Re: [CentOS-virt] My CentOS in VMware can't find my wireless card
On Wed, Jun 8, 2011 at 6:59 PM, liming wu wuliming2...@gmail.com wrote: what's the output of lsusb? Here is the output : [root@wulmcent ~]# lsusb Bus 001 Device 001: ID : Bus 001 Device 002: ID 0cf3:1006 Atheros Communications, Inc. Bus 002 Device 001: ID : There seems to be some hope. :-) Your device ID pair is listed on this page: http://wireless.kernel.org/en/users/Drivers/ath9k_htc/devices The parent page has a guide for 'getting the driver': http://wireless.kernel.org/en/users/Drivers/ath9k_htc Akemi ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] Paypal phishing warning
Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Except that the from site was info.paypal.com (whoever they are: hint - not paypal.com) and the links all had long obfuscated links in them. I verified with paypal that it was not legitimate, so I though you might all be warned as well. You may now return to the appropriate technical discussions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what is difference between slow initialize and patrol read on RAID?
On Wednesday, June 08, 2011 09:00:48 PM mcclnx mcc wrote: We have DELL server with MD1000 Disk array in it. O.S. is CENTOS 5.5. Recently every time MD1000 patrol read start I will get media error messages on /var/log/message file. I use MD1000 slow initialize to initialize bad disk and NO error. After slow initialize finish, I manually startup patrol read. I continue get media error on /var/log/message. Anyone know what difference between slow initialize and patrol read? Only Dell really knows what they mean by it. But here are some random thoughts: * Slow init may write all of the disk during init but maybe: 1) no errors happen during write 2) it notices an error but retries silently 3) it notices an error but has sucky error reporting Yes, both can be true. I guess it's simply because a disk which writes on a bad sector/block just silently remaps it and goes on because it's considered fixed. * Patrolread (may) compare parity data and report this as media error (a type of error slow init probably wouldn't detect) * The I/O pattern of patrolread compared to slow init provoks an error I always tought patrolread just tries to read the whole disk to detect sleeping bad sectors/blocks. Maybe it also checks consistency on the RAID level but I'm not sure. Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what is difference between slow initialize and patrol read on RAID?
For your reference: http://stuff.mit.edu/afs/athena/dept/cron/documentation/dell-server-admin/en/Perc6i_6e/chapterb.htm Hopefully that answers the question. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
MR ZenWiz wrote: Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Except that the from site was info.paypal.com (whoever they are: hint - not paypal.com) and the links all had long obfuscated links in them. I verified with paypal that it was not legitimate, so I though you might all be warned as well. You may now return to the appropriate technical discussions I receive similar mails all the time. Last was from Yahoo, something about some problem. In headers there was info that it was sent from some Indian domain. SMTP server it self is legitimate (Reverse DNS and all) so my server allowed the mail. If I haven't asked for that mail (activation, etc.) I do not click on it, and even when it should be legitimate I always check the link. Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
On Thu, Jun 9, 2011 at 8:39 AM, MR ZenWiz mrzen...@gmail.com wrote: Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Except that the from site was info.paypal.com (whoever they are: hint - not paypal.com) and the links all had long obfuscated links in them. I verified with paypal that it was not legitimate, so I though you might all be warned as well. You may now return to the appropriate technical discussions ___ If the mail came from info.paypal.com then I would suspect a rogue insider job, OR their servers could be compromised. No-one but the network / domain adminstrator(s) of paypal.com can actually setup a subdomain on their own server called info.paypal.com Even if I setup a domain called info.paypal.com on one of our servers, the links won't work and the phishing attempt would be void to start with. Are / were those links clickable? If So then I would raise it to their attention again that their servers could probably have been compromised -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
On Thu, June 9, 2011 10:51, Rudi Ahlers wrote: On Thu, Jun 9, 2011 at 8:39 AM, MR ZenWiz mrzen...@gmail.com wrote: Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Except that the from site was info.paypal.com (whoever they are: hint - not paypal.com) and the links all had long obfuscated links in them. I verified with paypal that it was not legitimate, so I though you might all be warned as well. You may now return to the appropriate technical discussions ___ If the mail came from info.paypal.com then I would suspect a rogue insider job, OR their servers could be compromised. No-one but the network / domain adminstrator(s) of paypal.com can actually setup a subdomain on their own server called info.paypal.com Even if I setup a domain called info.paypal.com on one of our servers, the links won't work and the phishing attempt would be void to start with. Are / were those links clickable? If So then I would raise it to their attention again that their servers could probably have been compromised I imagine he means that the mail had a From: or even Reply-To: header that came from info.paypal.com. Both these headers are trvially forged and bear no connection to the origin of the mail. The only headers you can trust on an email are the ones that have been inserted or changed by your own mail servers. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
On 6/9/11, MR ZenWiz mrzen...@gmail.com wrote: Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Except that the from site was info.paypal.com (whoever they are: hint - not paypal.com) and the links all had long obfuscated links in them. Did the link really go to info.paypal.com or was it just a link formatted to look like it goes to info.paypal.com e.g. a href='somedubious.domain.cominfo.paypal.com/a ? Which is the usual case. Otherwise, it would indicate that Paypal has been compromised. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for gfs2-kmod SRPM
From: centoslistbr...@nym.hush.com centoslistbr...@nym.hush.com I'm searching for the SRPM corresponding to this installed RPM. % yum list | grep gfs2 gfs2-kmod-debuginfo.x86_64 1.92-1.1.el5_2.2 It is missing from: http://msync.centos.org/centos-5/5/os/SRPMS/ How can you expect to find a CentOS srpm for a package that does not come from CentOS...? As you can see, http://msync.centos.org/centos-5/5/os/i386/CentOS/ only lists gfs2-utils JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Possible to use multiple disk to bypass I/O wait?
