ssh2 What do I need to do to allow active directory users the ability to log in?

Read the article
pam_ldap.so before pam_unix.so? Is it ever possible?

- by user1075993

we have a couple of servers with PAM+LDAP. The configuration is standard (see http://arthurdejong.org/nss-pam-ldapd/setup or http://wiki.debian.org/LDAP/PAM). For example, /etc/pam.d/common-auth contains: auth sufficient pam_unix.so nullok_secure auth requisite pam_succeed_if.so uid >= 1000 quiet auth sufficient pam_ldap.so use_first_pass auth requiered pam_deny.so And, of course, it works for both ldap and local users. But every login goes first to pam_unix.so, fails, and only then tries pam_ldap.so successfully. As a result, we have a well-known failure message for every single ldap user login: pam_unix(<some_service>:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<some_host> user=<some_user> I have up to 60000 of such log messages per day and I want to change the configuration so, that PAM will try ldap authentication first, and only if it fails - try pam_unix.so (I think it can improve the i/o performance of the server). But if I change common-auth to the following: auth sufficient pam_ldap.so use_first_pass auth sufficient pam_unix.so nullok_secure auth requiered pam_deny.so Then I simply can't login anymore with local (non-ldap) user (e.g., via ssh). Does somebody knows the right configuration? Why Debian and nss-pam-ldapd have pam_unix.so at first by default? Is there really no way to change it? Thank you in advance. P.S. I don't want to disable logs, but want to set ldap authentication on the first place.

Read the article
SSSD Authentication

- by user24089

I just built a test server running OpenSuSE 12.1 and am trying to learn how configure sssd, but am not sure where to begin to look for why my config cannot allow me to authenticate. server:/etc/sssd # cat sssd.conf [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss,pam domains = test.local [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 # Section created by YaST [domain/mose.cc] access_provider = ldap ldap_uri = ldap://server.test.local ldap_search_base = dc=test,dc=local ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = True chpass_provider = krb5 auth_provider = krb5 krb5_realm = TEST.LOCAL krb5_kdcip = server.test.local server:/etc # cat ldap.conf base dc=test,dc=local bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://server.test.local ldap_version 3 pam_filter objectClass=posixAccount server:/etc # cat nsswitch.conf passwd: compat sss group: files sss hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files ldap aliases: files shadow: compat server:/etc # cat krb5.conf [libdefaults] default_realm = TEST.LOCAL clockskew = 300 [realms] TEST.LOCAL = { kdc = server.test.local admin_server = server.test.local database_module = ldap default_domain = test.local } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [dbmodules] ldap = { db_library = kldap ldap_kerberos_container_dn = cn=krbContainer,dc=test,dc=local ldap_kdc_dn = cn=Administrator,dc=test,dc=local ldap_kadmind_dn = cn=Administrator,dc=test,dc=local ldap_service_password_file = /etc/openldap/ldap-pw ldap_servers = ldaps://server.test.local } [domain_realm] .test.local = TEST.LOCAL [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false minimum_uid = 1 clockskew = 300 external = sshd use_shmem = sshd } If I log onto the server as root I can su into an ldap user, however if I try to console locally or ssh remotely I am unable to authenticate. getent doesn't show the ldap entries for users, Im not sure if I need to look at LDAP, nsswitch, or what: server:~ # ssh localhost -l test Password: Password: Password: Permission denied (publickey,keyboard-interactive). server:~ # su test test@server:/etc> id uid=1000(test) gid=100(users) groups=100(users) server:~ # tail /var/log/messages Nov 24 09:36:44 server login[14508]: pam_sss(login:auth): system info: [Client not found in Kerberos database] Nov 24 09:36:44 server login[14508]: pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/ttyS1 ruser= rhost= user=test Nov 24 09:36:44 server login[14508]: pam_sss(login:auth): received for user test: 4 (System error) Nov 24 09:36:44 server login[14508]: FAILED LOGIN SESSION FROM /dev/ttyS1 FOR test, System error server:~ # vi /etc/pam.d/common-auth auth required pam_env.so auth sufficient pam_unix2.so auth required pam_sss.so use_first_pass server:~ # vi /etc/pam.d/sshd auth requisite pam_nologin.so auth include common-auth account requisite pam_nologin.so account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_lastlog.so silent noupdate showfailed

Read the article
Anyone know a good web-based file upload package?

- by Ted Wexler

Basically, what I'm looking for is a place for either one of our end users to be able to upload a file to this package, after either receiving a code from one of our support engineers or vice-versa(our engineers upload a file and send a code/link/something to end user) I've spent a bunch of time googling this, I found this: http://turin.nss.udel.edu/programming/dropbox2/, but the code there scares me, and it also doesn't render properly using PHP 5.3(uses short tags, who knows what else.) Does anyone have any recommendations?

Read the article
Why isn't SSL/TLS built into modern Operating Systems?

- by Channel72

A lot of the basic network protocols that make up the infrastructure of the Internet are built in to most major Operating Systems. Things like TCP, UDP, and DNS are all built into Linux, UNIX and Windows, and are made available to the programmer through low-level system APIs. But when it comes to SSL or TLS, one has to turn to a third-party library such as OpenSSL or Mozilla NSS. SSL is a relatively old protocol, and it's basically an industry standard as ubiquitous as TCP/IP, so why isn't it built into most Operating Systems?

Read the article
Internet Explorer 9 est le navigateur le plus sécurisé, quand il s'agit de malwares à diffusion sociale claironne Microsoft

Internet Explorer 9 est le navigateur le plus sécurisé, quand il s'agit de malwares à diffusion sociale, claironne Microsoft Mise à jour le 17.12.2010 par Katleen Microsoft vient de révéler les résultats d'une étude portant sur l'efficacité des dispositifs sécuritaires d'Internet Explorer 9. Les recherches ont été menées par NSS Labs, entité indépendante, et elles concluent qu'Internet Explorer 9 "est le leader du marché en matière de protection des utilisateurs contre les malwares". Il stopperait ainsi 99% des logiciels malicieux, contre 90% pour sa mouture précédente (IE8). Ces excellents résultats seraient à attribuer à la technologie filtrante SmartGreen URL de Microsoft...

Read the article
EHome IR receiver and Ubuntu 13 - any one have this working?

