X crashes randomly
Since the last 2 weeks approximately, I'm experiencing crashes in graphical display: I can move the mouse pointer but clicking on anything has no effect, or has a strange effect, e.g. clicking on an icon in the toolbar will bring up a completely unrelated window. If I close X with ctrl-alt-backspace this brings me back to the gdm login screen, but logging in brings me back to the display as dysfunctional as before. This seems to happen more when I have a lot of windows open / applications running, but I can not discern a clear pattern. I have lots of RAM (1 Gb) and top nevers shows any intense use of cpu or memory when crashes happen. Actually there have been no crashes during more cpu-intense activities such as compiling a sizeable java program. The log for X or syslog does not show anything suspicious. I'm at a lost since I have no idea where the problem is originating. Could someone please help or suggest directions or what relevant information I could post? I'm running: - etch, updated every day or every couple of days - gdm - icewm-experimental Last time the crash happened I was running: - icedove - iceweasel - eclipse - jEdit - XFE - XPDF Thanks for any help you can provide! Normand Fortier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: apt-get interrupted, file locked
are you root ??? you can run apt-get or dselect only as root jacques -Message d'origine- De : Peter Christensen [mailto:[EMAIL PROTECTED] Envoyé : lundi 24 septembre 2001 23:49 À : debian user Objet : apt-get interrupted, file locked I think I'm making progress! I tried apt-get (as suggested by Dman and Karsten). I ran : apt-get update apt-get dist-upgrade After about two hours I lost my internet connection (not uncommon for me) and when I tried to get things going again I got the following messages: Could not open lockfile /var/cache/apt/lock, open (13 permission denied) Couldn't lock the cache dir, /var/cache/apt, another process is using it Is this fixable? What should I do if I lose the connection next time? Thanks, Peter Christensen (note new email address: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: ipmasqadm portfw
Pehaps I will tell non-senses but potato run a 2.2 kernel (2.2.17 in your case). So the tool for that kind of tricks is ipchains, isn't it? ipmasqadm is for kernel serie 2.0 no ? hope it helps jacques -Message d'origine- De : will trillich [mailto:[EMAIL PROTECTED] Envoyé : mardi 25 septembre 2001 11:15 À : debian-user@lists.debian.org Objet : ipmasqadm portfw i used to have this working like a champ, but now it folds its arms and laughs and evil laugh-- we're trying to establish port forwarding so that a box internal on our lan (192.168.1.2) can serve requests through the firewall, from 'out there'. # ipmasqadm portfw -a -P tcp -L [PUBLIC_IP] 7890 -R 192.168.1.2 80 # ipmasqadm portfw -ln prot localaddrrediraddr lportrport pcnt pref TCP [PUBLIC_IP] 192.168.1.2 7890 801010 well, it LOOKS like it's up, but-- # nmap [PUBLIC_IP] -p 7890 Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) No ports open for host server ([public_ip]) Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds which is bolstered by the fact that if i try to connect to public port :7890 from outside (that is, from a public ip out on the internet, trying to connect to port :7890 on my public ip address) i get deafening silence (unable to connect to host). is there another step i've forgotten? i'm on potato 2.2.17 and this was working earlier... -- DEBIAN NEWBIE TIP #48 from Will Trillich <[EMAIL PROTECTED]> : To peruse your CURRENT VIM SETTINGS (there's LOTS of them) from within Vim, simply do :options You can change them there, on-the-fly, as well. Type "ctrl-W ctrl-W" to switch "panes" or "ctrl-W q" to close one. Try ":help" to learn more. Also see http://newbieDoc.sourceForge.net/ ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
source.list error recovery
I've just played with some unstable packages lists and it doesn't behave like I want. Is there any way to downgrade all packages to the latest avaibled in the corrected sources.list. I mean a softer way than a reinstall ;-) Jacques
RE: restarting a daemon
just kill -HUP where is the process ID of your daemon but another method is /etc/init.d/exim reload jacques -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : mardi 25 septembre 2001 20:48 À : debian-user@lists.debian.org Objet : restarting a daemon I am trying to modify and "reload" my exim.conf file. The beginning of the sample conf file says "...you change Exim's configuration file, you *must* remember to HUP the Exim daemon". I am unable to determine how to HUP a daemon without rebooting. Any help will be appreciated, thank you so much. -- Giulio -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Radeon VIVO, input device
