I’ve just hit a problem with smart, whenever I tried to upgrade a package on this machine I was presented with the error shown below. I’m not sure why smart is complaining about this, the public key is in my keyring already. Trying to set ‘gpgcheck = 0’ in the channel file and running a smart update didnt help, but running the command shown at the bottom did

Committing transaction...
warning: rpmts_HdrFromFdno: V3 DSA signature: NOKEY, key ID 5277a2fa
Trying to import the key 888366c05277a2fa from subkeys.pgp.net...
gpg: requesting key 5277A2FA from hkp server subkeys.pgp.net
gpg: key 5277A2FA: "Manfred Tremmel " not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

The above GPG key has been imported successfully.
It is required to install this package:

        libvorbis-1.1.1-0.pm.0.i686.rpm

Do you want to trust this key forever?

You must verify the below fingerprint before answering.
pub   1024D/5277A2FA 1999-07-26 [expires: ????-??-??]
      Key fingerprint = 5296 01E5 5911 A1DC 93D4  45D5 8883 66C0 5277 A2FA
uid                  Manfred Tremmel
sub   3072g/81D6CA10 1999-07-26

If you answer "Yes" all other packages signed with this key will be installed automatically. (y/N): n

error: libvorbis-1.1.1-0.pm.0.i686.rpm: public key not available
Saving cache...

message1:~ #

To fix this problem turn off signature checking, this should only be considered a temporary fix however

smart config --set rpm-check-signatures=false

I’ve just been setting up a Solaris 10 machine to authenticate from a OpenLdap directory, this is the command I used to make it work, note that the IP on the end is the IP of the directory server

% ldapclient manual -v \
  -a defaultsearchbase=dc=riviera,dc=org.uk \
  -a domainname=riviera.org.uk \
  192.168.254.100

The output produced is shown below

Parsing defaultsearchbase=dc=riviera,dc=org.uk
Parsing domainname=riviera.org.uk
Arguments parsed:
        defaultSearchBase: dc=riviera,dc=org.uk
        domainName: riviera.org.uk
        defaultServerList: 192.168.254.100
Handling manual option
Proxy DN: NULL
Proxy password: NULL
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
Stopping ldap
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: network/ldap/client:default... success
nisd not running
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "riviera.org.uk"
file_backup: stat(/var/yp/binding/riviera.org.uk)=-1
file_backup: No /var/yp/binding/riviera.org.uk directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname riviera.org.uk... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: sleep 800000 microseconds
start: sleep 1600000 microseconds
start: sleep 3200000 microseconds
start: sleep 6400000 microseconds
start: sleep 12800000 microseconds
start: sleep 25600000 microseconds
start: sleep 51200000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: sleep 200000 microseconds
start: sleep 400000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: sleep 200000 microseconds
restart: milestone/name-services:default... success
System successfully configured
#

Then test that this is indeed working:

% grep rk295 /etc/passwd
% getent passwd | grep rk295
rk295:x:512:512::/home/rk295:/bin/bash
%

I found that after this had finished, hostname resolution no longer worked. Looking inside /etc/nsswitch.conf I found that the hosts entry had been changed to:

hosts:               ldap [NOTFOUND=return] files

I do not use LDAP for hostname resolution so I had to change this back to:

hosts:               files dns

And similarly the networks line was the same so I had to change that to use files dns as well.

At this point you can query LDAP using getent but you still need to configure PAM to use it for authentication etc. To do this you need to make some changes to /etc/pam.conf. Principally these changes involved telling it should fall back to LDAP if it doesnt match your credentials against the local files. My edited pam.conf is shown below, the lines which I have edited or added are shown in red.