I'm trying to resolve an I/O problem on a CentOS 5.6 server. The process basically scans through Maildirs, checking for space usage and quota. Because there are hundred odd user folders and several 10s of thousands of small files, this sends the I/O wait % way high. The server hits a very high load level and stops responding to other requests until the crawl is done. I am wondering if I add another disk and symlink the sub-directories to that, would that free up the server to respond to other requests despite the wait on that disk? Alternatively, if I mdraid mirror the existing disk, would md be smart enough to read using the other disk while the first's tied up with the first process? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 06/09/2011 02:24 AM, Emmanuel Noobadmin wrote: I'm trying to resolve an I/O problem on a CentOS 5.6 server. The process basically scans through Maildirs, checking for space usage and quota. Because there are hundred odd user folders and several 10s of thousands of small files, this sends the I/O wait % way high. The server hits a very high load level and stops responding to other requests until the crawl is done. I am wondering if I add another disk and symlink the sub-directories to that, would that free up the server to respond to other requests despite the wait on that disk? Alternatively, if I mdraid mirror the existing disk, would md be smart enough to read using the other disk while the first's tied up with the first process? You should look at running your process using 'ionice -c3 program'. That way it won't starve everything else for I/O cycles. Also, you may want to experiment with using the 'deadline' elevator instead of the default 'cfq' (see http://www.redhat.com/magazine/008jun05/features/schedulers/ and http://www.wlug.org.nz/LinuxIoScheduler). Neither of those would require you to change your hardware out. Also, setting 'noatime' for the mount options for partition holding the files will reduce the number of required I/Os quite a lot. But yes, in general, distributing your load across more disks should improve your I/O profile. -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
At Thu, 9 Jun 2011 11:00:27 +0200 CentOS mailing list centos@centos.org wrote: On Thu, June 9, 2011 10:51, Rudi Ahlers wrote: On Thu, Jun 9, 2011 at 8:39 AM, MR ZenWiz mrzen...@gmail.com wrote: Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Except that the from site was info.paypal.com (whoever they are: hint - not paypal.com) and the links all had long obfuscated links in them. I verified with paypal that it was not legitimate, so I though you might all be warned as well. You may now return to the appropriate technical discussions ___ If the mail came from info.paypal.com then I would suspect a rogue insider job, OR their servers could be compromised. No-one but the network / domain adminstrator(s) of paypal.com can actually setup a subdomain on their own server called info.paypal.com Even if I setup a domain called info.paypal.com on one of our servers, the links won't work and the phishing attempt would be void to start with. Are / were those links clickable? If So then I would raise it to their attention again that their servers could probably have been compromised I imagine he means that the mail had a From: or even Reply-To: header that came from info.paypal.com. Both these headers are trvially forged and bear no connection to the origin of the mail. The only headers you can trust on an email are the ones that have been inserted or changed by your own mail servers. The important headers in question are the 'Received:' headers, paying close attention to the one that identifies where the mail entered a legitimate server -- eg one's inbound mail server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Revisor
On 6.6.2011 15:11, Brunner, Brian T. wrote: The stable version of EL6 you say? My fear is losing two weeks and this new version also does not work You can download the DVDs of Scientific Linux 6.0, install, and try it today. Then you will have a clue whether to wait for CentOS 6.0 or whether you must go elsewhere. http://ftp1.scientificlinux.org/linux/scientific/6.0/i386/iso/ http://ftp1.scientificlinux.org/linux/scientific/6.0/x86_64/iso/ Further data at http://www.scientificlinux.org/download/ You can also get a no cost (for 4 weeks I think) test version of RHEL 6 -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
