[CentOS] OT: need advice on drive controller
I am thinking of getting an Areca ARC-1222 connected to 6 sata drives in raid 10. http://www.areca.com.tw/products/pcietosas01.htm I have read good things about the ARC-1220 (iop333) sata only. The ARC-1222 (iop348) is the newer generation (sata or sas). Does anyone have advice/experience on this drive controller? -- Robert Arkiletian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which programming language for server-side admin tasks
Rudi Ahlers wrote on Mon, 15 Jun 2009 18:31:40 +0200: > What I meant was, PHP talks to PHP script engine, which talks to Apache, > which then talks to system commands. - is there a quicker way of doing it? Just forget that it is slow, it isn't. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Welcome to the "CentOS" mailing list
Sagar Koirala wrote on Tue, 16 Jun 2009 12:52:39 +1000: > My apologies for posting an already solved problem Well, next time, pelase choose a better subject and make it a *new* mail ;-) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nvidia dual monitor setup centos howto
On Mon, Jun 15, 2009 at 8:38 PM, Sorin Srbu wrote: > >>Which versions of RH or FC correspond reasonably well to >>my version of centos? >>uname -a >>Linux 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 >>x86_64 x86_64 GNU/Linux > > > I use CentOS 5.3 i386/x86_64 flavours A typo erased part of the question (and more googling erased some of the need for it). I was originally asking what howtos to look at, since I couldn't find centos howtos. then I found wiki.centos.org. Is it really of no interest to anyone else which rev of RH corresponds to which rev of fedora and centos? > If I were you I'd look more into dkms and the dkms-nvidia-packages. Those > are more current, than the driver package in nvidia-x11*. Useful suggestion. The wiki page I was looking at made no helpful distinction between them, so I picked the one that sounded simpler. > Or if all else fails, why not get the proprietary Nvidia drivers? Well, all else did not fail. And they want me to run a script that does I don't know what, outside the record-keeping that goes with yum/rpm. Also, nvidia's web page made it sound like I was in for an editing session on xorg.conf, which is beyond me. Maybe I misunderstood. Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nvidia dual monitor setup centos howto
>-Original Message- >From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf >Of Dave >Sent: Tuesday, June 16, 2009 10:43 AM >To: CentOS mailing list >Subject: Re: [CentOS] nvidia dual monitor setup centos howto > >>>Which versions of RH or FC correspond reasonably well to >>>my version of centos? >>>uname -a >>>Linux 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 >>>x86_64 x86_64 GNU/Linux >> >> >> I use CentOS 5.3 i386/x86_64 flavours > >A typo erased part of the question (and more googling erased some of >the need for it). I was originally asking what howtos to look at, >since I couldn't find centos howtos. then I found wiki.centos.org. > >Is it really of no interest to anyone else which rev of RH corresponds >to which rev of fedora and centos? RHEL corresponds pretty well with CentOS, ie RHEL 5.3 is CentOS 5.3 basically. Who cares about Fedora anymore when there's CentOS? ;-) >> Or if all else fails, why not get the proprietary Nvidia drivers? > >Well, all else did not fail. And they want me to run a script that >does I don't know what, outside the record-keeping that goes with >yum/rpm. Also, nvidia's web page made it sound like I was in for an >editing session on xorg.conf, which is beyond me. Maybe I >misunderstood. The script with the proprietary Nvidia driver package is rock-solid AFAICT, never had any problem with it. We used that on this department until I heard about dkms and the dkms-Nvidia-package. No more need, ever, to rerun the driver install, as is usually the case with the proprietary driver and a kernel update. Dkms does all that for you. -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS security advisories
Joshua Bahnsen wrote: > I have been looking at the security advisories provided here: > > http://lists.centos.org/pipermail/centos-announce/ > > It appears that there is not a 1:1 correlation between advisories > listed here and advisories listed by Red Hat: > > https://rhn.redhat.com/errata > > Is there a specific reason for this? Can you expand on that? CentOS does not announce RHBAs (Bugfix updates) for at least CentOS 4. Ralph pgpAwgjtMRVai.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.3 update do RHEL 5.3
Just Like Paul Said, Try it and make it work...I did it too and it worked. CentOS tend to have newer packgakes that RHEL but with constant updates you end up with a full Fledge RHEL 5 system (Server/Workstation). On Tue, Jun 16, 2009 at 6:32 AM, Michael A. Peters wrote: > Filipe Brandenburger wrote: > > > > > If you really need Red Hat, you should do a clean install. Period. > > ++ > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
> > Same here - which is why I raised the question. Although I probably > could get permission to join the domain I want to be able to add users > on the Linux side that don't exist in AD. Pam_smb works but I think > something that used LDAP would be better if the ldap server could have > local entries and proxy for the AD. > The strategy I took was far from best practices in my opinion but was really the best solution for us at the time we needed it (including AD licensing costs and several disparate facilities across the country). I have all of my servers use the pam_ldap module in addition to setting my nsswitch.conf to use ldap. Accounts in my openldap server which also exist in AD and which I would like to authenticate against use a local saslauthd daemon to support kerberos5 to our AD infrastructure. Accounts which do not exist in AD and I don't want them to are added to openldap as well but because of the value of the userPassword attribute they use local authentication instead of passing the request to saslauthd. Basically, I only use AD for authentication (SSO) when needed (typically for humans) and openldap for universal daemon accounts or other ancillary type accounts (plus rfc2307 type NIS data). Modifying the AD schema to support rfc2307 was not an option at the time either. This is far from elegant because many ldap attributes must be duplicated and made consistent in both AD and openldap but it has worked out quite well for us. The more sophisticated overlays weren't available to us when we rolled this out and I wasn't really familiar with any solid and free meta directory servers. I wonder if I could have done something with referrals for the ldap attributes that are duplicated... or does anyone recommend a solid and free meta directory server? Hope this helps someone. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT - Tomcat CLASSPATH issue
if this is ignored then fair enough as its not really the place for it but if anyone has seen this it would be good to know tomcat is 6.0.18 CLASSPATH is set in /etc/sysconfig/ and this IS getting used as _some_ configuration items are being picked up from /etc/ but the issue is when default setting from within the webapp are not being overwritten by settings in /etc/ ie if they are in /etc/ and /var/lib//webapps/ROOT/WEB-INF/classes/foo then the webapps location wins. If i echo the CLASSPATH during app start then /etc/ comes first so i dont see why the values in here are not taking precedence any thoughts? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Tomcat CLASSPATH issue
Hi, On Tue, Jun 16, 2009 at 09:35, Tom Brown wrote: > tomcat is 6.0.18 > > if they are in > /etc/ and /var/lib//webapps/ROOT/WEB-INF/classes/foo > then the webapps location wins. > > any thoughts? Does this answer your question? http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Tomcat CLASSPATH issue
> Does this answer your question? > http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html > > not really no .. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nvidia dual monitor setup centos howto