does anyone knows about a linux driver for the input device of the radeon card. I've just managed to have X work on it (Xfree 4.1.0) and now it would be great to be able to watch tv as I do with win progs. Maybe with XawTV or another apps, I am not interested in mpeg2 capturing. Just a visualisation. thanks in advance Jacques
Re: setting a tty to login to remote computer via ssh
Shriram Shrikumar wrote: > Hi All, > > just wondering if it was possible to set one of the tty's like tty8 to login > to > another machine via ssh instead of just to the local machine. It is possible by editing the inittab (/etc/inittab) but it will set a pb if you need a password to set the connection, 2 solutions: * set up the away box so as it doesn't ask for a password * use the right command line option to hardcode the password in the inittab *** ATTENTION *** the second way is *very* piggy. Your inittab is usually world readable. So every one can read your password. Use it just in last resort, for test purposes. *** ATTENTION *** I think there is a way to disable password for the server by editing a authorizedkeys file (+ chmod 600) but I don't know more. > > thanx in advance. > > Shri Hope this will be a first step in the right direction Jacques > > __ > Do You Yahoo!? > Listen to your Yahoo! Mail messages from any phone. > http://phone.yahoo.com > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
TLS, XEN and a big mess
Hi everybody,
I know that this is a subject often raise but don't flag me FAQ just
yet, I have done the reading.
Here is the scenario, I am trying to run xen3.0.3 with debian etch. I
have installed both libc6 and libc6-xen since the latter depends on the
previous one (which sounds so weird). I also use a custom compiled
kernel, a vanilla 2.6.16.29 patched with the sources of xen-3.0.3-1.
I compiled a pae version and installed the corresponding package for the
hypervisor.
The problem comes from the tls, in the domU (I have not seen that with
dom0 yet, but that may be happening too), I see random segfaults. I try
to 'disable' the tls libraries by moving them away and that still
happens. A good example is with bcfg2:
(before moving)
> strace bcfg2 -v -d -q
...
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/cmov/libnsl.so.1", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p5\0\000"...,
512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=76548, ...}) = 0
mmap2(NULL, 87808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0)
= 0xb77fc000
mmap2(0xb780e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x11) = 0xb780e000
mmap2(0xb781, 5888, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb781
close(5)= 0
munmap(0xb79d9000, 11093) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 3127 detached
(after moving)
...
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/tls/i686/cmov/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/libnsl.so.1", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`5\0\000"...,
512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=72452, ...}) = 0
mmap2(NULL, 83712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0)
= 0xb783f000
mmap2(0xb785, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x10) = 0xb785
mmap2(0xb7852000, 5888, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7852000
close(5)= 0
munmap(0xb7a1b000, 11093) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 3130 detached
So it seems that both version of libnsl.so.1 use a bad addressing (but
they are not identical files).
All that would be fine if it were not segfaulting but enabling the slower
emulation mode that is mentionned everywhere in the docs. I don't know
how I can enable it. Is there something I missed.
thanks
jacques
PS: by fine, I mean less puzzling.
signature.asc
Description: Digital signature
Re: Why Disable Root ssh login?
On Fri, Dec 15, 2006 at 01:45:40AM -0500, Grok Mogger wrote: > I've often seen this touted as a good security measure and I've > always wondered why. I can think of a few possibilities, but I > really don't know. Could someone please explain it to me? Because, to login from outside you will need to guess a valid username and the corresponding password. After that the root password will have to be guessed locally which would leave a fat trace in the logs. In addition, most of the bots around try to guess the root password and do not spend a lot of time for normal accounts. Now, if you always have strong password, this should not matter. But there is still the risk that your password looks like an obsfucated and misspelled version of a foreign word which you have no clue about but a lucky bot operator will try. You could also have you password leaked for a stupid reason. In which case requiring a su/sudo will put a name on the perpetrator... It is just my opinion on it but I hope it helps. jacques signature.asc Description: Digital signature
Re: Why Disable Root ssh login?