- by squakie

I have a "generic" USB IR receiver I purchased off of Ebay to make my life a little easier with XBMC on my Ubuntu box. I am currently running 13.10 and have never tried nor have any knowledge of IR in Ubuntu. I know of lirc, and I know a lot of it is now included in the kernel. My understanding is that lirc in basic terms maps pulses from an remote control to functions - like keyboard or mouse clicks. It is also my understanding that I might still need a driver or something for my device. lsusb shows the device as: Bus 006 Device 003: ID 147a:e016 Formosa Industrial Computing, Inc. eHome Infrared Receiver dmesg shows the following pertaining to the device: [43635.311985] usb 6-2: USB disconnect, device number 2 [43641.344387] usb 6-2: new full-speed USB device number 3 using ohci-pci [43641.543454] usb 6-2: New USB device found, idVendor=147a, idProduct=e016 [43641.543467] usb 6-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [43641.543473] usb 6-2: Product: eHome Infrared Transceiver [43641.543478] usb 6-2: Manufacturer: Formosa21 [43641.543483] usb 6-2: SerialNumber: FM000623 [43641.555736] Registered IR keymap rc-rc6-mce [43641.555968] input: Media Center Ed. eHome Infrared Remote Transceiver (147a:e016) as /devices/pci0000:00/0000:00:12.0/usb6/6-2/6-2:1.0/rc/rc2/input15 [43641.556221] rc2: Media Center Ed. eHome Infrared Remote Transceiver (147a:e016) as /devices/pci0000:00/0000:00:12.0/usb6/6-2/6-2:1.0/rc/rc2 [43641.556584] input: MCE IR Keyboard/Mouse (mceusb) as /devices/virtual/input/input16 [43641.557186] rc rc2: lirc_dev: driver ir-lirc-codec (mceusb) registered at minor = 0 [43641.731965] mceusb 6-2:1.0: Registered Formosa21 eHome Infrared Transceiver with mce emulator interface version 1 [43641.731978] mceusb 6-2:1.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) (excuse the double spacing, but I had to put in extra cr/lf using "enter" or the entire thing was just one long unreadable string). When I connect the same IR receiver to a Raspberry Pi running OpenELEC/XBMC there is no flashing led unless I press a remote button, and the device works. In Ubuntu, the led is constantly blinking, and nothing happens when I press a remote key. I tried the command line program to test but it never echoes anything back to the terminal window. I believe it must need some sort of driver or something else, but I am completely in the dark on this. If it matters I also have: - Logitech wireless keyboard/mouse USB receiver - Tenda USB wireless adapter And.....I've also noticed some errors now that show in dmesg that seem to somehow related to HDMI if that makes any sense: 46721.144731] HDMI: ELD buf size is 0, force 128 [46721.144749] HDMI: invalid ELD data byte 0 [46721.444025] HDMI: ELD buf size is 0, force 128 [46721.444061] HDMI: invalid ELD data byte 0 [46721.743375] HDMI: ELD buf size is 0, force 128 [46721.743411] HDMI: invalid ELD data byte 0 [46722.043092] HDMI: ELD buf size is 0, force 128 [46722.043118] HDMI: invalid ELD data byte 0 [46722.343086] HDMI: ELD buf size is 0, force 128 [46722.343122] HDMI: invalid ELD data byte 0 [46722.642517] HDMI: ELD buf size is 0, force 128 [46722.642574] HDMI: invalid ELD data byte 0 [46722.942459] HDMI: ELD buf size is 0, force 128 [46722.942485] HDMI: invalid ELD data byte 0 [46723.242103] HDMI: ELD buf size is 0, force 128 [46723.242129] HDMI: invalid ELD data byte 0 [46723.541877] HDMI: ELD buf size is 0, force 128 [46723.541923] HDMI: invalid ELD data byte 0 [58366.651954] HDMI: ELD buf size is 0, force 128 [58366.651980] HDMI: invalid ELD data byte 0 [58366.951523] HDMI: ELD buf size is 0, force 128 [58366.951549] HDMI: invalid ELD data byte 0 [58367.251075] HDMI: ELD buf size is 0, force 128 [58367.251121] HDMI: invalid ELD data byte 0 [58367.550517] HDMI: ELD buf size is 0, force 128 [58367.550563] HDMI: invalid ELD data byte 0 [58367.850219] HDMI: ELD buf size is 0, force 128 [58367.850256] HDMI: invalid ELD data byte 0 [58368.150160] HDMI: ELD buf size is 0, force 128 [58368.150185] HDMI: invalid ELD data byte 0 [58368.449544] HDMI: ELD buf size is 0, force 128 [58368.449570] HDMI: invalid ELD data byte 0 [58368.749583] HDMI: ELD buf size is 0, force 128 [58368.749629] HDMI: invalid ELD data byte 0 [58369.049280] HDMI: ELD buf size is 0, force 128 [58369.049326] HDMI: invalid ELD data byte 0 [58394.706273] HDMI: ELD buf size is 0, force 128 [58394.706300] HDMI: invalid ELD data byte 0 [58394.706350] HDMI: ELD buf size is 0, force 128 [58394.706367] HDMI: invalid ELD data byte 0 [58395.003032] HDMI: ELD buf size is 0, force 128 [58395.003058] HDMI: invalid ELD data byte 0 [58395.302680] HDMI: ELD buf size is 0, force 128 [58395.302705] HDMI: invalid ELD data byte 0 [58395.602442] HDMI: ELD buf size is 0, force 128 [58395.602477] HDMI: invalid ELD data byte 0 [58395.902143] HDMI: ELD buf size is 0, force 128 [58395.902179] HDMI: invalid ELD data byte 0 [58396.201839] HDMI: ELD buf size is 0, force 128 [58396.201875] HDMI: invalid ELD data byte 0 [58396.501538] HDMI: ELD buf size is 0, force 128 [58396.501574] HDMI: invalid ELD data byte 0 [58396.801232] HDMI: ELD buf size is 0, force 128 [58396.801268] HDMI: invalid ELD data byte 0 [58397.100583] HDMI: ELD buf size is 0, force 128 [58397.100627] HDMI: invalid ELD data byte 0 [63095.766042] systemd-hostnamed[8875]: Warning: nss-myhostname is not installed. Changing the local hostname might make it unresolveable. Please install nss-myhostname! dave@davepc:~$ EDIT: Maybe another way to look at this would be what does Ubuntu do or not do that OpenELEC does or doesn't do (on Raspberry Pi) such that it works in OpenELEC but not in Ubuntu?

Read the article
PHP SASL(PECL) sasl_server_init(app) works with CLI but not with ApacheModule

- by ZokRadonh

I have written a simple auth script so that Webusers can type in their username and password and my PHP script verifies them by SASL. The SASL Library is initialized by php function sasl_server_init("phpfoo"). So phpfoo.conf in /etc/sasl2/ is used. phpfoo.conf: pwcheck_method: saslauthd mech_list: PLAIN LOGIN log_level: 9 So the SASL library now tries to connect to saslauthd process by socket. saslauthd command line looks like this: /usr/sbin/saslauthd -r -V -a pam -n 5 So saslauthd uses PAM to authenticate. In the php script I have created sasl connection by sasl_server_new("php", null, "myRealm"); The first argument is the servicename. So PAM uses the file /etc/pam.d/php to see for further authentication information. /etc/pam.d/php: auth required pam_mysql.so try_first_pass=0 config_file=/etc/pam.d/mysqlconf.nss account required pam_permit.so session required pam_permit.so mysqlconf.nss has all information that is needed for a useful MySQL Query to user table. All of this works perfectly when I run the script by command line. php ssasl.php But when I call the same script via webbrowser(php apache module) I get an -20 return code (SASL_NOUSER). In /var/log/messages there is May 18 15:27:12 hostname httpd2-prefork: unable to open Berkeley db /etc/sasldb2: No such file or directory I do not have anything with a Berkeley db for authentication with SASL. I think authentication using /etc/sasldb2 is the default setting. In my opinion it does not read my phpfoo.conf file. For some reason the php-apache-module ignores the parameter in sasl_server_init("phpfoo"). My first thought was that there is a permission issue. So back in shell: su -s /bin/bash wwwrun php ssasl.php "Authentication successful". - No file-permission issue. In the source of the sasl-php-extension we can find: PHP_FUNCTION(sasl_server_init) { char *name; int name_len; if (zend_parse_parameters(1 TSRMLS_CC, "s", &name, &name_len) == FAILURE) { return; } if (sasl_server_init(NULL, name) != SASL_OK) { RETURN_FALSE; } RETURN_TRUE; } This is a simple pass through of the string. Are there any differences between the PHP CLI and PHP ApacheModule version that I am not aware of? Anyway, there are some interesting log entries when I run PHP in CLI mode: May 18 15:44:48 hostname php: SQL engine 'mysql' not supported May 18 15:44:48 hostname php: auxpropfunc error no mechanism available May 18 15:44:48 hostname php: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sqlite May 18 15:44:48 hostname php: sql_select option missing May 18 15:44:48 hostname php: auxpropfunc error no mechanism available May 18 15:44:48 hostname php: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Those lines are followed by lines of saslauthd and PAM which results in authentication success.(I do not get any of them in ApacheModule mode) Looks like that he is trying auxprop pwcheck before saslauthd. I have no other .conf file in /etc/sasl2. When I change the parameter of sasl_server_init to something other then I get the same error in CLI mode as in ApacheModule mode.

Read the article
How do I get intellisense to pop up?

- by TheLearner

How do I get intellisense to pop up while I am coding? I know it pops up when I start typing a known type e.g.: if I type NSS it will finish it for me NSString. How do I get it to give me a bunch of options like in Visual Studio e.g.: if I type NS I want to see what my options are like NSString, NSInteger etc? And if I have not typed anything I still want a bunch of options like all the instance variables etc.