Sorin Srbu wrote: >> yum install nvidia-x11-drv.x86_64 >> > If I were you I'd look more into dkms and the dkms-nvidia-packages. Those > are more current, than the driver package in nvidia-x11*. > > Or if all else fails, why not get the proprietary Nvidia drivers? just to clear things up: the nvidia drivers available in rpmforge *are* the proprietary nvidia drivers. They're just conveniently packaged in an rpm, and use dkms for auto-rebuilding. And they don't upgrade to the latest version every time nvidia releases one, which can be good or bad depending on your needs. This is true both for nvidia-x11-drv and dkms-nvidia-x11-drv: the latter is simply a newer version with a name change, and it's the one you should use (but anyways if you installed the older package yum upgrade should offer to upgrade to dkms-*). Regards, Nicolas ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 52, Issue 8
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2009:1100 Moderate CentOS 3 i386 wireshark - security update (Tru Huynh) 2. CESA-2009:1100 Moderate CentOS 3 x86_64 wireshark - security update (Tru Huynh) 3. CESA-2009:1101 Moderate CentOS 3 i386 cscope -security update (Tru Huynh) 4. CESA-2009:1101 Moderate CentOS 3 x86_64 cscope - security update (Tru Huynh) -- Message: 1 Date: Tue, 16 Jun 2009 10:38:13 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2009:1100 Moderate CentOS 3 i386 wireshark - security update To: centos-annou...@centos.org Message-ID: <20090616083813.ga10...@sillage.bis.pasteur.fr> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2009:1100 wireshark security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2009-1100.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/wireshark-1.0.8-EL3.1.i386.rpm updates/i386/RPMS/wireshark-gnome-1.0.8-EL3.1.i386.rpm source: updates/SRPMS/wireshark-1.0.8-EL3.1.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update wireshark Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090616/e16a6ec9/attachment-0001.bin -- Message: 2 Date: Tue, 16 Jun 2009 10:38:47 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2009:1100 Moderate CentOS 3 x86_64 wireshark - security update To: centos-annou...@centos.org Message-ID: <20090616083847.gb10...@sillage.bis.pasteur.fr> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2009:1100 wireshark security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2009-1100.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/wireshark-1.0.8-EL3.1.x86_64.rpm updates/x86_64/RPMS/wireshark-gnome-1.0.8-EL3.1.x86_64.rpm source: updates/SRPMS/wireshark-1.0.8-EL3.1.src.rpm You may update your CentOS-3 x86_64 installations by running the command: yum update wireshark Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090616/5e6d8fcc/attachment-0001.bin -- Message: 3 Date: Tue, 16 Jun 2009 10:39:12 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2009:1101 Moderate CentOS 3 i386 cscope -security update To: centos-annou...@centos.org Message-ID: <20090616083912.gc10...@sillage.bis.pasteur.fr> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2009:1101 cscope security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2009-1101.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/cscope-15.5-16.RHEL3.i386.rpm source: updates/SRPMS/cscope-15.5-16.RHEL3.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update cscope Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090616/26ff1c47/attachment-0001.bin -- Message: 4 Date: Tue, 16 Jun 2009 10:39:44 +0200 From: Tru Huynh Subject: [CentOS-announce] CESA-2009:1101 Moderate CentOS 3 x86_64 cscope -security update To: centos-annou...@centos.org Message-ID: <20090616083944.gd1
Re: [CentOS] authentication loosely tied to active directory?
On Mon, 2009-06-15 at 22:30 -0500, Paul Johnson wrote: > On Fri, Jun 5, 2009 at 5:29 PM, Ross Walker wrote: > > On Jun 5, 2009, at 1:00 PM, Les Mikesell wrote: > > > >> What's the best authentication scheme when you are dealing with an > >> active directory that someone else controls? I've been using pam > >> configured for smb and local passwords where a local account is needed > >> for real logins (but either the domain or local password will work) > >> and > >> web services don't require a local account. That's most of the > >> functionality I want and it doesn't take pre-arrangement with the AD > >> administrator, but I have to glue mod_auth_pam into httpd and I'm not > >> sure how to duplicate it for java web services. If this is java web services your having the problem with you can also use kerberos with SOAP/XML/RPC. But the catch is only 128Bit Encryption. Another option maybe LDAP under Apache. john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
JohnS wrote: > On Mon, 2009-06-15 at 22:30 -0500, Paul Johnson wrote: >> On Fri, Jun 5, 2009 at 5:29 PM, Ross Walker wrote: >>> On Jun 5, 2009, at 1:00 PM, Les Mikesell wrote: >>> What's the best authentication scheme when you are dealing with an active directory that someone else controls? I've been using pam configured for smb and local passwords where a local account is needed for real logins (but either the domain or local password will work) and web services don't require a local account. That's most of the functionality I want and it doesn't take pre-arrangement with the AD administrator, but I have to glue mod_auth_pam into httpd and I'm not sure how to duplicate it for java web services. > > If this is java web services your having the problem with you can also > use kerberos with SOAP/XML/RPC. But the catch is only 128Bit Encryption. Don't forget that I want it to honor system accounts too - or at least some that aren't in AD. > Another option maybe LDAP under Apache. What I'm looking for is a network service that will work across apache and java web services (without requiring a login account) that transparently merges AD accounts with others that I can control separately, and also to be able to use those same logins and passwords for linux system logins where accounts are specifically created. That is, all AD & linux accounts should work for web services and Linux account logins should be able to use AD passwords where they exist. I'd think this would be a fairly common situation where the bulk of company operations are on desktops controlled by AD but there are some developers using Linux and some infrastructure resources using it (subversion, wikis and other web services, etc.) and some users that don't map to employees. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which programming language for server-side admin tasks
On Mon, 2009-06-15 at 18:23 +0200, Rudi Ahlers wrote:
>
>
> On Sun, Jun 14, 2009 at 9:55 PM, JohnS wrote:
>
> On Sun, 2009-06-14 at 20:54 +0200, Rudi Ahlers wrote:
> >
> >
>
> >
> > Hi Les, while I understand where you're coming from, I don't
> quite
> > agree with you. A programming language doesn't make security
> mistakes,
> > the coder does :) What I'm looking for, is which
> programming language
> > will be best, i.e. fastest. My OS of choice would be CentOS,
> but even
> > then that won't make a difference either.
> >
> > I can do most of this in PHP, but I do think PHP is a bit
> slow for
> > this, being a scripting language, and not a compiled
> language.
>
>
> How now, do you figure PHP is all that slow? Since you have a
> background
> in PHP why not use it? Maybe your not skinning the cat right?
> PHP is already
> used in admin apps and it works. Create a Three Tier Web
> Application to run
> on the one admin server. Calls can be made via rpc or xml web
> services to
> the clients. May take a while to think it out in your brain
> but it will work.
> I do it with .Net.
>
>
> ___
>
>
> Hi John,
>
> Well, it's my understanding that compiled languages perform much
> better than scripting languages for this kind of operating, due to the
> fact that the script runs on top of the scripting engine, which in
> turn runs on top of the web server.
>
> I know a lot of control panels run either PERL, C{+/++/#}, Python.
---
Don't base your decision on speed on alone. Speed is not not everything
in life. Who cares about speed? I don't. I use slow .Net to make DCOM
and SOAP calls to do different server functions to Powershell.
Some of the biggest sites on the net run .Net and PHP and have an uptime
of infinite 9. PHP-Facebook --- Myspace-.Net. All calls for myspace are
made to .cfm? -> .Net backend. That said I believe you could do it in
PHP.