On Fri, Dec 15, 2006 at 02:35:50PM +0100, Olive wrote: > > >Because, to login from outside you will need to guess a valid username > >and the corresponding password. After that the root password will have > >to be guessed locally which would leave a fat trace in the logs. In > >addition, most of the bots around try to guess the root password and do > >not spend a lot of time for normal accounts. > > > >Now, if you always have strong password, this should not matter. But > >there is still the risk that your password looks like an obsfucated and > >misspelled version of a foreign word which you have no clue about but a > >lucky bot operator will try. You could also have you password leaked for > >a stupid reason. In which case requiring a su/sudo will put a name on > >the perpetrator... > > > >It is just my opinion on it but I hope it helps. > > This answer in't entirely convincing. For example if you can sudo with > the normal password account, I do see any difference in security in > allowing root ssh or not. The logs are usefull as long as the offender > did not succeed to have root access, after that it is very easy for the > offender to clear the logs. Well, if sudo is well configured, it does not give complete root access, It should be limited to mostly inoffensive command options and require the password for the rest. As for the logs, you are right in the case where they are kept local, but any reasonable size network will use a separate node with a different password as a loghost. All the failed attempt will be sent there and recorded before any successful promotion. Those will be much harder to erase. But you are right I should have mentioned it. jacques signature.asc Description: Digital signature
Re: Why Disable Root ssh login?
On Fri, Dec 15, 2006 at 03:09:54PM +0100, Olive wrote: > >Well, if sudo is well configured, it does not give complete root access, > >It should be limited to mostly inoffensive command options and require > >the password for the rest. As for the logs, you are right in the case > >where they are kept local, but any reasonable size network will use a > >separate node with a different password as a loghost. All the failed > >attempt will be sent there and recorded before any successful promotion. > >Those will be much harder to erase. But you are right I should have > >mentioned it. > > > This make more sense, but still I am perplex. I was speaking about the > "Unbuntu" type of sudo account: you have to give your own password to > have root access, not a different one. If an offender had succeed to log > in, he has already the normal user account password. For the logs, if > the local system is able to send some log to another network, a user > having root access is also able too; how can the local system be > "authorized" to send remote log across the network and denying this to a > user having rootlocal access. Even if there is a password to send the > logs over the network, the system must store it somewhere in order to be > able to use it. A user having local root access is able to analyse > /dev/mem to discover it. It may present some difficulties but this seems > like "security by obscurity"; which is known to be bad. However, a more > secure variant would be to authorize the system to send log but not to > clear it; in this later case it could be more secure. Anyway just > prevent a root ssh does not increase security as it; it only does in > conjunction with several other steps. This way to setup sudo does not make sense to me. It is giving full root access to every user, which is plain bad. It must be a configuration for single workstation used by one person only. As for the loghost, take a look at syslog and syslog-ng. This type of setup does only make sense in append mode. That is, you send something and it is logged, no access to previous record. This way, when something fishy happens, you look at your logs chronologically and you (hopefully) see what happens before the fake records sent by the attacker. There is no authentication involved, just ip filtering. I think the main point in disabling root access is to break all those bots which scan the net for ssh servers and try their dictionnaries of passwords on the root account. I see one every 10-20min on my ssh gateways. jacques signature.asc Description: Digital signature
Re: Why Disable Root ssh login?