Read the article
dbus dependency with yum

- by Hengjie

Whenever, I try and run yum update I get the following error: [root@server ~]# yum update Loaded plugins: dellsysid, fastestmirror Loading mirror speeds from cached hostfile * base: mirror01.idc.hinet.net * extras: mirror01.idc.hinet.net * rpmforge: fr2.rpmfind.net * updates: mirror01.idc.hinet.net Excluding Packages in global exclude list Finished Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package NetworkManager.x86_64 1:0.7.0-13.el5 set to be updated ---> Package NetworkManager-glib.x86_64 1:0.7.0-13.el5 set to be updated ---> Package SysVinit.x86_64 0:2.86-17.el5 set to be updated ---> Package acl.x86_64 0:2.2.39-8.el5 set to be updated ---> Package acpid.x86_64 0:1.0.4-12.el5 set to be updated ---> Package apr.x86_64 0:1.2.7-11.el5_6.5 set to be updated ---> Package aspell.x86_64 12:0.60.3-12 set to be updated ---> Package audit.x86_64 0:1.8-2.el5 set to be updated ---> Package audit-libs.x86_64 0:1.8-2.el5 set to be updated ---> Package audit-libs-python.x86_64 0:1.8-2.el5 set to be updated ---> Package authconfig.x86_64 0:5.3.21-7.el5 set to be updated ---> Package autofs.x86_64 1:5.0.1-0.rc2.163.el5 set to be updated ---> Package bash.x86_64 0:3.2-32.el5 set to be updated ---> Package bind.x86_64 30:9.3.6-20.P1.el5 set to be updated ---> Package bind-libs.x86_64 30:9.3.6-20.P1.el5 set to be updated ---> Package bind-utils.x86_64 30:9.3.6-20.P1.el5 set to be updated ---> Package binutils.x86_64 0:2.17.50.0.6-20.el5 set to be updated ---> Package centos-release.x86_64 10:5-8.el5.centos set to be updated ---> Package centos-release-notes.x86_64 0:5.8-0 set to be updated ---> Package coreutils.x86_64 0:5.97-34.el5_8.1 set to be updated ---> Package cpp.x86_64 0:4.1.2-52.el5 set to be updated ---> Package cpuspeed.x86_64 1:1.2.1-10.el5 set to be updated ---> Package crash.x86_64 0:5.1.8-1.el5.centos set to be updated ---> Package cryptsetup-luks.x86_64 0:1.0.3-8.el5 set to be updated ---> Package cups.x86_64 1:1.3.7-30.el5 set to be updated ---> Package cups-libs.x86_64 1:1.3.7-30.el5 set to be updated ---> Package curl.x86_64 0:7.15.5-15.el5 set to be updated --> Processing Dependency: dbus = 1.1.2-15.el5_6 for package: dbus-libs ---> Package dbus.x86_64 0:1.1.2-16.el5_7 set to be updated ---> Package dbus-libs.x86_64 0:1.1.2-16.el5_7 set to be updated ---> Package device-mapper.x86_64 0:1.02.67-2.el5 set to be updated ---> Package device-mapper-event.x86_64 0:1.02.67-2.el5 set to be updated ---> Package device-mapper-multipath.x86_64 0:0.4.7-48.el5_8.1 set to be updated ---> Package dhclient.x86_64 12:3.0.5-31.el5 set to be updated ---> Package dmidecode.x86_64 1:2.11-1.el5 set to be updated ---> Package dmraid.x86_64 0:1.0.0.rc13-65.el5 set to be updated ---> Package dmraid-events.x86_64 0:1.0.0.rc13-65.el5 set to be updated ---> Package dump.x86_64 0:0.4b41-6.el5 set to be updated ---> Package e2fsprogs.x86_64 0:1.39-33.el5 set to be updated ---> Package e2fsprogs-devel.x86_64 0:1.39-33.el5 set to be updated ---> Package e2fsprogs-libs.x86_64 0:1.39-33.el5 set to be updated ---> Package ecryptfs-utils.x86_64 0:75-8.el5 set to be updated ---> Package file.x86_64 0:4.17-21 set to be updated ---> Package finger.x86_64 0:0.17-33 set to be updated ---> Package firstboot-tui.x86_64 0:1.4.27.9-1.el5.centos set to be updated ---> Package freetype.x86_64 0:2.2.1-28.el5_7.2 set to be updated ---> Package freetype-devel.x86_64 0:2.2.1-28.el5_7.2 set to be updated ---> Package ftp.x86_64 0:0.17-37.el5 set to be updated ---> Package gamin.x86_64 0:0.1.7-10.el5 set to be updated ---> Package gamin-python.x86_64 0:0.1.7-10.el5 set to be updated ---> Package gawk.x86_64 0:3.1.5-15.el5 set to be updated ---> Package gcc.x86_64 0:4.1.2-52.el5 set to be updated ---> Package gcc-c++.x86_64 0:4.1.2-52.el5 set to be updated ---> Package glibc.i686 0:2.5-81.el5_8.1 set to be updated ---> Package glibc.x86_64 0:2.5-81.el5_8.1 set to be updated ---> Package glibc-common.x86_64 0:2.5-81.el5_8.1 set to be updated ---> Package glibc-devel.x86_64 0:2.5-81.el5_8.1 set to be updated ---> Package glibc-headers.x86_64 0:2.5-81.el5_8.1 set to be updated ---> Package gnutls.x86_64 0:1.4.1-7.el5_8.2 set to be updated ---> Package groff.x86_64 0:1.18.1.1-13.el5 set to be updated ---> Package gtk2.x86_64 0:2.10.4-21.el5_7.7 set to be updated ---> Package gzip.x86_64 0:1.3.5-13.el5.centos set to be updated ---> Package hmaccalc.x86_64 0:0.9.6-4.el5 set to be updated ---> Package htop.x86_64 0:1.0.1-2.el5.rf set to be updated ---> Package hwdata.noarch 0:0.213.26-1.el5 set to be updated ---> Package ifd-egate.x86_64 0:0.05-17.el5 set to be updated ---> Package initscripts.x86_64 0:8.45.42-1.el5.centos set to be updated ---> Package iproute.x86_64 0:2.6.18-13.el5 set to be updated ---> Package iptables.x86_64 0:1.3.5-9.1.el5 set to be updated ---> Package iptables-ipv6.x86_64 0:1.3.5-9.1.el5 set to be updated ---> Package iscsi-initiator-utils.x86_64 0:6.2.0.872-13.el5 set to be updated ---> Package kernel.x86_64 0:2.6.18-308.1.1.el5 set to be installed ---> Package kernel-headers.x86_64 0:2.6.18-308.1.1.el5 set to be updated ---> Package kpartx.x86_64 0:0.4.7-48.el5_8.1 set to be updated ---> Package krb5-devel.x86_64 0:1.6.1-70.el5 set to be updated ---> Package krb5-libs.x86_64 0:1.6.1-70.el5 set to be updated ---> Package krb5-workstation.x86_64 0:1.6.1-70.el5 set to be updated ---> Package ksh.x86_64 0:20100621-5.el5_8.1 set to be updated ---> Package kudzu.x86_64 0:1.2.57.1.26-3.el5.centos set to be updated ---> Package less.x86_64 0:436-9.el5 set to be updated ---> Package lftp.x86_64 0:3.7.11-7.el5 set to be updated ---> Package libX11.x86_64 0:1.0.3-11.el5_7.1 set to be updated ---> Package libX11-devel.x86_64 0:1.0.3-11.el5_7.1 set to be updated ---> Package libXcursor.x86_64 0:1.1.7-1.2 set to be updated ---> Package libacl.x86_64 0:2.2.39-8.el5 set to be updated ---> Package libgcc.x86_64 0:4.1.2-52.el5 set to be updated ---> Package libgomp.x86_64 0:4.4.6-3.el5.1 set to be updated ---> Package libpng.x86_64 2:1.2.10-16.el5_8 set to be updated ---> Package libpng-devel.x86_64 2:1.2.10-16.el5_8 set to be updated ---> Package libsmbios.x86_64 0:2.2.27-3.2.el5 set to be updated ---> Package libstdc++.x86_64 0:4.1.2-52.el5 set to be updated ---> Package libstdc++-devel.x86_64 0:4.1.2-52.el5 set to be updated ---> Package libsysfs.x86_64 0:2.1.0-1.el5 set to be updated ---> Package libusb.x86_64 0:0.1.12-6.el5 set to be updated ---> Package libvolume_id.x86_64 0:095-14.27.el5_7.1 set to be updated ---> Package libxml2.x86_64 0:2.6.26-2.1.15.el5_8.2 set to be updated ---> Package libxml2-python.x86_64 0:2.6.26-2.1.15.el5_8.2 set to be updated ---> Package logrotate.x86_64 0:3.7.4-12 set to be updated ---> Package lsof.x86_64 0:4.78-6 set to be updated ---> Package lvm2.x86_64 0:2.02.88-7.el5 set to be updated ---> Package m2crypto.x86_64 0:0.16-8.el5 set to be updated ---> Package man.x86_64 0:1.6d-2.el5 set to be updated ---> Package man-pages.noarch 0:2.39-20.el5 set to be updated ---> Package mcelog.x86_64 1:0.9pre-1.32.el5 set to be updated ---> Package mesa-libGL.x86_64 0:6.5.1-7.10.el5 set to be updated ---> Package mesa-libGL-devel.x86_64 0:6.5.1-7.10.el5 set to be updated ---> Package microcode_ctl.x86_64 2:1.17-1.56.el5 set to be updated ---> Package mkinitrd.x86_64 0:5.1.19.6-75.el5 set to be updated ---> Package mktemp.x86_64 3:1.5-24.el5 set to be updated --> Processing Dependency: nash = 5.1.19.6-68.el5_6.1 for package: mkinitrd ---> Package nash.x86_64 0:5.1.19.6-75.el5 set to be updated ---> Package net-snmp.x86_64 1:5.3.2.2-17.el5 set to be updated ---> Package net-snmp-devel.x86_64 1:5.3.2.2-17.el5 set to be updated ---> Package net-snmp-libs.x86_64 1:5.3.2.2-17.el5 set to be updated ---> Package net-snmp-utils.x86_64 1:5.3.2.2-17.el5 set to be updated ---> Package net-tools.x86_64 0:1.60-82.el5 set to be updated ---> Package nfs-utils.x86_64 1:1.0.9-60.el5 set to be updated ---> Package nfs-utils-lib.x86_64 0:1.0.8-7.9.el5 set to be updated ---> Package nscd.x86_64 0:2.5-81.el5_8.1 set to be updated ---> Package nspr.x86_64 0:4.8.9-1.el5_8 set to be updated ---> Package nspr-devel.x86_64 0:4.8.9-1.el5_8 set to be updated ---> Package nss.x86_64 0:3.13.1-5.el5_8 set to be updated ---> Package nss-devel.x86_64 0:3.13.1-5.el5_8 set to be updated ---> Package nss-tools.x86_64 0:3.13.1-5.el5_8 set to be updated ---> Package nss_ldap.x86_64 0:253-49.el5 set to be updated ---> Package ntp.x86_64 0:4.2.2p1-15.el5.centos.1 set to be updated ---> Package numactl.x86_64 0:0.9.8-12.el5_6 set to be updated ---> Package oddjob.x86_64 0:0.27-12.el5 set to be updated ---> Package oddjob-libs.x86_64 0:0.27-12.el5 set to be updated ---> Package openldap.x86_64 0:2.3.43-25.el5 set to be updated ---> Package openssh.x86_64 0:4.3p2-82.el5 set to be updated ---> Package openssh-clients.x86_64 0:4.3p2-82.el5 set to be updated ---> Package openssh-server.x86_64 0:4.3p2-82.el5 set to be updated ---> Package openssl.i686 0:0.9.8e-22.el5_8.1 set to be updated ---> Package openssl.x86_64 0:0.9.8e-22.el5_8.1 set to be updated ---> Package openssl-devel.x86_64 0:0.9.8e-22.el5_8.1 set to be updated ---> Package pam_krb5.x86_64 0:2.2.14-22.el5 set to be updated ---> Package pam_pkcs11.x86_64 0:0.5.3-26.el5 set to be updated ---> Package pango.x86_64 0:1.14.9-8.el5.centos.3 set to be updated ---> Package parted.x86_64 0:1.8.1-29.el5 set to be updated ---> Package pciutils.x86_64 0:3.1.7-5.el5 set to be updated ---> Package perl.x86_64 4:5.8.8-38.el5 set to be updated ---> Package perl-Compress-Raw-Bzip2.x86_64 0:2.037-1.el5.rf set to be updated ---> Package perl-Compress-Raw-Zlib.x86_64 0:2.037-1.el5.rf set to be updated ---> Package perl-rrdtool.x86_64 0:1.4.7-1.el5.rf set to be updated ---> Package poppler.x86_64 0:0.5.4-19.el5 set to be updated ---> Package poppler-utils.x86_64 0:0.5.4-19.el5 set to be updated ---> Package popt.x86_64 0:1.10.2.3-28.el5_8 set to be updated ---> Package postgresql-libs.x86_64 0:8.1.23-1.el5_7.3 set to be updated ---> Package procps.x86_64 0:3.2.7-18.el5 set to be updated ---> Package proftpd.x86_64 0:1.3.4a-1.el5.rf set to be updated --> Processing Dependency: perl(Mail::Sendmail) for package: proftpd ---> Package python.x86_64 0:2.4.3-46.el5 set to be updated ---> Package python-ctypes.x86_64 0:1.0.2-3.el5 set to be updated ---> Package python-libs.x86_64 0:2.4.3-46.el5 set to be updated ---> Package python-smbios.x86_64 0:2.2.27-3.2.el5 set to be updated ---> Package rhpl.x86_64 0:0.194.1-2 set to be updated ---> Package rmt.x86_64 0:0.4b41-6.el5 set to be updated ---> Package rng-utils.x86_64 1:2.0-5.el5 set to be updated ---> Package rpm.x86_64 0:4.4.2.3-28.el5_8 set to be updated ---> Package rpm-build.x86_64 0:4.4.2.3-28.el5_8 set to be updated ---> Package rpm-devel.x86_64 0:4.4.2.3-28.el5_8 set to be updated ---> Package rpm-libs.x86_64 0:4.4.2.3-28.el5_8 set to be updated ---> Package rpm-python.x86_64 0:4.4.2.3-28.el5_8 set to be updated ---> Package rrdtool.x86_64 0:1.4.7-1.el5.rf set to be updated ---> Package rsh.x86_64 0:0.17-40.el5_7.1 set to be updated ---> Package rsync.x86_64 0:3.0.6-4.el5_7.1 set to be updated ---> Package ruby.x86_64 0:1.8.5-24.el5 set to be updated ---> Package ruby-libs.x86_64 0:1.8.5-24.el5 set to be updated ---> Package sblim-sfcb.x86_64 0:1.3.11-49.el5 set to be updated ---> Package sblim-sfcc.x86_64 0:2.2.2-49.el5 set to be updated ---> Package selinux-policy.noarch 0:2.4.6-327.el5 set to be updated ---> Package selinux-policy-targeted.noarch 0:2.4.6-327.el5 set to be updated ---> Package setup.noarch 0:2.5.58-9.el5 set to be updated ---> Package shadow-utils.x86_64 2:4.0.17-20.el5 set to be updated ---> Package smartmontools.x86_64 1:5.38-3.el5 set to be updated ---> Package smbios-utils-bin.x86_64 0:2.2.27-3.2.el5 set to be updated ---> Package smbios-utils-python.x86_64 0:2.2.27-3.2.el5 set to be updated ---> Package sos.noarch 0:1.7-9.62.el5 set to be updated ---> Package srvadmin-omilcore.x86_64 0:6.5.0-1.452.1.el5 set to be updated ---> Package strace.x86_64 0:4.5.18-11.el5_8 set to be updated ---> Package subversion.x86_64 0:1.6.11-7.el5_6.4 set to be updated ---> Package sudo.x86_64 0:1.7.2p1-13.el5 set to be updated ---> Package sysfsutils.x86_64 0:2.1.0-1.el5 set to be updated ---> Package syslinux.x86_64 0:3.11-7 set to be updated ---> Package system-config-network-tui.noarch 0:1.3.99.21-1.el5 set to be updated ---> Package talk.x86_64 0:0.17-31.el5 set to be updated ---> Package tar.x86_64 2:1.15.1-31.el5 set to be updated ---> Package traceroute.x86_64 3:2.0.1-6.el5 set to be updated ---> Package tzdata.x86_64 0:2012b-3.el5 set to be updated ---> Package udev.x86_64 0:095-14.27.el5_7.1 set to be updated ---> Package util-linux.x86_64 0:2.13-0.59.el5 set to be updated ---> Package vixie-cron.x86_64 4:4.1-81.el5 set to be updated ---> Package wget.x86_64 0:1.11.4-3.el5_8.1 set to be updated ---> Package xinetd.x86_64 2:2.3.14-16.el5 set to be updated ---> Package yp-tools.x86_64 0:2.9-2.el5 set to be updated ---> Package ypbind.x86_64 3:1.19-12.el5_6.1 set to be updated ---> Package yum.noarch 0:3.2.22-39.el5.centos set to be updated ---> Package yum-dellsysid.x86_64 0:2.2.27-3.2.el5 set to be updated ---> Package yum-fastestmirror.noarch 0:1.1.16-21.el5.centos set to be updated ---> Package zlib.x86_64 0:1.2.3-4.el5 set to be updated ---> Package zlib-devel.x86_64 0:1.2.3-4.el5 set to be updated --> Running transaction check --> Processing Dependency: dbus = 1.1.2-15.el5_6 for package: dbus-libs --> Processing Dependency: nash = 5.1.19.6-68.el5_6.1 for package: mkinitrd ---> Package perl-Mail-Sendmail.noarch 0:0.79-1.2.el5.rf set to be updated base/filelists | 3.5 MB 00:00 dell-omsa-indep/filelists | 195 kB 00:01 dell-omsa-specific/filelists | 1.0 kB 00:00 extras/filelists_db | 224 kB 00:00 rpmforge/filelists | 4.8 MB 00:06 updates/filelists_db | 715 kB 00:00 --> Finished Dependency Resolution dbus-libs-1.1.2-15.el5_6.i386 from installed has depsolving problems --> Missing Dependency: dbus = 1.1.2-15.el5_6 is needed by package dbus-libs-1.1.2-15.el5_6.i386 (installed) mkinitrd-5.1.19.6-68.el5_6.1.i386 from installed has depsolving problems --> Missing Dependency: nash = 5.1.19.6-68.el5_6.1 is needed by package mkinitrd-5.1.19.6-68.el5_6.1.i386 (installed) Error: Missing Dependency: nash = 5.1.19.6-68.el5_6.1 is needed by package mkinitrd-5.1.19.6-68.el5_6.1.i386 (installed) Error: Missing Dependency: dbus = 1.1.2-15.el5_6 is needed by package dbus-libs-1.1.2-15.el5_6.i386 (installed) You could try using --skip-broken to work around the problem You could try running: package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles --nodigest The program package-cleanup is found in the yum-utils package. I have tried running package-cleanup --dupes and package-cleanup --problems but to no avail.