John
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trouble (?) reformatting flash drive to include former U3 partition
Robert wrote: > > Robert Nichols wrote: >> Robert wrote: >>> Robert Nichols wrote: The first thing I do with every USB flash drive I buy is figure out a geometry that uses all of the sectors reported by fdisk (I have a shell script that does that in a pretty much brute force way.) and then repartition and re-format the drive using that geometry. I've never experienced any problem with that. >>> That's interesting. Would you consider sharing your script? >> Sure. I'll try it as a small attachment here. It that doesn't >> work, and I suspect it won't, I'll have to find some spot where >> I can upload it. I don't have anything like that set up just now. > > I'll try it later but I can see none of the usual damage (truncated > and/or wrapped lines or dropped spl chars). > Thanks! It's OK. When I save the received attachment and diff it against the original, it's an exact match -- not even any whitespace changes. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trouble (?) reformatting flash drive to include former U3 partition
MHR wrote: > On Mon, Jun 15, 2009 at 8:14 AM, Robert > Nichols wrote: >> Sure. I'll try it as a small attachment here. It that doesn't >> work, and I suspect it won't, I'll have to find some spot where >> I can upload it. I don't have anything like that set up just now. >> > > Got it - thanks. > > One thing I noticed when I formatted the drive with the 31/31/99212 > format was that it was REALLY REALLY SLOW! > > I don't really know enough about the driver for USB flash drives, but > I would bet it has something to do with the high cylinder count, and I > noticed the Sandisk's format, though short by 77+MB seems to be > optimized for real disk drive timings - maximum sectors per track, > maximum heads per cylinder, minimum cylinders. In a real disk drive, > this is wise because the inter-cylinder seek time is the longest > (switching sectors is usually trivial, and switching heads is not much > more). > > If that's true, the the "most" optimum format for this drive would be > 124/31/24803. Of course, that "loses" 124 sectors for the MBR, but > that a whale of a lot less than 77MB. > > I could be totally wrong about this - haven't tested it yet. > > One last question, which I believe I did ask originally but didn't see > any answer - anyone know why the Kingston is larger than the Sandisk > (probably just designed that way - bravo, Kingston!)? Heck, I've seen slightly different sizes among samples of the same model of the same brand purchased at the same time. It really surprises me that CHS geometry changes would have any effect on the speed of the devices. All accesses are being done with LBA. Nothing is using CHS addressing, which wouldn't be able to go beyond cylinder 1023. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Slow CentOS VM when running off the network
I have a CentOS 5.3 VM running under VMware on a WIndows XP laptop. Everything works fine when connected to the network. However, removed from the network, most everything in the CentOS VM takes minutes to complete. For instance, starting a new Terminal window takes over 3 minutes. I did an strace, and there are a couple of long waits when trying to open a socket (/tmp/.ICE-unix/X for instance). The host and the VM can ping each other fine, but any access to the VM (either external or from within) eventually succeeds, but it takes a long time. First, I thought I'd reduce the default socket timeout (which I believe is set to around 90 seconds), but I can't find where to do that on a system wide level. But I really need to figure out what is causing the problem in the first place. I'm assuming the network is somehow misconfigured, but I don't know how. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
Alfred von Campe wrote: > I have a CentOS 5.3 VM running under VMware on a WIndows XP laptop. > Everything works fine when connected to the network. However, > removed from the network, most everything in the CentOS VM takes > minutes to complete. For instance, starting a new Terminal window > takes over 3 minutes. I did an strace, and there are a couple of > long waits when trying to open a socket (/tmp/.ICE-unix/X for > instance). > > The host and the VM can ping each other fine, but any access to the > VM (either external or from within) eventually succeeds, but it takes > a long time. First, I thought I'd reduce the default socket timeout > (which I believe is set to around 90 seconds), but I can't find where > to do that on a system wide level. But I really need to figure out > what is causing the problem in the first place. I'm assuming the > network is somehow misconfigured, but I don't know how. You could do "service network stop" on the CentOS VM when not on the network, or if you need networking between the VM and the hosts, configure for hostonly networking. Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
On Tue, 2009-06-16 at 11:43 -0500, Les Mikesell wrote: > JohnS wrote: > What I'm looking for is a network service that will work across apache > and java web services (without requiring a login account) that > transparently merges AD accounts with others that I can control > separately, and also to be able to use those same logins and passwords > for linux system logins where accounts are specifically created. That > is, all AD & linux accounts should work for web services and Linux > account logins should be able to use AD passwords where they exist. > > I'd think this would be a fairly common situation where the bulk of > company operations are on desktops controlled by AD but there are some > developers using Linux and some infrastructure resources using it > (subversion, wikis and other web services, etc.) and some users that > don't map to employees. > --- Web Services via SOAP can be your "Middle Ware" (man in the middle) to authentication here. Your AD admin is going to have to help out in some way for this to happen. No way around it I see. Anonymous accounts can be mapped to the the appropiate AD account (IWAM_User - depends on service app). Firefox can use the LDAP Plugin, Apache auth can be mapped to LDAP on AD. Once an AD account is locked out he will know anyway. Maybe check out MS Web Services Interface and WSDL for AD. It is just something to really sit down and think about authentication between mixed node systems. Can it be done? Yes. One other solution here Enterprise wide would be Citrix. john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS security advisories
That's really my question. Is there any particular reason why not all Red Hat advisories (RHEA, RHBA and RHSA) have a CentOS counterpart? Is this due to time constraints, demand, or some other legal reason? Joshua Bahnsen, Software Developer O : 480.663.8787 | joshua.bahn...@lumension.com Lumension | 15880 N. Greenway-Hayden Loop Suite 100 | Scottsdale, AZ 85260 -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Ralph Angenendt Sent: Tuesday, June 16, 2009 2:28 AM To: centos@centos.org Subject: Re: [CentOS] CentOS security advisories Joshua Bahnsen wrote: > I have been looking at the security advisories provided here: > > http://lists.centos.org/pipermail/centos-announce/ > > It appears that there is not a 1:1 correlation between advisories > listed here and advisories listed by Red Hat: > > https://rhn.redhat.com/errata > > Is there a specific reason for this? Can you expand on that? CentOS does not announce RHBAs (Bugfix updates) for at least CentOS 4. Ralph ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Jun 16, 2009, at 14:01, Phil Schaffner wrote: > You could do "service network stop" on the CentOS VM when not on the > network, or if you need networking between the VM and the hosts, > configure for hostonly networking. I guess I should have mentioned that my user wants to access the files in the CentOS VM from a Samba share on the PC, so turning off the network is not really an option. I will ask him to try it to see if that resolves the issue. But ideally, we want to get this to work with the network running. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Tue, 2009-06-16 at 13:50 -0400, Alfred von Campe wrote: > I have a CentOS 5.3 VM running under VMware on a WIndows XP laptop. > Everything works fine when connected to the network. However, > removed from the network, most everything in the CentOS VM takes > minutes to complete. For instance, starting a new Terminal window > takes over 3 minutes. I did an strace, and there are a couple of > long waits when trying to open a socket (/tmp/.ICE-unix/X for > instance). --- cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. ::1 localhost.localdomain localhost john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
Alfred von Campe wrote: ... > I guess I should have mentioned that my user wants to access the > files in the CentOS VM from a Samba share on the PC, so turning off > the network is not really an option. I will ask him to try it to see > if that resolves the issue. But ideally, we want to get this to work > with the network running. Hostonly networking should work for access to local files. Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Tomcat CLASSPATH issue