On Fri, Dec 15, 2006 at 04:03:37PM +0100, Albert Dengg wrote: > > This way to setup sudo does not make sense to me. It is giving full root > > access to every user, which is plain bad. It must be a configuration for > > single workstation used by one person only. > well, not exactly... > normally, that kind of access ist set up only for certain groups... > (i do not use ubuntu, but it is that way on for example osx, where there > is a special admin group that allows sudo of all commands after password > prompt. of course, maybe you should not use such an account for daily > work as you shouldn't do that with the root account...) I might very well miss something there. But that does not make sense to me either. I have not tried ubuntu or osx yet, but to me, this setup means that instead of having 1 password to protect and monitor, you have several. I don't really see the point. I usually go for the following setup, use passwordless sudo for selected commands and option lists, kinda like a more configurable setuid since you restrict the option list. But for real root access, you use su (or su - actually). This way, you have one password giving root privileges. While there must be other ways, that always worked for me. I think we kinda drifted away from the original subject though :-) jacques signature.asc Description: Digital signature
Re: Add hardware to an existing system
On Fri, Dec 15, 2006 at 04:42:17PM -0200, Gustavo Franco wrote: > The hardware is detected during the boot process too and not only > during the installation, unless you've changed it manually. > > Answering about the video card and dvd burner: > > - Video card: Probably it will be properly detected and the kernel > module will be loaded, but you will still need to reconfigure your > Xorg if it uses a different chipset than the older card. You can > reconfigure the package xserver-xorg or simply edit /etc/X11/Xorg.conf > changing the Driver from the old to the new one. > - DVD burner: If you use GNOME and haven't installed the desktop > environment install gnomebaker package and have fun. > > A lot of other kind of hardware will work 'out of the box' (eg: most > of usb tokens) and others will be detected but you will need install a > package or if we're replacing old hardware with new stuff change a > configuration file. > > Suggestions are welcome. While you are right, I see one special case. It is not the case here but if you change your booting devices, you will need to rebuild the initramfs. I am mainly speaking about adding a drive or controller which change the ordering and name of the others. jacques signature.asc Description: Digital signature
Re: Add hardware to an existing system
On Fri, Dec 15, 2006 at 05:26:22PM -0200, Gustavo Franco wrote: > >While you are right, I see one special case. It is not the case here but > >if you change your booting devices, you will need to rebuild the > >initramfs. I am mainly speaking about adding a drive or controller which > >change the ordering and name of the others. > > You're right, thanks for pointing it out, but me as both user and > admin don't do that usually. > > Btw, if you change your hard disk controller only (hardware raid?) > you're probably not a newcomer user. Unfortunately, it isn't that easy > figure out what's going on from the boot loader, kernel and the > whole system (read /etc/fstab at first) - but per filesystem id (or label) > boot and mount should be worked out for our next release, IMHO. > > Adding a drive that changes the name from the original drive sounds > like a controller bug or kernel bug though. No not necessarily, let me give you a scenario: You are running fine with your onboard controller for a while but you feel a little tight on disk space and you decide to add a drive. You also need to add a pci controller for it since you ide (or sata for that matter) onboard is packed. But for some reason the add on card is loaded before the onboard one, which shifts all the drives down... It is not a kernel bug, just a timing 'feature'. As for the fstab, you would probably be stuck if you use the partition directly. And since the fstab is used for the initramfs creation, you would need to regenerate it again after. But there is another way than labels. LVM is not dependent on the name of the PV anymore, if the name of one does change, lvm will find it with its uuid and load it normally. That is one more advantage in using it rather that static partitions. jacques signature.asc Description: Digital signature
Re: Device: /dev/hda, ATA error count increased from 0 to 2
On Tue, Jan 02, 2007 at 10:40:01AM -0600, Reid Priedhorsky wrote:
...
