Kerberos web links 
Kerberos overview
To understand MIT Kerberos design and functionality I strongly recommend to read "Designing an Authentication System" dialogue, which, even though, was written some time ago, is still the best Kerberos overview material available. You may find it here: http://web.mit.edu/kerberos/www/dialogue.html

Simple RHEL/CentOS setup guide
A basic setup guide which, along with the "Dialogue", will help you to setup the basic functional Kerberos realm http://www.centos.org/docs/5/html/Deplo ... beros.html

NFS
While combining the Kerberos with NFSv4 you may find some tips here: https://help.ubuntu.com/community/NFSv4Howto

Schopenhauer Implementation
And some extract of the Schopenhauer's work may be assimilated here: http://feuerteufel.blog.cz/1001/svet-ja ... redstava-1


[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink
RHEL/CentOS: Kerberos + SSH (add ws to kerberos realm) 
verify you have krb5-workstation (kerberos client software)
# rpm -qa | grep krb
pam_krb5-*
krb5-libs-*
krb5-workstation-*

put the same config as the krb AS/TGT server on ws
cat > /etc/krb5.conf

run kadmin and get kerberos admin and add ws to domain (create and retrieve keys locally)
# kdamin root/admin
kadmin: addprinc -randkey host/hostname.domain.com
kadmin: ktadd - /etc/krb5.keytab host/hostname.domain.com

verify sshd has the GSSAPI on
# cat /etc/ssh/sshd_config | grep GSS
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

renew the ticket on the box from which you would like to connect to ws and you should be in (also the username must be valid across the domain). if any troubles you may debug ssh client with
# ssh -vvv user@domain.com

and the ws you are connecting to
# sshd -d

helpful troubleshooting tips here: http://www.fnal.gov/docs/strongauth/troubleshoot.html

[ add comment ] ( 5 views )   |  [ 0 trackbacks ]   |  permalink
2 factor authentication with YubiKey (Yubico) 
Two-factor SSH with YubiKey on CentOS 5.6
link: http://www.grennan.com/2011/07/two-fact ... entos-5-6/

YubiKey in Black
link: https://store.yubico.com/store/catalog/product_info.php?products_id=2&osCsid=5lkiba6keok3vkcr5ssio9d3j1

Standalone lightweight Yubikey OATH/HOTP Validation Server
http://code.google.com/p/yubico-yubiser ... gTheServer


[ add comment ] ( 9 views )   |  [ 0 trackbacks ]   |  permalink
ssh - authorized_keys HOWTO 
http://www.eng.cam.ac.uk/help/jpmg/ssh/ ... howto.html

[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
Duo Security: Two Factor Auth for the Masses 
Recently, I went through http://cuddletech.com/blog/?p=594, very interesting stuff.

Duo can be easily added to any Unix system to protect remote or local logins. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Gentoo), BSD (FreeBSD, NetBSD, OpenBSD, MacOS X), Solaris, HP-UX, and AIX.

http://www.duosecurity.com/docs/duounix
http://blog.duosecurity.com/2011/04/ann ... -for-unix/

Sample PAM (RSA SecurID, not Duo)

#%PAM-1.0
# http://www.kernel.org/pub/linux/libs/pa ... rence.html

#required This line must succeed.
#requisite Request is immediately denied if this line fails.
#sufficient Request is immediately allowed if this line succeeds.
#optional It's okay if this line fails.


#############################################
# auth
#############################################
# RSA only
auth required pam_env.so
auth sufficient pam_securid.so
#auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so


##############################################
# account
##############################################
account required pam_nologin.so
account include system-auth

##############################################
# password
#############################################
password include system-auth

##############################################
# session
##############################################
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so


[ add comment ] ( 8 views )   |  [ 0 trackbacks ]   |  permalink
FUSE: userspace filesystem (RHEL,CentOs) 
The name wanted to be a clever acronym for "Filesystem in USErspace". Linux kernels 2.6.14 or later contain FUSE support out of the box.