At 09:58 AM 6/16/2009, you wrote: > > Does this answer your question? > > http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html > > > > > >not really no .. From the same version of Apache-Tomcat (6.0.18) web.xml config file: You are setting CLASSPATH as an OS environment variable. Tomcat wants/has it's own and you set it within the engine, or let the engine take care of it for you. Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
Are you running VMWare Workstation or Server? I am running VMWare Workstation under MS Vista with a bunch of Centos guest VMs. I noticed that when my Vista host network connection changes state (becomes unavailable or becomes available for any reason) that the VMWare software switch has real trouble. I often lose my ability to DHCP, for example. Or perhaps DNS is impacted. It is my feeling that their networking code is just not very robust. Would using shared folders be a viable alternative? -geoff - Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] x86_64 CentOS 5.3 Users - Library Issue
Hello, I need to conduct a little research. Anyone who is running CentOS 5.3 x86_64 please run the following: # yum install libxml2-devel # nm /usr/lib64/libxml2.a | grep xmlXPathContextSetCache If my suspicions are correct, if you run cPanel/WHM you will not see any output and if without cPanel/WHM you'll see something similar to this: 23a0 T xmlXPathContextSetCache Thanks for your time and help. -- Best Regards, Justin Bull http://www.sohipitmhz.com/pubkey.txt (Public Key) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Tue, 2009-06-16 at 13:50 -0400, Alfred von Campe wrote: > For instance, starting a new Terminal window > takes over 3 minutes. --- Open a terminal window and type cat /etc/hosts and post it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Tue, Jun 16, 2009 at 1:50 PM, Alfred von Campe wrote: > I have a CentOS 5.3 VM running under VMware on a WIndows XP laptop. > Everything works fine when connected to the network. However, > removed from the network, most everything in the CentOS VM takes > minutes to complete. For instance, starting a new Terminal window > takes over 3 minutes. I did an strace, and there are a couple of > long waits when trying to open a socket (/tmp/.ICE-unix/X for > instance). > > The host and the VM can ping each other fine, but any access to the > VM (either external or from within) eventually succeeds, but it takes > a long time. First, I thought I'd reduce the default socket timeout > (which I believe is set to around 90 seconds), but I can't find where > to do that on a system wide level. But I really need to figure out > what is causing the problem in the first place. I'm assuming the > network is somehow misconfigured, but I don't know how. > > Alfred This is a classic sign of DNS query timeouts. When you are connected to the network the system is making DNS queries which respond quickly. When you are not connected, the host makes DNS queries and waits for a response. The timeout is a minute or so, so you will see a long delay in any program that tries to resolve DNS. Many programs use DNS even if it's not entirely obvious why. You didn't say which virtual network this machine is connected to, but you probably want to use the NAT network and allow the VM to receive the DNS server configuration via DHCP. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
Brian Mathis wrote: ... > You didn't say which virtual network this machine is connected to, but > you probably want to use the NAT network and allow the VM to receive > the DNS server configuration via DHCP. Can't say for sure without trying it, but it seems to me that getting a config via DHCP is not going to help with the network timeout problems under discussion if the DNS the config is pointing to goes away along with the host network connection. Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
Brian is correct... check the /etc/hosts if your hostname and hostname.hostdomain is registred here. Eg. if a MTA (sendmail) don´t resolv the hostname of the host is gerated a big delay. Put the hostname in loopbak interface (127.0.0.1)... And is not in VM, in physical host the same "problem" []s Renato de Oliveira Diogo Bacharel em Ciência da Computação UNESP - Bauru LPIC1 - Linux Professional Institute Certification - Nível 1 renato.di...@gmail.com renato.di...@yahoo.com.br On Tue, Jun 16, 2009 at 16:03, Brian Mathis wrote: > On Tue, Jun 16, 2009 at 1:50 PM, Alfred von Campe wrote: >> I have a CentOS 5.3 VM running under VMware on a WIndows XP laptop. >> Everything works fine when connected to the network. However, >> removed from the network, most everything in the CentOS VM takes >> minutes to complete. For instance, starting a new Terminal window >> takes over 3 minutes. I did an strace, and there are a couple of >> long waits when trying to open a socket (/tmp/.ICE-unix/X for >> instance). >> >> The host and the VM can ping each other fine, but any access to the >> VM (either external or from within) eventually succeeds, but it takes >> a long time. First, I thought I'd reduce the default socket timeout >> (which I believe is set to around 90 seconds), but I can't find where >> to do that on a system wide level. But I really need to figure out >> what is causing the problem in the first place. I'm assuming the >> network is somehow misconfigured, but I don't know how. >> >> Alfred > > This is a classic sign of DNS query timeouts. When you are connected > to the network the system is making DNS queries which respond quickly. > When you are not connected, the host makes DNS queries and waits for > a response. The timeout is a minute or so, so you will see a long > delay in any program that tries to resolve DNS. Many programs use DNS > even if it's not entirely obvious why. > > You didn't say which virtual network this machine is connected to, but > you probably want to use the NAT network and allow the VM to receive > the DNS server configuration via DHCP. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Jun 16, 2009, at 14:38, Geoff Galitz wrote: > Are you running VMWare Workstation or Server? VMware Workstation. > I am running VMWare > Workstation under MS Vista with a bunch of Centos guest VMs. I > noticed that > when my Vista host network connection changes state (becomes > unavailable or > becomes available for any reason) that the VMWare software switch > has real > trouble. I often lose my ability to DHCP, for example. Or perhaps > DNS is > impacted. It is my feeling that their networking code is just not very > robust. Hmm, interesting points. I'll have to check his settings. Unfortunately, I will be out of the office for the next 1.5 weeks so it may have to wait until I return. > Would using shared folders be a viable alternative? Shared folders without a network? How does one set that up? Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Jun 16, 2009, at 14:58, JohnS wrote: > Open a terminal window and type cat /etc/hosts and post it. # cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 139.68.198.200 fm1185.bose.com I disabled IPV6 and removed the ::1 line. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
The fm1185.bose.com is hostname of the host, correct? Try put: === 127.0.0.1 localhost.localdomain localhost fm1185.bose.com === []s Renato de Oliveira Diogo Bacharel em Ciência da Computação UNESP - Bauru LPIC1 - Linux Professional Institute Certification - Nível 1 renato.di...@gmail.com renato.di...@yahoo.com.br On Tue, Jun 16, 2009 at 16:23, Alfred von Campe wrote: > On Jun 16, 2009, at 14:58, JohnS wrote: > >> Open a terminal window and type cat /etc/hosts and post it. > > # cat /etc/hosts > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 localhost.localdomain localhost > 139.68.198.200 fm1185.bose.com > > I disabled IPV6 and removed the ::1 line. > > Alfred > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Jun 16, 2009, at 15:03, Brian Mathis wrote:
> This is a classic sign of DNS query timeouts. When you are connected
> to the network the system is making DNS queries which respond quickly.
> When you are not connected, the host makes DNS queries and waits for
> a response. The timeout is a minute or so, so you will see a long
> delay in any program that tries to resolve DNS. Many programs use DNS
> even if it's not entirely obvious why.
That's what I thought at first too, but I've ruled that out. For
instance, here is some snippets from the strace output when trying to
open another Terminal window:
12:45:59 socket(PF_FILE, SOCK_STREAM, 0) = 10
...
12:45:59 connect(10, {sa_family=AF_FILE, path="/tmp/.ICE-unix/4046"},
21) = 0
12:45:59 fcntl64(10, F_SETFD, FD_CLOEXEC) = 0
12:45:59 write(10, "\0\1\0\0\0\0\0\0", 8) = 8
12:45:59 read(10, "\0\1\0\0\0\0\0\0", 8) = 8
12:46:43 access("/home/dv15727/.ICEauthority", R_OK) = 0
...
12:46:43 read(10, "\1\2\0\1\6\0\0\0", 8) = 8
12:48:03 read(10, "%\0\0\0001053b574c200012451708830"..., 48) = 48
As you can see, reading from a (local) socket is taking a long time.
DNS should not be involved.
> You didn't say which virtual network this machine is connected to, but
> you probably want to use the NAT network and allow the VM to receive
> the DNS server configuration via DHCP.
I'll have to check when I get back to the office in 1.5 weeks.