Read the article
LDAP System Authentication in Ubuntu

- by andrew

Hi, I'm having a bit of an issue with system authentication against LDAP in Ubuntu. The LDAP server is OpenLDAP on Ubuntu 10.10, and the client is Ubuntu 10.10 also. I've set up the client by following the "LDAP Authentication" steps at https://help.ubuntu.com/10.10/serverguide/C/openldap-server.html apt-get install libnss-ldap; auth-client-config -t nss -p lac_ldap; pam-auth-update I've done these steps on the server and been able to see LDAP users when running getent passwd. Doing the same steps on the client, getent passwd does not return any LDAP users. Any ideas?

Read the article
Redhat 6 gui installation VS kickstart gives me different packages?

- by jonaz

If i do the graphical install and select basic server + aide and screen i get a system with 535 installed packages. If i look at the /root/anaconda-ks.cfg file in that freshly installed system i see: %packages @base @console-internet @core @debugging @directory-client @hardware-monitoring @java-platform @large-systems @network-file-system-client @performance @perl-runtime @security-tools @server-platform @server-policy @system-admin-tools pax python-dmidecode oddjob sgpio certmonger pam_krb5 krb5-workstation nscd pam_ldap nss-pam-ldapd perl-DBD-SQLite aide screen If i then install a NEW system using a kickstart only containing those packages i get 620 installed packages. So basicly my question is why does the system install almost 100 more packages when using kickstart compared to the GUI installation when the exact same packagegroups are selected?

Read the article
Ubuntu 12.04 VPS doesn't boot with mysql in nsswitch.conf

- by chrisv

1and1 VPS ("dynamic cloud server") does not boot any more as soon as mysql lookup is enabled in nsswitch.conf - any suggestions appreciated. Minimal setup to reproduce the problem: install Ubuntu 12.04 / LTS minimal server image install mysql-server, libnss-mysql-bg, nscd configure /etc/libnss-mysql.cfg and /etc/libnss-mysql-root.cfg set up appropriate database tables configure nss lookups through mysql in nsswitch.conf passwd: compat mysql group: compat mysql shadow: compat mysql Now, when I try to reboot the server it just hangs. No logs (maybe due to /var not yet being mounted), and I can't see console output (since this is a VPS). Booting into recovery image and removing "mysql" from /etc/nsswitch.conf makes the system bootable again, so this is definitely related to nsswitch/libnss-mysql-bg. There's a thread on gentoo-users which seems to describe a similar problem, unfortunately there's no real solution described, also the thread is rather old (from 2006) so I'm not sure whether this applies to me at all.

Read the article
LDAP loginShell on platforms with different paths

- by neoice

I'm using LDAP to deal with users and authentication across my network. I'm now adding FreeBSD hosts and have hit a problem with login shells. on Linux, shells tend to be in /bin/$shellname, so setting my login shell in LDAP to /bin/zsh works perfectly. on FreeBSD, /bin/zsh doesnt exist, I need to use /usr/local/bin/zsh. is there a solution to this? I imagine I might be able to make some sort of login-shell.sh script that LDAP passes out as the "shell" and then use the script to determine the actual shell for the user, but I'm not a fan of that idea. I'm using Debian and FreeBSD, both with a standard OpenLDAP/PAM/nss setup. edit: it looks like using /bin/sh and adding an exec $shell to .profile would "work", but that doesnt scale very well.