> Jan 2 07:38:13 reidster kernel: hda: dma_intr: status=0x51 { DriveReady
> SeekComplete Error }
> Jan 2 07:38:17 reidster kernel: hda: dma_intr: error=0x40 {
> UncorrectableError }, LBAsect=8152823, high=0, low=8152823, sector=8152822
> Jan 2 07:38:17 reidster kernel: ide: failed opcode was: unknown
> Jan 2 07:38:17 reidster kernel: end_request: I/O error, dev hda, sector
> 8152822
> Jan 2 07:38:17 reidster kernel: EXT3-fs error (device hda5):
> ext3_get_inode_loc: unable to read inode block - inode=228624, block=458828
> Jan 2 07:38:17 reidster kernel: Remounting filesystem read-only
> Jan 2 07:38:17 reidster kernel: hda: dma_intr: status=0x51 { DriveReady
> SeekComplete Error }
> Jan 2 07:38:17 reidster kernel: hda: dma_intr: error=0x40 {
> UncorrectableError }, LBAsect=8152823, high=0, low=8152823, sector=8152822
> Jan 2 07:38:17 reidster kernel: ide: failed opcode was: unknown
> Jan 2 07:38:17 reidster kernel: end_request: I/O error, dev hda, sector
> 8152822
> Jan 2 07:38:17 reidster kernel: EXT3-fs error (device hda5):
> ext3_get_inode_loc: unable to read inode block - inode=228626, block=458828
You have an error on the same sector there (8152822), this sector is
probably bad.
> And smartctl -a /dev/hda reports:
...
> SMART Attributes Data Structure revision number: 10
> Vendor Specific SMART Attributes with Thresholds:
> ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED
> WHEN_FAILED RAW_VALUE
> 1 Raw_Read_Error_Rate 0x000f 054 049 006Pre-fail Always
> - 157409182
> 3 Spin_Up_Time0x0003 096 096 000Pre-fail Always
> - 0
> 4 Start_Stop_Count0x0032 100 100 020Old_age Always
> - 2
> 5 Reallocated_Sector_Ct 0x0033 100 100 036Pre-fail Always
> - 15
> 7 Seek_Error_Rate 0x000f 081 060 030Pre-fail Always
> - 153797081
> 9 Power_On_Hours 0x0032 083 083 000Old_age Always
> - 15442
> 10 Spin_Retry_Count0x0013 100 100 097Pre-fail Always
> - 0
> 12 Power_Cycle_Count 0x0032 100 100 020Old_age Always
> - 21
> 194 Temperature_Celsius 0x0022 030 056 000Old_age Always
> - 30
> 195 Hardware_ECC_Recovered 0x001a 054 049 000Old_age Always
> - 157409182
> 197 Current_Pending_Sector 0x0012 100 100 000Old_age Always
> - 0
> 198 Offline_Uncorrectable 0x0010 100 100 000Old_age Offline
> - 0
> 199 UDMA_CRC_Error_Count0x003e 200 200 000Old_age Always
> - 0
> 200 Multi_Zone_Error_Rate 0x 100 253 000Old_age Offline
> - 0
> 202 TA_Increase_Count 0x0032 100 253 000Old_age Always
> - 0
>
> I'm currently running a long self-test, and I'll re-post if the report
> then shows anything.
>
> Any help would be much appreciated.
My guess. You had a few bad sectors; you rebooted, fsck was not happy a
wrote on those sectors ; the controller detected them and relocated them
(you have a relocated count of 15); everything is fine.
The surface test will tell you (the long test) if there are still some
sectors unreadable. But most likely everything has been fixed. If a
sector is bad and the test failed, you can try to play with dd and force
a reloc of that sector but the chances of screw-up are pretty high.
Anyway, you drive is at least 1.5year old (uptime about that time), and
bad sectors do happen. I would not panic since you have backups (because
you _do_ have backups) :-)
jacques
signature.asc
Description: Digital signature
Re: NTP dynamic servers?