Alfred
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Jun 16, 2009, at 15:30, Renato de Oliveira Diogo wrote: > The fm1185.bose.com is hostname of the host, correct? > Try put: > === > 127.0.0.1 localhost.localdomain localhost fm1185.bose.com No, it's the name of the Windows XP machine where the VM is running. I always remove the hostname from the localhost line. Too many things break when the actual host name is present on the localhost line. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Tue, 2009-06-16 at 15:23 -0400, Alfred von Campe wrote: > On Jun 16, 2009, at 14:58, JohnS wrote: > > > Open a terminal window and type cat /etc/hosts and post it. > > # cat /etc/hosts > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 localhost.localdomain localhost > 139.68.198.200 fm1185.bose.com > > I disabled IPV6 and removed the ::1 line. > > Alfred --- ::1 line Put it back and have a go at it. john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
JohnS wrote: > >> What I'm looking for is a network service that will work across apache >> and java web services (without requiring a login account) that >> transparently merges AD accounts with others that I can control >> separately, and also to be able to use those same logins and passwords >> for linux system logins where accounts are specifically created. That >> is, all AD & linux accounts should work for web services and Linux >> account logins should be able to use AD passwords where they exist. >> >> I'd think this would be a fairly common situation where the bulk of >> company operations are on desktops controlled by AD but there are some >> developers using Linux and some infrastructure resources using it >> (subversion, wikis and other web services, etc.) and some users that >> don't map to employees. >> > --- > Web Services via SOAP can be your "Middle Ware" (man in the middle) to > authentication here. I thought that was what PAM was for. I just don't know how to glue it into someone else's java web app (like OpenNMS or Pentaho's server). > Your AD admin is going to have to help out in some > way for this to happen. No way around it I see. He doesn't now, using PAM with both smb and local password authentication. > Anonymous accounts can > be mapped to the the appropiate AD account (IWAM_User - depends on > service app). Firefox can use the LDAP Plugin, Apache auth can be mapped > to LDAP on AD. Once an AD account is locked out he will know anyway. I don't want anonymous accounts. I just want to be able to add some that are unrelated to AD, but I'd prefer to not have to add them to every machine. > Maybe check out MS Web Services Interface and WSDL for AD. It is just > something to really sit down and think about authentication between > mixed node systems. Can it be done? Yes. One other solution here > Enterprise wide would be Citrix. I think PAM with smb and ldap would sort-of work but it still doesn't seem like the right approach and so far it has been easier to manage a small number of exceptions on a small number of separate machines. I thought there were LDAP servers that could proxy for multiple other servers where some of those might be AD's. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Tue, 2009-06-16 at 15:33 -0400, Alfred von Campe wrote: > On Jun 16, 2009, at 15:30, Renato de Oliveira Diogo wrote: > > > The fm1185.bose.com is hostname of the host, correct? > > Try put: > > === > > 127.0.0.1 localhost.localdomain localhost fm1185.bose.com > > No, it's the name of the Windows XP machine where the VM is running. > I always remove the hostname from the localhost line. Too many > things break when the actual host name is present on the localhost line. > > Alfred ---Correct: ::1 localhost.localdomain localhost 192.168.0.37 x0 XP Machine Here 192.168.0.7 x1 linux vm The machine settings and name can also come from: /etc/sysconfig/networking/profiles/default. No one has mentioned that. Use "hostname "your_name" to set the hostname. john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow CentOS VM when running off the network
On Jun 16, 2009, at 15:36, JohnS wrote: > ::1 line > > Put it back and have a go at it. I took it out because it was slow. I'll put it back in, but don't think it will make a difference. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] x86_64 CentOS 5.3 Users - Library Issue
Justin Bull wrote: ... > 23a0 T xmlXPathContextSetCache Tried on 3 non-cPanel/WHM systems and got the above response on all. Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hostname changes
Tom Brown schrieb: >> >> How do I change the hostname? >> In particular, what is the difference between /etc/hosts and >> /etc/sysconfig/network files? Where should I make the changes? >> > > /etc/hosts has nothing to do with the hostname this is just a way to > resolve a name to an IP where DNS is not available or some other badness > is going on > Umm, no. There is a wierd dependency between /etc/hosts and the full qualified hostname: You can fill in /etc/sysconfig/network your hostname full qualified but 'hostname -f' still returns without domain. Not before you change your hosts file to: 127.0.0.1 host host.fqdn 'hostname -f' comes back wrong. I'm wondering why e.g. the domain in /etc/resolv.conf is ignored... Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
On Tue, 2009-06-16 at 14:40 -0500, Les Mikesell wrote: > JohnS wrote: > > > >> What I'm looking for is a network service that will work across apache > >> and java web services (without requiring a login account) that > >> transparently merges AD accounts with others that I can control > >> separately, and also to be able to use those same logins and passwords > >> for linux system logins where accounts are specifically created. That > >> is, all AD & linux accounts should work for web services and Linux > >> account logins should be able to use AD passwords where they exist. > >> > >> I'd think this would be a fairly common situation where the bulk of > >> company operations are on desktops controlled by AD but there are some > >> developers using Linux and some infrastructure resources using it > >> (subversion, wikis and other web services, etc.) and some users that > >> don't map to employees. > >> > > --- > > Web Services via SOAP can be your "Middle Ware" (man in the middle) to > > authentication here. > > I thought that was what PAM was for. I just don't know how to glue it > into someone else's java web app (like OpenNMS or Pentaho's server). True PAM can probally work for some. It seems opennms does not support PAM? Then my guess is that is where Apache Axis and SOAP or a SOAP Proxy come in. http://www.opennms.org/index.php/Active_Directory_Integration I know you can do that. Not sure on the local account side. Pentaho's looks to much like a Lockin App for anything. Not familiar with it either. > > Your AD admin is going to have to help out in some > > way for this to happen. No way around it I see. > > He doesn't now, using PAM with both smb and local password authentication. > If he does not know he needs his brain checked out. > I don't want anonymous accounts. I just want to be able to add some > that are unrelated to AD, but I'd prefer to not have to add them to > every machine. The bad part is adding them to every machine and I would be against that. > I think PAM with smb and ldap would sort-of work but it still doesn't > seem like the right approach and so far it has been easier to manage a > small number of exceptions on a small number of separate machines. I > thought there were LDAP servers that could proxy for multiple other > servers where some of those might be AD's. I guess the optimal thing to do is figure out every way all apps can authenticate and go from there. OR get a machine with hardware that can handle all the runnng apps and auth at the machine level. I'm just thinking in terms of a Blade Server. Just a side note I know you can proxy SOAP requests but not sure on ldap. john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Tomcat CLASSPATH issue
> From the same version of Apache-Tomcat (6.0.18) web.xml config file: > > > > > > > You are setting CLASSPATH as an OS environment variable. Tomcat > wants/has it's own and you set it within the engine, or let the > engine take care of it for you. > > > interesting thanks - will investigate that ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rsync, SSH and authorized_keys problem
Hi, I'm trying to backup from one machine to the other (automatically via cron) using rsync and ssh password-less public key authentication. I having been trying to set this up following an article in a Linux magazine[1] by only allowing the specific rsync command to run on the remote box. I am using the following rsync command: $ rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup stew...@name.of.remote.server:/backup This runs, connects using keys asking for no password and completes successfully until I add the above command to my authorized_keys file on the remote box: command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup stew...@name.of.remote.server:/backup" ssh-dss ... key ... The client then says it cannot find the key, so the connection fails. Is it because it's trying to find the private key in the ~/.ssh directory on the remote box? Is the article wrong? Or am I doing something wrong? Should I use the $SSH_ORIGINAL_COMMAND variable? Regards, Stewart Williams [1] http://www.linuxformat.com/pdfs/download.php?PDF=LXF105.tut_backup.pdf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