Read the article
Solaris 11.1: Changes to included FOSS packages

- by alanc

Besides the documentation changes I mentioned last time, another place you can see Solaris 11.1 changes before upgrading is in the online package repository, now that the 11.1 packages have been published to http://pkg.oracle.com/solaris/release/, as the “0.175.1.0.0.24.2” branch. (Oracle Solaris Package Versioning explains what each field in that version string means.) When you’re ready to upgrade to the packages from either this repo, or the support repository, you’ll want to first read How to Update to Oracle Solaris 11.1 Using the Image Packaging System by Pete Dennis, as there are a couple issues you will need to be aware of to do that upgrade, several of which are due to changes in the Free and Open Source Software (FOSS) packages included with Solaris, as I’ll explain in a bit. Solaris 11 can update more readily than Solaris 10 In the Solaris 10 and older update models, the way the updates were built constrained what changes we could make in those releases. To change an existing SVR4 package in those releases, we created a Solaris Patch, which applied to a given version of the SVR4 package and replaced, added or deleted files in it. These patches were released via the support websites (originally SunSolve, now My Oracle Support) for applying to existing Solaris 10 installations, and were also merged into the install images for the next Solaris 10 update release. (This Solaris Patches blog post from Gerry Haskins dives deeper into that subject.) Some of the restrictions of this model were that package refactoring, changes to package dependencies, and even just changing the package version number, were difficult to do in this hybrid patch/OS update model. For instance, when Solaris 10 first shipped, it had the Xorg server from X11R6.8. Over the first couple years of update releases we were able to keep it up to date by replacing, adding, & removing files as necessary, taking it all the way up to Xorg server release 1.3 (new version numbering begun after the X11R7 split of the X11 tree into separate modules gave each module its own version). But if you run pkginfo on the SUNWxorg-server package, you’ll see it still displayed a version number of 6.8, confusing users as to which version was actually included. We stopped upgrading the Xorg server releases in Solaris 10 after 1.3, as later versions added new dependencies, such as HAL, D-Bus, and libpciaccess, which were very difficult to manage in this patching model. (We later got libpciaccess to work, but HAL & D-Bus would have been much harder due to the greater dependency tree underneath those.) Similarly, every time the GNOME team looked into upgrading Solaris 10 past GNOME 2.6, they found these constraints made it so difficult it wasn’t worthwhile, and eventually GNOME’s dependencies had changed enough it was completely infeasible. Fortunately, this worked out for both the X11 & GNOME teams, with our management making the business decision to concentrate on the “Nevada” branch for desktop users - first as Solaris Express Desktop Edition, and later as OpenSolaris, so we didn’t have to fight to try to make the package updates fit into these tight constraints. Meanwhile, the team designing the new packaging system for Solaris 11 was seeing us struggle with these problems, and making this much easier to manage for both the development teams and our users was one of their big goals for the IPS design they were working on. Now that we’ve reached the first update release to Solaris 11, we can start to see the fruits of their labors, with more FOSS updates in 11.1 than we had in many Solaris 10 update releases, keeping software more up to date with the upstream communities. Of course, just because we can more easily update now, doesn’t always mean we should or will do so, it just removes the package system limitations from forcing the decision for us. So while we’ve upgraded the X Window System in the 11.1 release from X11R7.6 to 7.7, the Solaris GNOME team decided it was not the right time to try to make the jump from GNOME 2 to GNOME 3, though they did update some individual components of the desktop, especially those with security fixes like Firefox. In other parts of the system, decisions as to what to update were prioritized based on how they affected other projects, or what customer requests we’d gotten for them. So with all that background in place, what packages did we actually update or add between Solaris 11.0 and 11.1? Core OS Functionality One of the FOSS changes with the biggest impact in this release is the upgrade from Grub Legacy (0.97) to Grub 2 (1.99) for the x64 platform boot loader. This is the cause of one of the upgrade quirks, since to go from Solaris 11.0 to 11.1 on x64 systems, you first need to update the Boot Environment tools (such as beadm) to a new version that can handle boot environments that use the Grub2 boot loader. System administrators can find the details they need to know about the new Grub in the Administering the GRand Unified Bootloader chapter of the Booting and Shutting Down Oracle Solaris 11.1 Systems guide. This change was necessary to be able to support new hardware coming into the x64 marketplace, including systems using UEFI firmware or booting off disk drives larger than 2 terabytes. For both platforms, Solaris 11.1 adds rsyslog as an optional alternative to the traditional syslogd, and OpenSCAP for checking security configuration settings are compliant with site policies. Note that the support repo actually has newer versions of BIND & fetchmail than the 11.1 release, as some late breaking critical fixes came through from the community upstream releases after the Solaris 11.1 release was frozen, and made their way to the support repository. These are responsible for the other big upgrade quirk in this release, in which to upgrade a system which already installed those versions from the support repo, you need to either wait for those packages to make their way to the 11.1 branch of the support repo, or follow the steps in the aforementioned upgrade walkthrough to let the package system know it's okay to temporarily downgrade those. Developer Stack While Solaris 11.0 included Python 2.7, many of the bundled python modules weren’t packaged for it yet, limiting its usability. For 11.1, many more of the python modules include 2.7 versions (enough that I filtered them out of the below table, but you can always search on the package repository server for them. For other language runtimes and development tools, 11.1 expands the use of IPS mediated links to choose which version of a package is the default when the packages are designed to allow multiple versions to install side by side. For instance, in Solaris 11.0, GNU automake 1.9 and 1.10 were provided, and developers had to run them as either automake-1.9 or automake-1.10. In Solaris 11.1, when automake 1.11 was added, also added was a /usr/bin/automake mediated link, which points to the automake-1.11 program by default, but can be changed to another version by running the pkg set-mediator command. Mediated links were also used for the Java runtime & development kits in 11.1, changing the default versions to the Java 7 releases (the 1.7.0.x package versions), while allowing admins to switch links such as /usr/bin/javac back to Java 6 if they need to for their site, to deal with Java 7 compatibility or other issues, without having to update each usage to use the full versioned /usr/jdk/jdk1.6.0_35/bin/javac paths for every invocation. Desktop Stack As I mentioned before, we upgraded from X11R7.6 to X11R7.7, since a pleasant coincidence made the X.Org release dates line up nicely with our feature & code freeze dates for this release. (Or perhaps it wasn’t so coincidental, after all, one of the benefits of being the person making the release is being able to decide what schedule is most convenient for you, and this one worked well for me.) For the table below, I’ve skipped listing the packages in which we use the X11 “katamari” version for the Solaris package version (mainly packages combining elements of multiple upstream modules with independent version numbers), since they just all changed from 7.6 to 7.7. In the graphics drivers, we worked with Intel to update the Intel Integrated Graphics Processor support to support 3D graphics and kernel mode setting on the Ivy Bridge chipsets, and updated Nvidia’s non-FOSS graphics driver from 280.13 to 295.20. Higher up in the desktop stack, PulseAudio was added for audio support, and liblouis for Braille support, and the GNOME applications were built to use them. The Mozilla applications, Firefox & Thunderbird moved to the current Extended Support Release (ESR) versions, 10.x for each, to bring up-to-date security fixes without having to be on Mozilla’s agressive 6 week feature cycle release train. Detailed list of changes This table shows most of the changes to the FOSS packages between Solaris 11.0 and 11.1. As noted above, some were excluded for clarity, or to reduce noise and duplication. All the FOSS packages which didn't change the version number in their packaging info are not included, even if they had updates to fix bugs, security holes, or add support for new hardware or new features of Solaris. Package11.011.1 archiver/unrar 3.8.5 4.1.4 audio/sox 14.3.0 14.3.2 backup/rdiff-backup 1.2.1 1.3.3 communication/im/pidgin 2.10.0 2.10.5 compress/gzip 1.3.5 1.4 compress/xz not included 5.0.1 database/sqlite-3 3.7.6.3 3.7.11 desktop/remote-desktop/tigervnc 1.0.90 1.1.0 desktop/window-manager/xcompmgr 1.1.5 1.1.6 desktop/xscreensaver 5.12 5.15 developer/build/autoconf 2.63 2.68 developer/build/autoconf/xorg-macros 1.15.0 1.17 developer/build/automake-111 not included 1.11.2 developer/build/cmake 2.6.2 2.8.6 developer/build/gnu-make 3.81 3.82 developer/build/imake 1.0.4 1.0.5 developer/build/libtool 1.5.22 2.4.2 developer/build/makedepend 1.0.3 1.0.4 developer/documentation-tool/doxygen 1.5.7.1 1.7.6.1 developer/gnu-binutils 2.19 2.21.1 developer/java/jdepend not included 2.9 developer/java/jdk-6 1.6.0.26 1.6.0.35 developer/java/jdk-7 1.7.0.0 1.7.0.7 developer/java/jpackage-utils not included 1.7.5 developer/java/junit 4.5 4.10 developer/lexer/jflex not included 1.4.1 developer/parser/byaccj not included 1.14 developer/parser/java_cup not included 0.10 developer/quilt 0.47 0.60 developer/versioning/git 1.7.3.2 1.7.9.2 developer/versioning/mercurial 1.8.4 2.2.1 developer/versioning/subversion 1.6.16 1.7.5 diagnostic/constype 1.0.3 1.0.4 diagnostic/nmap 5.21 5.51 diagnostic/scanpci 0.12.1 0.13.1 diagnostic/wireshark 1.4.8 1.8.2 diagnostic/xload 1.1.0 1.1.1 editor/gnu-emacs 23.1 23.4 editor/vim 7.3.254 7.3.600 file/lndir 1.0.2 1.0.3 image/editor/bitmap 1.0.5 1.0.6 image/gnuplot 4.4.0 4.6.0 image/library/libexif 0.6.19 0.6.21 image/library/libpng 1.4.8 1.4.11 image/library/librsvg 2.26.3 2.34.1 image/xcursorgen 1.0.4 1.0.5 library/audio/pulseaudio not included 1.1 library/cacao 2.3.0.0 2.3.1.0 library/expat 2.0.1 2.1.0 library/gc 7.1 7.2 library/graphics/pixman 0.22.0 0.24.4 library/guile 1.8.4 1.8.6 library/java/javadb 10.5.3.0 10.6.2.1 library/java/subversion 1.6.16 1.7.5 library/json-c not included 0.9 library/libedit not included 3.0 library/libee not included 0.3.2 library/libestr not included 0.1.2 library/libevent 1.3.5 1.4.14.2 library/liblouis not included 2.1.1 library/liblouisxml not included 2.1.0 library/libtecla 1.6.0 1.6.1 library/libtool/libltdl 1.5.22 2.4.2 library/nspr 4.8.8 4.8.9 library/openldap 2.4.25 2.4.30 library/pcre 7.8 8.21 library/perl-5/subversion 1.6.16 1.7.5 library/python-2/jsonrpclib not included 0.1.3 library/python-2/lxml 2.1.2 2.3.3 library/python-2/nose not included 1.1.2 library/python-2/pyopenssl not included 0.11 library/python-2/subversion 1.6.16 1.7.5 library/python-2/tkinter-26 2.6.4 2.6.8 library/python-2/tkinter-27 2.7.1 2.7.3 library/security/nss 4.12.10 4.13.1 library/security/openssl 1.0.0.5 (1.0.0e) 1.0.0.10 (1.0.0j) mail/thunderbird 6.0 10.0.6 network/dns/bind 9.6.3.4.3 9.6.3.7.2 package/pkgbuild not included 1.3.104 print/filter/enscript not included 1.6.4 print/filter/gutenprint 5.2.4 5.2.7 print/lp/filter/foomatic-rip 3.0.2 4.0.15 runtime/java/jre-6 1.6.0.26 1.6.0.35 runtime/java/jre-7 1.7.0.0 1.7.0.7 runtime/perl-512 5.12.3 5.12.4 runtime/python-26 2.6.4 2.6.8 runtime/python-27 2.7.1 2.7.3 runtime/ruby-18 1.8.7.334 1.8.7.357 runtime/tcl-8/tcl-sqlite-3 3.7.6.3 3.7.11 security/compliance/openscap not included 0.8.1 security/nss-utilities 4.12.10 4.13.1 security/sudo 1.8.1.2 1.8.4.5 service/network/dhcp/isc-dhcp 4.1 4.1.0.6 service/network/dns/bind 9.6.3.4.3 9.6.3.7.2 service/network/ftp (ProFTPD) 1.3.3.0.5 1.3.3.0.7 service/network/samba 3.5.10 3.6.6 shell/conflict 0.2004.9.1 0.2010.6.27 shell/pipe-viewer 1.1.4 1.2.0 shell/zsh 4.3.12 4.3.17 system/boot/grub 0.97 1.99 system/font/truetype/liberation 1.4 1.7.2 system/library/freetype-2 2.4.6 2.4.9 system/library/libnet 1.1.2.1 1.1.5 system/management/cim/pegasus 2.9.1 2.11.0 system/management/ipmitool 1.8.10 1.8.11 system/management/wbem/wbemcli 1.3.7 1.3.9.1 system/network/routing/quagga 0.99.8 0.99.19 system/rsyslog not included 6.2.0 terminal/luit 1.1.0 1.1.1 text/convmv 1.14 1.15 text/gawk 3.1.5 3.1.8 text/gnu-grep 2.5.4 2.10 web/browser/firefox 6.0.2 10.0.6 web/browser/links 1.0 1.0.3 web/java-servlet/tomcat 6.0.33 6.0.35 web/php-53 not included 5.3.14 web/php-53/extension/php-apc not included 3.1.9 web/php-53/extension/php-idn not included 0.2.0 web/php-53/extension/php-memcache not included 3.0.6 web/php-53/extension/php-mysql not included 5.3.14 web/php-53/extension/php-pear not included 5.3.14 web/php-53/extension/php-suhosin not included 0.9.33 web/php-53/extension/php-tcpwrap not included 1.1.3 web/php-53/extension/php-xdebug not included 2.2.0 web/php-common not included 11.1 web/proxy/squid 3.1.8 3.1.18 web/server/apache-22 2.2.20 2.2.22 web/server/apache-22/module/apache-sed 2.2.20 2.2.22 web/server/apache-22/module/apache-wsgi not included 3.3 x11/diagnostic/xev 1.1.0 1.2.0 x11/diagnostic/xscope 1.3 1.3.1 x11/documentation/xorg-docs 1.6 1.7 x11/keyboard/xkbcomp 1.2.3 1.2.4 x11/library/libdmx 1.1.1 1.1.2 x11/library/libdrm 2.4.25 2.4.32 x11/library/libfontenc 1.1.0 1.1.1 x11/library/libfs 1.0.3 1.0.4 x11/library/libice 1.0.7 1.0.8 x11/library/libsm 1.2.0 1.2.1 x11/library/libx11 1.4.4 1.5.0 x11/library/libxau 1.0.6 1.0.7 x11/library/libxcb 1.7 1.8.1 x11/library/libxcursor 1.1.12 1.1.13 x11/library/libxdmcp 1.1.0 1.1.1 x11/library/libxext 1.3.0 1.3.1 x11/library/libxfixes 4.0.5 5.0 x11/library/libxfont 1.4.4 1.4.5 x11/library/libxft 2.2.0 2.3.1 x11/library/libxi 1.4.3 1.6.1 x11/library/libxinerama 1.1.1 1.1.2 x11/library/libxkbfile 1.0.7 1.0.8 x11/library/libxmu 1.1.0 1.1.1 x11/library/libxmuu 1.1.0 1.1.1 x11/library/libxpm 3.5.9 3.5.10 x11/library/libxrender 0.9.6 0.9.7 x11/library/libxres 1.0.5 1.0.6 x11/library/libxscrnsaver 1.2.1 1.2.2 x11/library/libxtst 1.2.0 1.2.1 x11/library/libxv 1.0.6 1.0.7 x11/library/libxvmc 1.0.6 1.0.7 x11/library/libxxf86vm 1.1.1 1.1.2 x11/library/mesa 7.10.2 7.11.2 x11/library/toolkit/libxaw7 1.0.9 1.0.11 x11/library/toolkit/libxt 1.0.9 1.1.3 x11/library/xtrans 1.2.6 1.2.7 x11/oclock 1.0.2 1.0.3 x11/server/xdmx 1.10.3 1.12.2 x11/server/xephyr 1.10.3 1.12.2 x11/server/xorg 1.10.3 1.12.2 x11/server/xorg/driver/xorg-input-keyboard 1.6.0 1.6.1 x11/server/xorg/driver/xorg-input-mouse 1.7.1 1.7.2 x11/server/xorg/driver/xorg-input-synaptics 1.4.1 1.6.2 x11/server/xorg/driver/xorg-input-vmmouse 12.7.0 12.8.0 x11/server/xorg/driver/xorg-video-ast 0.91.10 0.93.10 x11/server/xorg/driver/xorg-video-ati 6.14.1 6.14.4 x11/server/xorg/driver/xorg-video-cirrus 1.3.2 1.4.0 x11/server/xorg/driver/xorg-video-dummy 0.3.4 0.3.5 x11/server/xorg/driver/xorg-video-intel 2.10.0 2.18.0 x11/server/xorg/driver/xorg-video-mach64 6.9.0 6.9.1 x11/server/xorg/driver/xorg-video-mga 1.4.13 1.5.0 x11/server/xorg/driver/xorg-video-openchrome 0.2.904 0.2.905 x11/server/xorg/driver/xorg-video-r128 6.8.1 6.8.2 x11/server/xorg/driver/xorg-video-trident 1.3.4 1.3.5 x11/server/xorg/driver/xorg-video-vesa 2.3.0 2.3.1 x11/server/xorg/driver/xorg-video-vmware 11.0.3 12.0.2 x11/server/xserver-common 1.10.3 1.12.2 x11/server/xvfb 1.10.3 1.12.2 x11/server/xvnc 1.0.90 1.1.0 x11/session/sessreg 1.0.6 1.0.7 x11/session/xauth 1.0.6 1.0.7 x11/session/xinit 1.3.1 1.3.2 x11/transset 0.9.1 1.0.0 x11/trusted/trusted-xorg 1.10.3 1.12.2 x11/x11-window-dump 1.0.4 1.0.5 x11/xclipboard 1.1.1 1.1.2 x11/xclock 1.0.5 1.0.6 x11/xfd 1.1.0 1.1.1 x11/xfontsel 1.0.3 1.0.4 x11/xfs 1.1.1 1.1.2 P.S. To get the version numbers for this table, I ran a quick perl script over the output from: % pkg contents -H -r -t depend -a type=incorporate -o fmri \ `pkg contents -H -r -t depend -a type=incorporate -o fmri [email protected],5.11-0.175.1.0.0.24` \ | sort /tmp/11.1 % pkg contents -H -r -t depend -a type=incorporate -o fmri \ `pkg contents -H -r -t depend -a type=incorporate -o fmri [email protected],5.11-0.175.0.0.0.2` \ | sort /tmp/11.0