On Tue, Jan 23, 2007 at 01:49:55AM +0100, Bruno Voigt wrote: > I'm running debian/unstable on my laptop and often the LAN/WLAN is not > connected (yet) > when the system is starting up - including NTPD. > > NTPD then seems to discard all unreachable server entries and ends up > with no peers left. > In some googled doc I found the ntp.conf option "dynamic" to tell it > that some peers may become available later on, > but the debian ntpd doesnt't seem to understand it - or I don't know how > to use it correctly. > > What is the best way to configure the ntpd in such an environment ? How about calling the init.d script from /etc/network/interfaces? I mean, there is little need for having the deamon running while offline and providing that your clock does not drift too much, that should do it. jacques signature.asc Description: Digital signature
Re: NTP dynamic servers?
On Tue, Jan 23, 2007 at 08:53:55PM +0100, Bruno Voigt wrote: > >How about calling the init.d script from /etc/network/interfaces? > > > >I mean, there is little need for having the deamon running while > >offline and providing that your clock does not drift too much, that > >should do it. > > > That is hard to configure reliable because of stuff like openvpn that > also needs a varying timespan to settle etc.. > So I would really like to know a way to tell ntpd to not give up on a > server entry if it is not reachable/resolvable on the first try: > > Jan 23 21:06:27 europa ntpd_initres[5255]: host name not found: > 0.debian.pool.ntp.org ??? > Jan 23 21:06:27 europa ntpd_initres[5255]: couldn't resolve > `0.debian.pool.ntp.org', giving up on it ??? If you really wish to have ntpd running all the time, you can still add/remove peers dynamically. ntpdc -c addserver peer_address [keyid] [version] [prefer] ntpdc -c unconfig peer_address I don't there is any way to get away from the synchronization time though. So running ntpd without peers versus not running it at all should not make any difference except if your clock is very biased and you stay offline for a long time. I also do not know what happen at startup to correct for the skew of the rtc during the shutdown. If it is taken care of by ntpd at start, then you have one less reason to leave it on... jacques signature.asc Description: Digital signature
Can't get gnome-screensaver to work with pam_krb5
Hi everybody,
I have a nasty issue with gnome-screensaver. I cannot have it work
properly with kerberos (mit krb5). The version in sarge worked wiithout
problems but it has been broken for quite some time in testing.
The same configuration reports broken passwords all the time (which is
what I reported on bug #383889. On the other hand, if I disable the
verify_ap_req_nofail option in krb5.conf, then I see the passwords as
accepted, ... but the screen-saver do not quit.
This verify_ap_req_nofail option controls the behavior when the keytab
is not found. The machine I am testing on has a valid keytab so this
option should not change anything. That makes me think of a bad setup of
the environment.
For information:
/etc/pam.d/common-auth
authsufficient pam_unix.so nullok_secure
authrequiredpam_krb5.so debug use_first_pass
/etc/krb5.conf (slightly edited):
[libdefaults]
default_realm =
# The following krb5.conf variables are only for MIT Kerberos.
default_tgs_enctypes = des3-hmac-sha1
default_tkt_enctypes = des3-hmac-sha1
permitted_enctypes = des3-hmac-sha1
kdc_timesync = 1
ccache_type = 4
renew_lifetime=7d
forwardable = true
proxiable = true
[logging]
kdc = SYSLOG:ERR:LOCAL5
admin_server = SYSLOG:ERR:LOCAL5
default = SYSLOG
[realms]
= {
kdc = X
admin_server = X
}
[domain_realm]
.
[appdefaults]
forwardable = true
pam = {
minimum_uid=1000
}
And the logs show:
/var/log/debug
...
Jan 24 16:15:08 neelix gnome-screensaver-dialog: (pam_krb5): none:
pam_sm_authenticate: entry (0x0)
Jan 24 16:15:08 neelix gnome-screensaver-dialog: (pam_krb5): jacques:
pam_sm_authenticate: exit (success)
...