> command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup > stew...@name.of.remote.server:/backup" ssh-dss ... key ... which user is doing this as maybe the env of that user in cron is not the same as when logged in using a shell ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Stewart Williams wrote: > Hi, > > I'm trying to backup from one machine to the other (automatically via > cron) using rsync and ssh password-less public key authentication. > > I having been trying to set this up following an article in a Linux > magazine[1] by only allowing the specific rsync command to run on the > remote box. > > I am using the following rsync command: > > $ rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup > stew...@name.of.remote.server:/backup > > This runs, connects using keys asking for no password and completes > successfully until I add the above command to my authorized_keys file on > the remote box: > > command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup > stew...@name.of.remote.server:/backup" ssh-dss ... key ... I think your issue is the command your specifying is only what is run on the client end, not on the server end. the server runs rsync-server, e.g. from one of my rsync servers: logrsync 5244 0.0 0.0 2152 256 ?S14:03 0:00 rsync --server -vltpre.is --timeout=600 . /nfs/exnas/root/pixelserverlogs/transferlogs/pd3-bgas09// the command I executed on the client is much, much bigger. rsync -rlptve /usr/bin/hpnssh -v -o TcpRcvBufPoll=yes -o NoneEnabled=yes -o NoneSwitch=yes --timeout=600 --files-from=/home /logrsync/jobs/rsync_list_00 --log-format="[%p] %t %o %f (%l/%b)" /var/xrt/pickup logrs...@pd3-dc01rsync-vip.pod.xxx.net: /nfs/exnas/root/pixelserverlogs/PD3-BGAS09// >>/home/logrsync/logs/rsync_worker_00_20090616_153501.log 2>&1 There may be other commands that are executed as well as part of the file sync process other than rsync-server. I suggest if your really paranoid about only allowing file transfers then use the rsync protocol itself. You can encrypt it via a VPN or a ssl tunneling app like stunnel if you want. For me I am happy with just locking the system down so only ssh keys are allowed to login. don't feel the need to try to lock down what keys a particular app can use. And even if I did it wouldn't work since there are about 120 systems that share the same private key to upload and download data to different locations(couple TB of data transferred per day). nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Hi, On Tue, Jun 16, 2009 at 16:59, Stewart Williams wrote: > command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup > stew...@name.of.remote.server:/backup" ssh-dss ... key ... You actually have to include the command that rsync will call on the server side, not the command you use to call rsync on the client side... I did some tests while running "ps -ef | grep rsync" and I believe it would be something like this: command="rsync --server -vlogDtprze.is . /backup" ssh-dss ... HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
On Tue, 16 Jun 2009 21:59:27 +0100
Stewart Williams wrote:
> command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup
> stew...@name.of.remote.server:/backup" ssh-dss ... key ...
well, I've never seen anything other than keys in an authorized_keys
file.. (btw - use authorized_keys2 for ssh v2), but I'd hazard a guess
and say that the speech marks are what could be causing it grief.
try single quotes (') around the command= bit with the double quotes
around the ssh command and see if that makes a difference.
--
Spiro Harvey Knossos Networks Ltd
021-295-1923www.knossos.net.nz
signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Hi, On Tue, Jun 16, 2009 at 17:10, Filipe Brandenburger wrote: > On Tue, Jun 16, 2009 at 16:59, Stewart Williams wrote: >> command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup >> stew...@name.of.remote.server:/backup" ssh-dss ... key ... > > You actually have to include the command that rsync will call on the > server side, not the command you use to call rsync on the client > side... If you add "-v" to the SSH command line on the client: $ rsync -avz -e "ssh -v -i ..." It will print something like this: debug1: Sending command: rsync --server -vlogDtprze.is . /backup That is the exact string you should add to command="" on the authorized_keys file on the other end. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Hi,
On Tue, Jun 16, 2009 at 17:12, Spiro Harvey wrote:
> well, I've never seen anything other than keys in an authorized_keys
> file..
See the "AUTHORIZED_KEYS FILE FORMAT" section in "man sshd".
> (btw - use authorized_keys2 for ssh v2),
That file name is deprecated, the file should be named authorized_keys instead.
http://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2
> try single quotes (') around the command= bit with the double quotes
> around the ssh command and see if that makes a difference.
No, AFAIK the command="..." in authorized_keys it needs double quotes.
The man page implies it, and I believe I tested it with single quotes
and it did not work...
HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
JohnS wrote: > >>> Web Services via SOAP can be your "Middle Ware" (man in the middle) to >>> authentication here. >> I thought that was what PAM was for. I just don't know how to glue it >> into someone else's java web app (like OpenNMS or Pentaho's server). > > True PAM can probally work for some. It seems opennms does not support > PAM? Then my guess is that is where Apache Axis and SOAP or a SOAP Proxy > come in. > > http://www.opennms.org/index.php/Active_Directory_Integration > I know you can do that. Not sure on the local account side. That's the problem - PAM stacks methods nicely. Most other things can use multiples too, but you have to configure each app in weird ways to do it. That's why I think configuring PAM and apps that don't use PAM to use LDAP would be the cleanest approach, then configure the LDAP server side to merge the accounts I want - or make it look that way by proxying. > Pentaho's > looks to much like a Lockin App for anything. Not familiar with it > either. It's really tomcat under the covers on the server side (so probably acecgi like opennms). The code is all available in the community edition - but it is enough of a monster that you probably would need the support if you needed to do more than a few reports, which is all I'm doing so far. It's probably overkill but I really hate doing report layout work manually and it has a nice interactive design tool that publishes the runtime to the web server where it can generate html, pdf, or a spreadsheet download. >>> Your AD admin is going to have to help out in some >>> way for this to happen. No way around it I see. >> He doesn't now, using PAM with both smb and local password authentication. >> > If he does not know he needs his brain checked out. Machines using smb auth don't have to join the domain - and it doesn't need any special support. For apache, mod_auth_pam works, but isn't a stock centos module. I think you are supposed to be able to use mod_auth_sasl with pam these days but I haven't tried to convert yet. >> I don't want anonymous accounts. I just want to be able to add some >> that are unrelated to AD, but I'd prefer to not have to add them to >> every machine. > > The bad part is adding them to every machine and I would be against > that. So far an occasional 'addusr somebody; passwd somebody' has been easier than setting up a network database that I can trust. >> I think PAM with smb and ldap would sort-of work but it still doesn't >> seem like the right approach and so far it has been easier to manage a >> small number of exceptions on a small number of separate machines. I >> thought there were LDAP servers that could proxy for multiple other >> servers where some of those might be AD's. > > I guess the optimal thing to do is figure out every way all apps > can authenticate and go from there. I think that's near infinite - especially if you try to set something up for future use. > OR get a machine with hardware > that can handle all the runnng apps and auth at the machine level. > I'm just thinking in terms of a Blade Server. Just a side note I know > you can proxy SOAP requests but not sure on ldap. So far there aren't that many machines or users that need exceptions from what smb_auth provides - but I'd probably try to migrate more stuff currently on windows boxes if everything was seamless. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] authentication loosely tied to active directory?