Read the article
Importing PKCS#12 (.p12) files into Firefox From the Command Line

- by user11165

I’ve posted this question up on #Ubuntu and #Firefox Forums, and really could do with some help.. Anyone know where i could look or help with the answer. I’m hoping the power of social media will come through… I have a need to perform the following action: Firefox 3.6.x: Quote: open Edit - Preferences - Advanced - Encryption - View Certificates - Your Certificates - Import However i need the same functionality from the bash command line. So far I’ve established that the following command is supposed to be used: Quote: certutil -A -t “u,u,u” -d /home/df001/.mozilla/firefox/qe5y5lht.tc.default/ -n “mycert” -i client.p12 This executes with no isses, however, doesn’t show up in any Firefox Certificate store. However, I have noted that prior to running this command, i have a cert8.db key3.db and secmod.db file in the above folder. After running the command the certutil seems to have created a cert9.db, key4.db and pkcs12.txt file Listing the contents using the command: Quote: certutil -L -d sql:/home/df001/.mozilla/firefox/qe5y5lht.tc.default/ does seem to confirm my attempts of importing files into a certificate folder of some kind have worked. because i get Quote: Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Thawte SSL CA „ Go Daddy Secure Certification Authority „ Thawte SGC CA „ Entrust Certification Authority - L1C „ My Nero CT,C,c mynero P„ davidfield - Internet Widgits Pty Ltd u,u,u So, having tried this, and heading back over to the www, i cam across this command: Quote: pk12util -d /home/df001/.mozilla/firefox/qe5y5lht.tc.default/ -i client.p12 -n “David Field” -P “cert8.db” this again, appears to be importing something somewhere, however, again, Viewing certs from the Firefox interface doesn’t show the imported Cert. I’m surmising here on reading that the certutil and pk12util are creating a new NSS database, which firefox isn’t reading. So my question is, how can i get the p12 cert from the command line so it displays in the firefox Certificate manager interface? Why have i posted this here? Why not post on the firefox forum? Well i will copy and post the same question there as well, however the ability to use the command line to do this is important, as I have potentially 2000 machines which will need a user cert imported into firefox via a p12 file. I need to do this in the form of a script, i thought the hard part was going to be making the p12 file from the microsoft 2003 CA, turns out thats easy. I can’t just import via the GUI and copy over cert8.db x 2000, i can’t ask users to use the CA webinterface as its for VPN access, the users are off site, and they need the VPN to get to the cert server.. Is there any person out there who can help? By the way, i don't have the tor buttun installed.

Read the article
How to build glibc 2.11.2 on RHEL5?

- by netvope

Using gcc-4.4.4 or 4.5.0, I'm unable to make glibc-2.11.2 on RHEL 5.5: .././scripts/mkinstalldirs /dev/shm/glibc-2.11.2-build/sunrpc/rpcsvc CPP='gcc -B/home/klaw/share/rhel5/ -E -x c-header' /dev/shm/glibc-2.11.2-build/elf/ld-linux-x86-64.so.2 --library-path /dev/shm/glibc-2.11.2-build:/dev/shm/glibc-2.11.2-build/math:/dev/shm/glibc-2.11.2-build/elf:/dev/shm/glibc-2.11.2-build/dlfcn:/dev/shm/glibc-2.11.2-build/nss:/dev/shm/glibc-2.11.2-build/nis:/dev/shm/glibc-2.11.2-build/rt:/dev/shm/glibc-2.11.2-build/resolv:/dev/shm/glibc-2.11.2-build/crypt:/dev/shm/glibc-2.11.2-build/nptl /dev/shm/glibc-2.11.2-build/sunrpc/rpcgen -Y ../scripts -c rpcsvc/bootparam_prot.x -o /dev/shm/glibc-2.11.2-build/sunrpc/xbootparam_prot.T Inconsistency detected by ld.so: dynamic-link.h: 209: elf_get_dynamic_info: Assertion `info[15] == ((void *)0)' failed! make[2]: *** [/dev/shm/glibc-2.11.2-build/sunrpc/xnlm_prot.stmp] Error 127 make[2]: Leaving directory `/dev/shm/glibc-2.11.2/sunrpc' make[1]: *** [sunrpc/others] Error 2 make[1]: Leaving directory `/dev/shm/glibc-2.11.2' make: *** [all] Error 2 The error comes from the ld.so made by glibc: $ elf/ld.so Inconsistency detected by ld.so: dynamic-link.h: 209: elf_get_dynamic_info: Assertion `info[15] == ((void *)0)' failed! $ I got similar error with glibc-2.11.1 (only the line number of dynamic-link.h is different). Any ideas how I can fix this? gcc-4.4.4 and 4.5.0 were compiled with: binutils-2.20.1 gmp-5.0.1 mpc-0.8.2 mpfr-2.4.2

Read the article
smtp.gmail.com from bash gives "Error in certificate: Peer's certificate issuer is not recognized."