FUSE is made up of three main parts:

- a kernel filesystem module
- a userspace library
- a mount/unmount program

Some options regarding mount policy can be set in the file '/etc/fuse.conf'.


# yum install fuse
# yum install fuse-libs
# wget http://dag.wieers.com/rpm/packages/fuse-sshfs/[your-arch, or import repoforge repo]


mount, umount

# sshfs -o follow_symlinks,nonempty,sshfs_sync,compression=yes user@server:/directory/ /mountpoint/
# fusermount -u /mountpoint/


If the system account is intended as the sshfs share provider and no interective logon is required, you might not setup a password on account to allow only logon with authorized_keys.


# cat authorized_keys
from="klient4sftpsubsystem.domain.com",no-port-forwarding,no-pty ssh-rsa AAAAB3Nz****key



[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink
Interactive simulations <http://phet.colorado.edu/> 
http://www.regentsprep.org/Regents/phys ... icCode=03b

Faraday's Law


Ohm's Law


Battery-Resistor Circuit


[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
Check postfix logs for email delivery  

#!/bin/bash

# program: postfix log checker
# version: 1.2
# purpose: to check logs for mail transport
# usage: $0 from email@domain
# $0 to email@domain

argc=$# # argument count
argv[0]=$0 # argv[0] is a prog name

TEMP1=/tmp/$$.temp1
TEMP2=/tmp/$$.temp2
TEMP3=/tmp/$$.temp3

> $TEMP1
> $TEMP2
> $TEMP3

trap "rm -f $TEMP1 $TEMP2 $TEMP3; echo; echo 'program stopped by user'; exit" INT TERM

[ ! $1 ] && echo "please specify from or to, ie: from tomas" && exit
[ ! $2 ] && echo "please specify recipient email address, or a part of address" && exit

for foo in $( seq $argc )
do
eval "argv[${foo}]=\$${foo}"
done

[ $1 == "from" ] && SEARCH=" from="
[ $1 == "to" ] && SEARCH=" to="

email=${argv[2]}

echo "------------------------------------------------"
echo "search: ($SEARCH)*${email}*"
echo "------------------------------------------------"

for logfile in $( ls -1 /var/log/maillog* )
do
echo "parsing logfile ... $logfile"
if [ $( echo $logfile | grep -i "*gz$" ) ]; then
zcat $logfile | grep -i -E "${SEARCH}.${email}|${SEARCH}${email}" >> $TEMP1
else
cat $logfile | grep -i -E "${SEARCH}.${email}|${SEARCH}${email}" >> $TEMP1
fi
done

cat $TEMP1 | sed -e "s/ / /g" | cut -d" " -f 6 | sed -e "s/://g" | sort | uniq \
>> $TEMP2

EVENTS=$( cat $TEMP2 | wc -l )

echo "we have found $EVENTS records in our logs"
echo "compacting results"
echo "------------------------------------------------"

> $TEMP3
for event in $( cat $TEMP2 )
do
> $TEMP1
echo -n " $event"
for logfile in $( ls -1 /var/log/maillog* )
do
if [ $( echo $logfile | grep -i "*gz$" ) ]; then
zcat $logfile | grep -i $event | tr '\n' ' ' >> $TEMP1
else
cat $logfile | grep -i $event | tr '\n' ' ' >> $TEMP1
fi
echo -n "."
done

# here we have in $TEMP1 all the log events related to mail message"
# we have it as a single long line
# first, check for sender and recipient
sender=""; orig_recipient=""; recipient=""; status=""; datetime=""; timestamp=""

#cat $TEMP1

datetime=$( cat $TEMP1 | sed -e "s/ / /g" | cut -d" " -f1,2,3 ) > /dev/null
timestamp=$( date -d "$datetime" "+%s" )

REGULAR="s/.* \(from=[^ ,]*\).*/\1/p"
sender=$( cat $TEMP1 | sed -n "$REGULAR" ) > /dev/null

REGULAR="s/.* \(to=[^ ,]*\).*/\1/p"
recipient=$( cat $TEMP1 | sed -n "$REGULAR" ) > /dev/null