On Jun 16, 2009, at 2:04 AM, Les Mikesell wrote: > Paul Johnson wrote: >> On Fri, Jun 5, 2009 at 5:29 PM, Ross Walker >> wrote: >>> On Jun 5, 2009, at 1:00 PM, Les Mikesell >>> wrote: >>> What's the best authentication scheme when you are dealing with an active directory that someone else controls? I've been using pam configured for smb and local passwords where a local account is needed for real logins (but either the domain or local password will work) and web services don't require a local account. That's most of the functionality I want and it doesn't take pre-arrangement with the AD administrator, but I have to glue mod_auth_pam into httpd and I'm not sure how to duplicate it for java web services. Is there a way to use an LDAP proxy in a similar way so I can add accounts of my own but also accept anything from one or more AD's? Or some better approach entirely? >>> We use winbind with rid mapping for user/group ids and kerberos for >>> authentication where I am and it works well and provides SSO for the >>> whole windows domain, even LDAP which we use as an address book. >>> >>> You can map ranges of user/group ids to particular domains and it >>> doesn't require any local accounts or manual setting of user ids. >>> >>> You can map those winbind accounts to unix groups globally through >>> NIS. >>> >>> If your network is large setup a couple of rid mapping servers with >>> winbind that then re-export those maps through NIS to keep things >>> consistent. Just make sure your NIS make maps uses getent and >>> winbind >>> is set to enumerate user/groups. Make sure no passwords are in >>> there, >>> only kerberos accounts. >>> >>> -Ross >>> >> >> >> Hey, Ross: >> >> How do you do this without cooperation from the administrator of the >> AD servers? I can't make any progress at all as long as the >> administrators tell me to go to hell. pam_smb is the only way I can >> make this work without administrator intervention > > Same here - which is why I raised the question. Although I probably > could get permission to join the domain I want to be able to add users > on the Linux side that don't exist in AD. Pam_smb works but I think > something that used LDAP would be better if the ldap server could have > local entries and proxy for the AD. To use LDAP there needs to be uid/gid/home/shell attributes set first, which if it isn't available probably won't be. To use winbind+kerberos you need a machine account in the domain that you have the rights to modify the attributes of (samba list can get you the specific ones). If you can get that, then set up kerberos per your domain, then join the domain with a 'net ads join -U ' If all you want is local user accounts with domain rights you could just setup kerberos and pam_krb5 to authenticate against the domain. Then you'll get a TGT on login which most apps can use for SSO. I can post specifics if you let me know your setup. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] lost RHEL entitlements
Hello, I have some servers that have lost their RHEL update entitlements. Thinking through it, I realized we may not really need those entitlements. However, I would still like to automate keeping them up to date for security fixes. So, is there any way to swap out the Yum/up2date RHEL repositories for CentOS without breaking things? Thanks! -Eugene ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Tom Brown wrote: >> command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup >> stew...@name.of.remote.server:/backup" ssh-dss ... key ... > > which user is doing this as maybe the env of that user in cron is not > the same as when logged in using a shell ? It's the same user, I haven't added the cron job yet. That's just what I intend on doing, at the moment I am having this problem from the shell. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
nate wrote: > Stewart Williams wrote: >> Hi, >> >> I'm trying to backup from one machine to the other (automatically via >> cron) using rsync and ssh password-less public key authentication. >> >> I having been trying to set this up following an article in a Linux >> magazine[1] by only allowing the specific rsync command to run on the >> remote box. >> >> I am using the following rsync command: >> >> $ rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup >> stew...@name.of.remote.server:/backup >> >> This runs, connects using keys asking for no password and completes >> successfully until I add the above command to my authorized_keys file on >> the remote box: >> >> command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup >> stew...@name.of.remote.server:/backup" ssh-dss ... key ... > > I think your issue is the command your specifying is only what > is run on the client end, not on the server end. the server > runs rsync-server, e.g. from one of my rsync servers: > logrsync 5244 0.0 0.0 2152 256 ?S14:03 0:00 rsync > --server -vltpre.is --timeout=600 . > /nfs/exnas/root/pixelserverlogs/transferlogs/pd3-bgas09// > > the command I executed on the client is much, much bigger. > > rsync -rlptve /usr/bin/hpnssh -v -o TcpRcvBufPoll=yes -o NoneEnabled=yes -o > NoneSwitch=yes --timeout=600 --files-from=/home > /logrsync/jobs/rsync_list_00 --log-format="[%p] %t %o %f (%l/%b)" > /var/xrt/pickup logrs...@pd3-dc01rsync-vip.pod.xxx.net: > /nfs/exnas/root/pixelserverlogs/PD3-BGAS09// >>> /home/logrsync/logs/rsync_worker_00_20090616_153501.log 2>&1 > > There may be other commands that are executed as well as part of > the file sync process other than rsync-server. > > I suggest if your really paranoid about only allowing file transfers > then use the rsync protocol itself. You can encrypt it via a VPN > or a ssl tunneling app like stunnel if you want. > > For me I am happy with just locking the system down so only ssh > keys are allowed to login. don't feel the need to try to lock down > what keys a particular app can use. And even if I did it wouldn't > work since there are about 120 systems that share the same private > key to upload and download data to different locations(couple TB > of data transferred per day). > > nate > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > I am the only user with shell access to these systems and they are on a private network, so maybe I am going a bit OTT. :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lost RHEL entitlements
Eugene Vilensky wrote: > Hello, > > I have some servers that have lost their RHEL update entitlements. > Thinking through it, I realized we may not really need those > entitlements. However, I would still like to automate keeping them up > to date for security fixes. So, is there any way to swap out the > Yum/up2date RHEL repositories for CentOS without breaking things? > see Migration from RHEL5 to CentOS5 near the bottom of http://wiki.centos.org/HowTos/MigrationGuide if you have 4, its similar but different. if you have 3, time to wipe and upgrade IMHO. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Filipe Brandenburger wrote: > Hi, > > On Tue, Jun 16, 2009 at 17:10, Filipe Brandenburger > wrote: >> On Tue, Jun 16, 2009 at 16:59, Stewart Williams >> wrote: >>> command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup >>> stew...@name.of.remote.server:/backup" ssh-dss ... key ... >> You actually have to include the command that rsync will call on the >> server side, not the command you use to call rsync on the client >> side... > > If you add "-v" to the SSH command line on the client: > > $ rsync -avz -e "ssh -v -i ..." > > It will print something like this: > > debug1: Sending command: rsync --server -vlogDtprze.is . /backup > > That is the exact string you should add to command="" on the > authorized_keys file on the other end. > > HTH, > Filipe Thank you Filipe, I will try this and let you know if it works. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lost RHEL entitlements
John R Pierce wrote: > see Migration from RHEL5 to CentOS5 near the bottom of > http://wiki.centos.org/HowTos/MigrationGuide > > if you have 4, its similar but different. if you have 3, time to wipe > and upgrade IMHO. > oops, eat my words, here's RHEL3 http://wiki.centos.org/FAQ/CentOS3#head-10bce23c2383ab4be8a9f0926578e96f5e0a8f5d IIRC, the procedure for RHEL4->CentOS4 is somewhere between the 3 and 5 process. you need to install yum and the repo files as well as the centos keys, then do the rest ... note all these procedures will result in a hybrid system where some of your packages are from the upstream vendor, and others from the centos project. while this SHOULD work together OK, and many of us have done exactly that, it is officially UNTESTED and you're on your own. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lost RHEL entitlements