- by ndasusers

I needed my script to email admin if there is a problem, and the company only uses Gmail. Following a few posts instructions I was able to set up mailx using a .mailrc file. there was first the error of nss-config-dir I solved that by copying some .db files from a firefox directory. to ./certs and aiming to it in mailrc. A mail was sent. However, the error above came up. By some miracle, there was a Google certificate in the .db. It showed up with this command: ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI GeoTrust SSL CA ,, VeriSign Class 3 Secure Server CA - G3 ,, Microsoft Internet Authority ,, VeriSign Class 3 Extended Validation SSL CA ,, Akamai Subordinate CA 3 ,, MSIT Machine Auth CA 2 ,, Google Internet Authority ,, Most likely, it can be ignored, because the mail worked anyway. Finally, after pulling some hair and many googles, I found out how to rid myself of the annoyance. First, export the existing certificate to a ASSCII file: ~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc Now re-import that file, and mark it as a trusted for SSL certificates, ala: ~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc After this, listing shows it trusted: ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ... Google Internet Authority C,, And mailx sends out with no hitch. ~]$ /bin/mailx -A gmail -s "Whadda ya no" [email protected] ho ho ho EOT ~]$ I hope it is helpful to someone looking to be done with the error. Also, I am curious about somethings. How could I get this certificate, if it were not in the mozilla database by chance? Is there for instance, something like this? ~]$ certutil -A -t "C,," \ -n 'gmail.com' \ -d certs \ -i 'http://google.com/cert/this...'

Read the article
Stange stream of HTTP GET requests in apache logs, from amazon ec2 instances

- by Alexandre Boeglin

I just had a look at my apache logs, and I see a lot of very similar requests: GET / HTTP/1.1 User-Agent: curl/7.24.0 (i386-redhat-linux-gnu) libcurl/7.24.0 \ NSS/3.13.5.0 zlib/1.2.5 libidn/1.18 libssh2/1.2.2 Host: [my_domain].org Accept: */* there's a steady stream of those, about 2 or 3 per minute; they all request the same domain and resource (there are slight variations in user agent version numbers); they come form a lot of different IPv4 and IPv6 addresses, in blocs that belong to amazon ec2 (in Singapore, Japan, Ireland and the USA). I tried to look for an explanation online, or even just similar stories, but couldn't find any. Has anyone got a clue as to what this is? It doesn't look malicious per say, but it's just annoying me, and I couldn't find any more information about it. I first suspected it could be a bot checking if my server is still up, but: I don't remember subscribing to such a service; why would it need to check my site twice every minute; why doesn't it use a clearly identifying fqdn. Or, should I send this question to amazon, via their abuse contact? Thanks!

Read the article
Custom authentication method for GDM

- by FMC

I am trying to find a way of authenticating users on public computers through GDM, but I have a few things to be taken in account. The users do not have a login/password, they only thing they are given is a string. This string is unique and will allow us to identify them. You can see this string as a login without a password. The users must be present in a remote database The users must have the rights to login on the computer they are on at that time. A remote database would check if a booking on the computer had been set for that time by that user. Or if no booking had been made, allow to login. A default user id/home/gid has to be set to the user once logged in I have found ways to deal with most of those requirements, but not altogether. PAM looks nice to set up a custom way of checking if the user booked its computer. NSS MySQL looks nice to set up the environment. Would you know how to set up the environment by myself using a custom PAM module (using pam_python would be preferred)? Or any other method that could help me? Thanks in advance!

Read the article
RPM issues after signing JDK 1.6 64-bit

- by organicveggie

I'm trying to sign the Java JDK 1.6u21 64-bit RPM on CentOS 5.5 for use with Spacewalk and I'm running into problems. It seems to sign okay, but then when I check the signature it seems to be missing the key I just used to sign it. Yet RPM shows the key in it's list... # rpm --addsign jdk-6u21-linux-amd64.rpm Enter pass phrase: Pass phrase is good. jdk-6u21-linux-amd64.rpm: gpg: WARNING: standard input reopened gpg: WARNING: standard input reopened # rpm --checksig -v jdk-6u21-linux-amd64.rpm jdk-6u21-linux-amd64.rpm: Header V3 DSA signature: NOKEY, key ID ecfd98a5 MD5 digest: OK (650e0961e20d4a44169b68e8f4a1691b) V3 DSA signature: OK, key ID ecfd98a5 Yet I have the key imported (edited for privacy): # rpm -qa gpg-pubkey* |grep ecfd98a5 gpg-pubkey-ecfd98a5-4caa4a4c # rpm -qi gpg-pubkey-ecfd98a5-4caa4a4c Name : gpg-pubkey Relocations: (not relocatable) Version : ecfd98a5 Vendor: (none) Release : 4caa4a4c Build Date: Mon 04 Oct 2010 10:20:49 PM CDT Install Date: Mon 04 Oct 2010 10:20:49 PM CDT Build Host: localhost Group : Public Keys Source RPM: (none) Size : 0 License: pubkey Signature : (none) Summary : gpg(FirstName LastName <[email protected]>) Description : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: rpm-4.4.2.3 (NSS-3) ...key goes here... =gKjN-----END PGP PUBLIC KEY BLOCK----- And I'm definitely running a 64-bit version of CentOS: # uname -a Linux spacewalk.mycompany.corp 2.6.18-194.11.4.el5 #1 SMP Tue Sep 21 05:04:09 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux Without a valid signature, Spacewalk refuses to install the RPM unless I completely disable signature checking. I have tried this with two different keys and two different users on the same machine without any success. Any bright ideas?

Read the article
Samba4/Ubuntu Shares Incorrectly Available to All Users

- by Dan

I've got my Ubuntu server working with Samba4 and got it set up as the Primary domain controller on my network with AD and all that goodness. However, I'm trying to get my Samba configuration to work with the users and groups I've defined with the Active Directory tools from Windows. For instance, I've got a share X which I want users A and B (as part of the 'management' group, known as LLGrpManager in my setup) to see, but no body else. However, after making changes to the configuration, restarting Samba, I test by connecting to the share with my Mac over Samba as user 'C' which isn't part of the management group, and I can, incorrectly, see the X share. I've tried alsorts of combinations of specifying the group with no luck at all. I've got a feeling that my global config might be too lenient or something to do with file permissions but being a bit green, I'm without clue. My /etc/samba/smb.conf # Global parameters [global] server role = domain controller server string = Office Server workgroup = LLDOMAIN realm = lldomain.local netbios name = DUMBO passdb backend = samba4 logon path = \\%L\profiles\%U logon drive = L: log file = /var/log/samba/%m.log max log size = 50 security = ads domain logons = yes domain master = auto usershare allow guests = no valid users = %S [netlogon] path = /var/lib/samba/sysvol/lldomain.local/scripts read only = no guest ok = no [sysvol] path = /var/lib/samba/sysvol read only = No guest ok = no valid users = @LLDOMAIN\LLGrpManager [ShareX] path = /data comment = Entire Data Volume guest ok = no comment = Entire Data Volume guest ok = no valid users = @LLDOMAIN\LLGrpManager admin users = @LLDOMAIN\LLGrpManager browsable = no inherit acls = yes inherit permissions = yes ... My /etc/nsswitch.conf I've also instructed the system to use the nss winbind library when searching for users or groups by adding the stanza passwd and group in /etc/nsswitch.conf: passwd: compat winbind group: compat winbind shadow: compat Permissions on the folder in question drwxrwxrwt 8 root root 4.0K Oct 28 19:11 data

Read the article
LDAP groups not applying to filesystem permissions

- by BeepDog

System is ArchLinux, and I'm using nss-pam-ldapd (0.8.13-4) to connect myself to ldap. I've got my users and some groups in LDAP: [root@kain tmp]# getent group <localgroups snipped> dkowis:*:10000: mp3s:*:15000:rkowis,dkowis music:*:15002:rkowis,dkowis video:*:15003:transmission,rkowis,dkowis,sickbeard software:*:15004:rkowis,dkowis pictures:*:15005:rkowis,dkowis budget:*:15006:rkowis,dkowis rkowis:*:10001: And I have some directories that are setgid video so that the video group stays, and they're configured g=rwx so that members of the video group can write to them: [root@kain video]# ls -ld /srv/video drwxrwxr-x 8 root video 208 Oct 19 20:49 /srv/video However, members of that group, say dkowis cannot write into that directory: [root@kain video]# groups dkowis mp3s music video software pictures dkowis Total number of groups that dkowis is in is like 7, I redacted a few here. [dkowis@kain wat]$ cd /srv/video [dkowis@kain video]$ touch something touch: cannot touch 'something': Permission denied [dkowis@kain video]$ groups dkowis mp3s music video software pictures I'm at a loss as to why my groups show up in getent groups, but my filesystem permissions are not being respected. I've tried making a new directory in /tmp and setting it's group permissions to rwx, and then trying to write a file in there, it doesn't work. The only time it does work is if I open it wide up allowing o=rwx. That's obviously not what I want, and I'm not able to figure out what my missing piece is. Thanks in advance.

Read the article

Search Results

Search found 59 results on 3 pages for 'nss'.

Page 2/3 | < Previous Page | 1 2 3 | Next Page >

- by Kerry

- by efesaid

- by tubaguy50035

- by user1075993

- by user24089

- by Ted Wexler

- by Channel72

- by squakie

- by ZokRadonh

- by TheLearner

- by Hengjie

- by andrew

- by jonaz

- by chrisv

- by neoice

- by alanc

- by user11165

- by netvope

- by ndasusers

- by Alexandre Boeglin

- by FMC

- by organicveggie

- by Dan

- by BeepDog

< Previous Page | 1 2 3 | Next Page >