REGULAR="s/.* \(orig_to=[^ ,]*\).*/\1/p"
orig_recipient=$( cat $TEMP1 | sed -n "$REGULAR" ) > /dev/null

REGULAR="s/.* \(status=[^ ]*\).*/\1/p"
status=$( cat $TEMP1 | sed -n "$REGULAR" ) > /dev/null

if [ $orig_recipient ]; then
echo "$timestamp, $event, $datetime, $sender, $orig_recipient (yet forwarded!), $status" >> $TEMP3
else
echo "$timestamp, $event, $datetime, $sender, $recipient, $status" >> $TEMP3
fi
done

echo
echo "------------------------------------------------"
echo "generating list, please press space to continue"
echo "running more "
echo "q to quit "
echo "------------------------------------------------"
echo
sleep 3

sort -n --key=1,9 $TEMP3 | more

rm $TEMP1
rm $TEMP2
rm $TEMP3



[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink
Lessons In Electric Circuits 
A free series of textbooks on the subjects of electricity and electronics
Copyright (C) 2000-2012, Tony R. Kuphaldt
http://openbookproject.net/electricCircuits/

Units
http://www.knowledgedoor.com/2/units_an ... fixes.html

Circuit Simulation DC only, Java
http://phet.colorado.edu/en/simulation/ ... ion-kit-dc

Calculating an resistor value
http://www.kpsec.freeuk.com/components/led.htm

Kirhoff's Law explained
http://electron9.phys.utk.edu/phys136d/ ... chhoff.htm
http://www.regentsprep.org/Regents/phys ... efault.htm
http://www.physics.uoguelph.ca/applets/ ... index.html


[ add comment ] ( 6 views )   |  [ 0 trackbacks ]   |  permalink
UNIX signals 
signály jsou softwarová přerušení běhu procesu a slouží ke komunikaci mezi procesy nebo v rámci procesu.

přehled signálů, jak je popisuje standard POSIX.1-1990
------------------------------------------------------
Signal Value Action Comment
------------------------------------------------------
HUP 1 Term Hangup detected on controlling terminal
or death of controlling process
INT 2 Term Interrupt from keyboard
QUIT 3 Core Quit from keyboard
KILL 4 Core Illegal Instruction
ABRT 6 Core Abort signal from abort(3)
FPE 8 Core Floating point exception
KILL 9 Term Kill signal
SEGV 11 Core Invalid memory reference
PIPE 13 Term Broken pipe: write to pipe with no readers
ALRM 14 Term Timer signal from alarm(2)
TERM 15 Term Termination signal
TERM is a default signal sent by kill(1) command
------------------------------------------------------
Signal Value Action Comment
------------------------------------------------------
USR1 30,10,16 Term User-defined signal 1
USR2 31,12,17 Term User-defined signal 2
CHLD 20,17,18 Ign Child stopped or terminated
CONT 19,18,25 Cont Continue if stopped
STOP 17,19,23 Stop Stop process
TSTP 18,20,24 Stop Stop typed at tty
TTIN 21,21,26 Stop tty input for background process
TTOU 22,22,27 Stop tty output for background process

handler zajišťuje mapování signálu na obslužný kód. obsluhu signálů KILL a STOP přebírá vždy operační systém. v jiných případech je možno určit, zda signál je ignorován (SIG_IGN), zpracován v operačním systému definovaným obslužným programovým kódem - default (SIG_DFL), nebo obsloužen pro proces specifickým programovým kódem.

http://www.enderunix.org/docs/signals.pdf


Catching signal in BASH, example 1

#!/bin/bash
trap "echo 'ahoj ahoj, jsem signal USR1'" USR1
echo $$
while true
do
sleep 1
done



Catching signal in BASH, example 2

if [ ! -e $lockfile ]; then
trap "rm -f $lockfile; exit" INT TERM EXIT
touch $lockfile
critical-section
rm $lockfile
trap - INT TERM EXIT
else
echo "critical-section is already running"
fi



[ add comment ] ( 3 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | Next> Last>>