#
#ident	"@(#)pam.conf	1.28	04/04/21 SMI"
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login	auth requisite		pam_authtok_get.so.1
login	auth required		pam_dhkeys.so.1
login	auth required		pam_unix_cred.so.1
<font color="red">
login	auth sufficient		pam_unix_auth.so.1
</font>
login	auth required		pam_dial_auth.so.1
<font color="red">
login	auth required 		pam_ldap.so.1
</font>
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin	auth sufficient		pam_rhosts_auth.so.1
rlogin	auth requisite		pam_authtok_get.so.1
rlogin	auth required		pam_dhkeys.so.1
rlogin	auth required		pam_unix_cred.so.1
<font color="red">
rlogin	auth sufficient		pam_unix_auth.so.1
rlogin	auth required 		pam_ldap.so.1
</font>
#
# Kerberized rlogin service
#
krlogin	auth required		pam_unix_cred.so.1
krlogin	auth binding		pam_krb5.so.1
krlogin	auth required		pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh	auth sufficient		pam_rhosts_auth.so.1
rsh	auth required		pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh	auth required		pam_unix_cred.so.1
krsh	auth binding		pam_krb5.so.1
krsh	auth required		pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet	auth required		pam_unix_cred.so.1
ktelnet	auth binding		pam_krb5.so.1
ktelnet	auth required		pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp	auth requisite		pam_authtok_get.so.1
ppp	auth required		pam_dhkeys.so.1
ppp	auth required		pam_unix_cred.so.1
<font color="red">
ppp	auth sufficient		pam_unix_auth.so.1
</font>
ppp	auth required		pam_dial_auth.so.1
<font color="red">
ppp	auth required 		pam_ldap.so.1
</font>
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other	auth requisite		pam_authtok_get.so.1
other	auth required		pam_dhkeys.so.1
other	auth required		pam_unix_cred.so.1
<font color="red">
other	auth sufficient		pam_unix_auth.so.1
other	auth required		pam_ldap.so.1
</font>
#
# passwd command (explicit because of a different authentication module)
#
<font color="red">
passwd	auth sufficient		pam_passwd_auth.so.1
passwd	auth required 		pam_ldap.so.1
</font>
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron	account required	pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
<font color="red">
other	account sufficient 	pam_ldap.so.1
</font>
other	account requisite	pam_roles.so.1
other	account required	pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other	session required	pam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password management
#
other	password required	pam_dhkeys.so.1
other	password requisite	pam_authtok_get.so.1
other	password requisite	pam_authtok_check.so.1
other	password required	pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#

Now you should be able to su to a user whose credentials are stored only in ldap.

manage some of the OSX preferences settings from cmd line

There may be a better version out there, but this did the job.

If you receive a “synchronization error" it would likely mean that your smtp client/script is sending the data before exim has sent it’s welcome message. This is used to prevent script spammers from spamming you, as their scripts dont’ usually wait for the welcome message.

For more information look here

Possible workaround for your exim.conf, top section:

smtp_enforce_sync = false

So that Robin and I never again forget what the little bastards are called.. The syntactic sugar in source files requried for vim to be ‘just the way you like it’ isn’t called “magic comments" or “vim source configure" or any other search combination that leads to repeated head-meeting-brick incidents when trying to remember what they are. They’re called modelines (:help modeline)

An example modeline that works for Python would be:

#!/usr/bin/python<br />
# vim: ai sm tw=0 sw=4 ts=4<br />

If you need to find out more information about a linux kernel module you can use modinfo:

[root@localhost scsi]# modinfo aic7xxx/aic7xxx.ko
filename:       aic7xxx/aic7xxx.ko
description:    Adaptec Aic77XX/78XX SCSI Host Bus Adapter driver
license:        Dual BSD/GPL
version:        6.2.36 96FAE27D3385BBB774E4EDE
parm:           aic7xxx:period delimited, options string.
        verbose                 Enable verbose/diagnostic logging
        allow_memio             Allow device registers to be memory mapped
        debug                   Bitmask of debug values to enable
        no_probe                Toggle EISA/VLB controller probing
        probe_eisa_vl           Toggle EISA/VLB controller probing
        no_reset                Supress initial bus resets
        extended                Enable extended geometry on all controllers
        periodic_otag           Send an ordered tagged transaction
                                periodically to prevent tag starvation.
                                This may be required by some older disk
                                drives or RAID arrays.
        reverse_scan            Sort PCI devices highest Bus/Slot to lowest
        tag_info:<tag_str>      Set per-target tag depth
        global_tag_depth:<int>  Global tag depth for every target
                                on every bus
        dv:<dv_settings>        Set per-controller Domain Validation Setting.
        seltime:<int>           Selection Timeout
                                (0/256ms,1/128ms,2/64ms,3/32ms)

        Sample /etc/modprobe.conf line:
                Toggle EISA/VLB probing
                Set tag depth on Controller 1/Target 1 to 10 tags
                Shorten the selection timeout to 128ms

        options aic7xxx 'aic7xxx=probe_eisa_vl.tag_info:{ { }.{.10} }.seltime:1'

vermagic:       2.6.9-22.ELsmp SMP 686 REGPARM 4KSTACKS gcc-3.4
depends:        scsi_mod
alias:          pci:v00009004d*sv*sd*bc01sc00i*
alias:          pci:v00009005d*sv*sd*bc01sc00i*
[root@localhost scsi]#

Andrew knows… http://www.andrewescobar.com/

Linux Traffic Control!

http://www.szabilinux.hu/bandwidth/

http://lartc.org/manpages/

http://lartc.org/howto/

http://lartc.org/howto/lartc.ratelimit.single.html

I found this great page whilst looking for something else. It gives some ideas about how to block brute force attacks using recent iptables.