If someone has any ideas, I am all for it.
thanks
jacques
signature.asc
Description: Digital signature
Re: Can't get gnome-screensaver to work with pam_krb5
On Thu, Jan 25, 2007 at 12:21:19AM +0100, Sven Arvidsson wrote: > On Wed, 2007-01-24 at 16:48 -0600, Jacques Normand wrote: > > I have a nasty issue with gnome-screensaver. I cannot have it work > > properly with kerberos (mit krb5). The version in sarge worked wiithout > > problems but it has been broken for quite some time in testing. > > Sarge didn't actually have gnome-screensaver, xscreensaver was used. You are right, I did not remember. > If you have time, please try gnome-screensaver from experimental and see > if it has improved, and if not, file a bug with the upstream developers, > http://bugzilla.gnome.org/. I did the test and so the same results. I will check with upstream. Hopefully, we will have a non-broken version in etch (crosses fingers). jacques signature.asc Description: Digital signature
Re: Partitioning And Formatting A Large Disk (2086.09GB)
On Tue, Jan 30, 2007 at 02:13:48PM -0500, Michael S. Peek wrote: > Hello fellow Debian aficionados, > > I'm having a hard time trying to figure out how to partition and format > a large disk. > > I have a 3ware card and an array defined thusly: > ># tw_cli /c4/u0 show > > > >Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks > >--- > >u0 RAID-5OK - - 64K 2086.09 > >4374845440 > When I went to try to partition the disk with fdisk, it said: > ># fdisk /dev/sdb > >Device contains neither a valid DOS partition table, nor Sun, SGI or > >OSF disklabel > >Building a new DOS disklabel. Changes will remain in memory only, > >until you decide to write them. After that, of course, the previous > >content won't be recoverable. > > > >You must set cylinders. > >You can do this from the extra functions menu. > >Warning: invalid flag 0x of partition table 4 will be corrected by > >w(rite) > Hmm Cylinders. > > I've never had to calculate geometry before, so I gave it a try. fdisk does not handle well disk bigger than 2TB. If you use a dos partition table, this limit will be hard and you will have to carve several disks out of your array (the 3ware tools do that at creation time). If you want to use another partition table, you can follow the recipe there: https://www.penguin.org.il/support/linux/EtherDrive-2.6-HOWTO-5.html It is for a coraid array but the math is the same. I would advise for and lvm though. It is way eaiser on those large volumes. jacques signature.asc Description: Digital signature
RAID+LVM+CRYPT issues on etch (amd64)
Hi everybody, I decided to give dm-crypt a try on a new machine. I am used to setup everything with lvm over software raid and inserting the crypto layer between the 2 seem to be the most logical place (physical LVM volume over and encypted block device). Placing the encryption at a lower level would require typing the passphrase once per disk (8times) and at a higher level it would leave the lvm metadata exposed. The problem I have is that the system does not boot after the install. It search for the volume group and does not find it. It does not ask for any passphrase either. If I start the cypto layer in busybox, I can create the md1_crypt block device but vgchange does not want to consider it as a physical volume (volume group not found). I have read about the little issue with the installer (http://wiki.debian.org/DebianInstaller/RAIDvsCrypto) but the fix proposed does not do it for me. The cryptab file does not contain the entry needed, but adding it and recreating the initramfs does not change the problem. Also, I heard that lvm2 does not scan dm block devices by default, so one need to add types = ["device-mapper",16] in /etc/lvm/lvm.conf. That sound fine for the real system, but the initrd does not use vgscan, so is there abother way to change the default? thanks for your help jacques signature.asc Description: Digital signature
Database of nephrologists and many more
Board Certified Physicians in the United States
788,174 in total <> 17,663 emails
Physician in over 34 specialties
Can easily be sorted by 16 different fields
Dramatic cost reduction: $394
### We will give you the lists below at no extra charge if you order this week
###
Database of US Pharma Companies
47,000 names and emails of the major positions
Complete Database of Hospitals in America
23,000 Admins in more than 7,000 hospitals {a $399 value]
Extensive Contact List of Dentists in the US
Practically every dentist in the United States is listed here
Listing of US Chiropractors
Over than 100k chiropractors practicing in America
reply to: [EMAIL PROTECTED]
valid thru Dec 14
Put 098 in the subject line to be delisted
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