on 6-16-2009 3:13 PM John R Pierce spake the following: > John R Pierce wrote: >> see Migration from RHEL5 to CentOS5 near the bottom of >> http://wiki.centos.org/HowTos/MigrationGuide >> >> if you have 4, its similar but different. if you have 3, time to wipe >> and upgrade IMHO. >> > > oops, eat my words, here's RHEL3 > > http://wiki.centos.org/FAQ/CentOS3#head-10bce23c2383ab4be8a9f0926578e96f5e0a8f5d > > IIRC, the procedure for RHEL4->CentOS4 is somewhere between the 3 and 5 > process. you need to install yum and the repo files as well as the > centos keys, then do the rest ... > > note all these procedures will result in a hybrid system where some of > your packages are from the upstream vendor, and others from the centos > project. while this SHOULD work together OK, and many of us have done > exactly that, it is officially UNTESTED and you're on your own. It's CentOS... Except for the forums and the mailing lists, you are on your own anyway! signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lost RHEL entitlements
On Tue, Jun 16, 2009 at 03:21:16PM -0700, Scott Silva wrote: > on 6-16-2009 3:13 PM John R Pierce spake the following: > > John R Pierce wrote: > >> see Migration from RHEL5 to CentOS5 near the bottom of > >> http://wiki.centos.org/HowTos/MigrationGuide > >> > >> if you have 4, its similar but different. if you have 3, time to wipe > >> and upgrade IMHO. > >> > > > > oops, eat my words, here's RHEL3 > > > > http://wiki.centos.org/FAQ/CentOS3#head-10bce23c2383ab4be8a9f0926578e96f5e0a8f5d > > > > IIRC, the procedure for RHEL4->CentOS4 is somewhere between the 3 and 5 > > process. you need to install yum and the repo files as well as the > > centos keys, then do the rest ... > > > > note all these procedures will result in a hybrid system where some of > > your packages are from the upstream vendor, and others from the centos > > project. while this SHOULD work together OK, and many of us have done > > exactly that, it is officially UNTESTED and you're on your own. > > It's CentOS... Except for the forums and the mailing lists, you are on your > own anyway! Alternately, if for whatever reason you'd prefer to stick with RHEL and have a small amount of $$ to spend: https://www.redhat.com/apps/store/developers/jboss_developer_studio.html Is a good option. No support, but full access to updates. You could also easily switch over to a full support entitlement if you needed support on the system later. Nothing wrong with the CentOS route of course. :) Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync, SSH and authorized_keys problem
Stewart Williams wrote on Tue, 16 Jun 2009 21:59:27 +0100: > command="rsync -avz -e "ssh -i ~/.ssh/backup-key" /backup > stew...@name.of.remote.server:/backup" ssh-dss ... key ... As Nate says, the comand on the other end looks different. Here's a good explanation and also a script to check on the other side: http://troy.jdmz.net/rsync/index.html Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Cyrus IMAP and ipurge
Anyone here familiar with Cyrus IMAP and its util ipurge? We'd like to set auto deletion of our users' spambox folders, but I'm a bit paranoid about its functionality. The main things that confuse me are from the man page: "Ipurge deletes messages from the mailbox(es) specified by mailbox-pattern" with no indication as to what defines "mailbox-pattern" Second: "Ipurge by default only deletes mail below shared folders, which means that mails in mail- box(es) below INBOX.* and user.* stay untouched. Use the option -f to also delete mail in mailbox(es) below these folders." What's a "shared folder"? OK, so the format of a Junk mail folder is: user/spiro/j...@knossos.net.nz and I've successfully done: $ ipurge -f -d 90 user/spiro/j...@knossos.net.nz Working on user/spiro/j...@knossos.net.nz... total messages 21 total bytes 187742 Deleted messages 16 Deleted bytes138324 Remaining messages 5 Remaining bytes 49418 however, without the -f, it did nothing, even though I was explicitly supplying a folder. Clearly I misunderstand what the man page is trying to tell me. I'd like to set up a proper "pattern" to purge all spamboxes correctly via the cyrus.conf, because at the moment, I've got an awk script that generates a list of email addresses and produces a list in the format of user/userid/j...@domain. I could then go over that list and run an ipurge for each one, but if anything happens that causes that list to be corrupted, I'm afraid of deleting the wrong mail. or worse. :( according to what I've gathered, the line: purgespam cmd="ipurge -f -d 90 user/%/j...@*" at=0430 should work when put in cyrus.conf's Events section, but I can't confirm these wildcards. Some results on google just refer to * for the mailbox name, but none seem to include the domain as part of the string. Can anyone here shed some light? -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cyrus IMAP and ipurge
On Tue, Jun 16, 2009 at 7:15 PM, Spiro Harvey wrote: > Anyone here familiar with Cyrus IMAP and its util ipurge? > > We'd like to set auto deletion of our users' spambox folders, but I'm a > bit paranoid about its functionality. > > The main things that confuse me are from the man page: > > "Ipurge deletes messages from the mailbox(es) specified by > mailbox-pattern" > > with no indication as to what defines "mailbox-pattern" > > Second: > > "Ipurge by default only deletes mail below shared folders, which > means that mails in mail- box(es) below INBOX.* and user.* stay > untouched. Use the option -f to also delete mail in mailbox(es) > below these folders." > > What's a "shared folder"? > > OK, so the format of a Junk mail folder is: > > user/spiro/j...@knossos.net.nz > > and I've successfully done: > > $ ipurge -f -d 90 user/spiro/j...@knossos.net.nz > Working on user/spiro/j...@knossos.net.nz... > total messages 21 > total bytes 187742 > Deleted messages 16 > Deleted bytes138324 > Remaining messages 5 > Remaining bytes 49418 > > > however, without the -f, it did nothing, even though I was explicitly > supplying a folder. Clearly I misunderstand what the man page is trying > to tell me. > > I'd like to set up a proper "pattern" to purge all spamboxes correctly > via the cyrus.conf, because at the moment, I've got an awk script that > generates a list of email addresses and produces a list in the format of > user/userid/j...@domain. I could then go over that list and run an > ipurge for each one, but if anything happens that causes that list to > be corrupted, I'm afraid of deleting the wrong mail. or worse. :( > > according to what I've gathered, the line: > > purgespam cmd="ipurge -f -d 90 user/%/j...@*" at=0430 > > should work when put in cyrus.conf's Events section, but I can't > confirm these wildcards. Some results on google just refer to * for the > mailbox name, but none seem to include the domain as part of the string. > > Can anyone here shed some light? > Can't help much with ipurge. I never did like how it works. I have chosen a different approach using the cyradm mboxconfig command to set the expire option on each mailbox as needed. The 'expire' option is set-it-and-forget-it. Yet this approach lacks managability. There is no quick and easy way to survey all of your user mailboxes to check the expire option settings. Jeff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cyrus IMAP and ipurge
On Tue, 16 Jun 2009 20:53:58 -0500 Jeff wrote: > Can't help much with ipurge. I never did like how it works. I have > chosen a different approach using the cyradm mboxconfig command to > set the expire option on each mailbox as needed. The 'expire' option > is set-it-and-forget-it. Yet this approach lacks managability. There > is no quick and easy way to survey all of your user mailboxes to > check the expire option settings. Thanks Jeff. I thought that the expire mboxconfig setting required running of the cyr_expire program to trigger it, but I could never figure out why it forces you to include the expiry age on the command line when the mailbox folders have that info already. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
> cmdshell.php) > > ? The horde framework was installed from the centos repo.!!! > > > I don't think the horde set on CentOS is very current. I just used the tarball > from the horde website, and I keep it current. ok. its just that with centos being a redhat clone and so on. all the rpms they use are suppose to hv been 'vetted' right but anywat... its a lesson learnt. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
Linux Advocate wrote: > > > >> cmdshell.php) >>> ? The horde framework was installed from the centos repo.!!! >>> >> I don't think the horde set on CentOS is very current. I just used the >> tarball >> from the horde website, and I keep it current. > > ok. its just that with centos being a redhat clone and so on. all the rpms > they use are suppose to hv been 'vetted' right but anywat... its a lesson > learnt. Security and bug fixes are backported to the RH/centos releases as they are found. But you have to run yum to apply them to your system as they are available because everyone knows the flaws as soon as they are published. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
