Authenticating virtual web host with LDAP
by Joe Tseng
I suspect it's something simple but since I'm still somewhat new at this I can't figure it out myself...
I was using this to guide me to set up an virtual web host to authenticate against OpenLDAP:
http://wiki.amahi.org/index.php/LDAP#Control_a_web-application_access_usi...
(FYI I had already added a user to use SSH as an authorizedService using the previous section: http://wiki.amahi.org/index.php/LDAP#Allow_a_user_SSH_access)
I created the LDIF file:
==================================================
dn: uid=jtseng,ou=People,dc=at,dc=home
changetype: modify
add: authorizedService
authorizedService: sshd
==================================================
And when I tried to add the entry I got the following:
==================================================
# ldapadd -h localhost -D "cn=root,$SUFFIX" -w mypassword -x -f give_webapp_access.ldif
modifying entry "uid=jtseng,ou=People,dc=at,dc=home"
ldap_modify: Object class violation (65)
additional info: attribute 'authorizedService' not allowed
==================================================
Thanks for the help,
- Joe
If you type "Google" into Google, you can break the Internet. -- Jen Barber
13 years, 2 months
F14 New Installation: Unknown Monitor
by Burkhard Plache
Hello Fellow Users,
after installing F14, the monitor resolution defaults to 960x600,
whereas my BenQ FP 757 has 1280 x 1024. There must be some
interface (or driver?) problem, since Preferences->Monitor does not
allow me to change to the desired resolution. I did not find any hints
on how to proceed in the docs.fedoraproject.org F14 installation guide.
Any help to a linux learning user would be appreciated.
Burkhard
13 years, 2 months
OpenSSH could be faster...then why don't they path it??
by kellyremo
https://www.psc.edu/networking/projects/hpn-ssh/hpn-v-ssh-tput.jpg
"SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack."
My question is: So Why Does the original OpenSSH has "limited statically defined internal flow control buffers"?? It could be way faster, even 10x!!
With the HPN-SCP path it could be the descendant of FTP! Why aren't there any ""OpenSCP packages""? ('normal SCP+HPN-SCP path+no local user needed for SCP'ing+chroot by default')
Any opinions?
Thank you!
13 years, 2 months
Advanced format drives with block errors
by Terry Barnaby
Hi,
Just a bit of info. I have some Western Digital Caviar Green (Adv. Format),
WD20EARS drives. These have the "new" 4096 byte physical sector.
One of these drives had a faulty block which the drive had not been able
to automatically relocate.
I tried to force a relocation by overwriting the block with dd:
dd if=/dev/zero of=/dev/sdb count=8 seek=694341800
This failed with a write error and a kernel message:
sd 3:0:0:0: [sdb] Add. Sense: Unrecovered read error - auto reallocate failed
Eventually I tried:
dd if=/dev/zero of=/dev/sdb bs=4096 count=1 seek=86792725
This worked. It makes sense, I guess, as in the first dd it may have tried
to do a single 512 byte block write using a read/modify/write cycle which
would fail as the drive could not read the 4096 byte block in to modify
the 512 bytes contained within.
I wonder what would happen if a program creates a file that ends up spanning
a duff block on one of these drives ? With a 512byte sector drive, the drive
would automatically relocate the sector and no one would notice. What would
happen with a 4096 byte sector drive ?
Will the kernel output 4096byte blocks or multiple 512byte blocks during the
write ? If the latter, and I guess it depends on the program, then the file
write will fail and manual block repair would be needed. This would not
be good ...
Perhaps one thing to watch out when using these 4096 byte sector drives.
13 years, 2 months
Upgrade FC11->14
by Bill Davidsen
I have a laptop running fc11, with the non-boot partition encrypted LUKS. Based
on one bad experience with another system, and one fail with a VM, just booting
the DVD and asking it to upgrade is not the way to a working system. While I can
certainly backup /home and reinstall, there are a fair number of tweaks and I'd
rather not.
Any thoughts?
--
Bill Davidsen <davidsen(a)tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
13 years, 2 months
Security - Run apps with other users
by kellyremo
OS: Fedora 14 i386
It's used as a ""normal desktop laptop"".
"USER A" - it's the mainly used user, i log in with GDM with it, etc.
Goal: I need a little more security - separate a few apps!
How: run 3 applications ( Transmission, Google Chrome, Wine ) with other users ( so not with "USER A" ). But when i'm logged in ( in GUI ) with "USER A", i need icons on he's the Desktop. E.g.: just one click ( without asking for password!! ) and Google Chrome starts with another user.
How exactly can i do this? - How can i "grant" "USER A" with permissions ( securely ) so that it doesn't needs a password, when running applications with "USER B", "USER C", etc.?
Are there any howtos/docs/links?
Thank you in advance.
13 years, 2 months
still suffering from ENE0100 bug
by antonio montagnani
After installation of kernel 2.6.35.10-74, my laptop sometimes doesn't
complete boot complaining with this message:
Starting udev: udevd-work[495] `/sbin/modprobe -bv acpi: ENE0100:`
unexpected
exit with statua 0x0009 [OK]
this bug has been reported as closed (see #664145)
_________________________________________________________
I can boot again only if I switch to an old kernel, it does not help to
restart the machine.
What is the ENE0100 used for?
Can I permanently disable it adding blacklist en_ir to /etc/blacklist??
I don't have any related option in my BIoS
--
Antonio
--------------------------------------------
Prima di stampare pensa all'ambiente
Think about environment before printing
Skype: amontag52
Linux Fedora 14 Laughlin on Casa
Linux user number 362582
http://www.campingmonterosa.com
http://www.studiodacolpaloschi.it
-------------------------------------------
13 years, 2 months
if the file changes send email about diff
by kellyremo
I have 2 script. Script "A", Script "B".
Script "A" is regulary watching the "dhcpacks" [dhcp release is configured to 2mins] in the logs, for the past 2 minutes. it writes the MAC addresses to a file [/dev/shm/dhcpacks-in-last-2min.txt] every 2 minutes. Ok, this is working, active clients are in this file. Super!
Script "B": http://pastebin.com/raw.php?i=wvhwhPWu
I'm trying to create a script, that watches the changes in "/dev/shm/dhcpacks-in-last-2min.txt" file [in every 1 sec]. Ok. But: my "watcher" script [the pastebined] is not working fine...sometime it works, sometime it send that someone "XY logged out", but it's not true! nothing happened, and the problem is not in the Script "A".
Can someone help me point out, what am i missing? How can i watch a file [in every sec], that contains only MAC addresses, and if someone doesn't get dhcpack in 2 minutes, the file "/dev/shm/dhcpacks-in-last-2min.txt" changes, and that clients MAC address will be gone from it, and i need to know, who was it [pastebined my script..but somethings wrong with it].
Thank you for any help..i've been pathing my script for days now.. :\
13 years, 2 months
Fedora metalink files
by Andre Robatino
One of the selling points of using metalink files is that they can contain block
checksums which allows repairing corrupted downloads (by re-downloading the bad
blocks). If I understand the metalink man page, the only way to do this is to
add the "sha1pieces" -d option. Fedora metalinks are of the form
http://mirrors.fedoraproject.org/metalink?path=pub/fedora/linux/releases/...
and appear to only contain a single sha256, like the regular checksum files.
This means that it would only be possible to detect a bad download, but not
repair it. Another tool such as rsync or BitTorrent would be needed for this. Is
this intentional? Note that it's possible to include more than one digest, for
example "-d sha256 -d sha1pieces" (in case sha1 being weaker is a problem), but
I don't know if it always checks all digest types or just one of them.
13 years, 2 months