Robert Heller wrote: At Thu, 9 Jun 2011 11:00:27 +0200 CentOS mailing list centos@centos.org wrote: On Thu, June 9, 2011 10:51, Rudi Ahlers wrote: On Thu, Jun 9, 2011 at 8:39 AM, MR ZenWiz mrzen...@gmail.com wrote: Sorry for the cross-post, and off-topic at that, but: This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.) It had my name in it and all the right graphics and colors and everything. Ah, *bing*: colors and graphics. First suggestion: TURN OFF HTML EMAIL, *always*. Looking at it in plain text makes it trivially obvious that the link doesn't point to paypal. There are reasons that most mailing lists (at least all that I'm on), either reject HTML email, or deliver it as plain text, larded with garbage chars. snip I imagine he means that the mail had a From: or even Reply-To: header that came from info.paypal.com. Both these headers are trvially forged As, for the last three weeks or so, I've gotten a *bunch* of bounced emails, or notifications that something couldn't be delivered, because some scumbag has forged my email, putting it into the Reply-To: for their spam. snip The important headers in question are the 'Received:' headers, paying close attention to the one that identifies where the mail entered a legitimate server -- eg one's inbound mail server. Yep. Look at the chain of them, and mostly at the bottom, or the bottom two, and the Message-ID. If the IP's bogus (as in, 355.x.x.x, or the MessageID is something completely different than where it claims to be from, that's your givaway. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Paypal phishing warning
On Thu, 9 Jun 2011, m.r...@5-cent.us wrote: As, for the last three weeks or so, I've gotten a *bunch* of bounced emails, or notifications that something couldn't be delivered, because some scumbag has forged my email, putting it into the Reply-To: for their spam. Yes, me too. It seems a regular thing here for my email addresses. I did have a catch-all email address, ie whate...@my-domain.net, but that is just *asking* for spam! Kind Regards, Keith Roberts snip The important headers in question are the 'Received:' headers, paying close attention to the one that identifies where the mail entered a legitimate server -- eg one's inbound mail server. Yep. Look at the chain of them, and mostly at the bottom, or the bottom two, and the Message-ID. If the IP's bogus (as in, 355.x.x.x, or the MessageID is something completely different than where it claims to be from, that's your givaway. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- - Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High system load but low cpu usage
On 06/08/11 02:26, Emmanuel Noobadmin wrote: Cpu(s): 4.1%us, 2.5%sy, 0.0%ni, 76.4%id, 17.0%wa, 0.0%hi, 0.1%si, 0.0%st 02:50:01 PM all 2.17 0.00 2.18 4.30 0.00 91.35 03:00:01 PM all 2.47 0.00 2.23 3.57 0.00 91.73 top Cpu(s) line is averaged for all cpus/cores. to display individual cpus/cores press: 1 you'll likely see one cpu/core being pegged with iowait. to identify the offending process within top press: fjenter to display the P column(last used CPU). watch top for a few minutes to see what is using all of the disk io. sar output is averaged over the 10 minute interval. for smaller sar time slices edit cron file: /etc/cron.d/sysstat disks are often swamped by two things happening at once... backups migrating a VM database upgrades .rrd average updates -- Steven Tardy Systems Analyst Information Technology Infrastructure Information Technology Services Mississippi State University s...@its.msstate.edu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Vim scripting - cursor motion
I am working on my first vim script. The script is supposed to do some find/replace on a file, then save the file with a new name and quit vim. I will save the script in a file and then call it from a bash script like this: vim path-to-the-file -s path-to-my-script Maybe I have not found the right resources. I can find/replace with expressions that are similar to those I use manually, for example: :% s/\t/,/g Then I should add something to the beginning of file (line 1, char 1). And append something to the end of the file (last line, last char). But I cannot find a way to do this. Should I move the cursor (and how?), or what? - Jussi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
Jussi Hirvi wrote: I am working on my first vim script. The script is supposed to do some find/replace on a file, then save the file with a new name and quit vim. I will save the script in a file and then call it from a bash script like this: vim path-to-the-file -s path-to-my-script Maybe I have not found the right resources. I can find/replace with expressions that are similar to those I use manually, for example: :% s/\t/,/g Then I should add something to the beginning of file (line 1, char 1). And append something to the end of the file (last line, last char). But I cannot find a way to do this. Should I move the cursor (and how?), or what? Why do vim scripting? That's what sed, or awk, or perl, are for. The latter two, of course, are much easier to comprehend the logic, too. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
On 9.6.2011 18.01, m.r...@5-cent.us wrote: Why do vim scripting? That's what sed, or awk, or perl, are for. The latter two, of course, are much easier to comprehend the logic, too. Maybe just because I know vim better than sed, awk or perl, which I haven't used at all. :-) The practical purpose is to turn a tabtext file into CSV (comma-separated) to be used in a SQL insert statement. - Jussi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
Jussi Hirvi wrote: On 9.6.2011 18.01, m.r...@5-cent.us wrote: Why do vim scripting? That's what sed, or awk, or perl, are for. The latter two, of course, are much easier to comprehend the logic, too. Maybe just because I know vim better than sed, awk or perl, which I haven't used at all. :-) The practical purpose is to turn a tabtext file into CSV (comma-separated) to be used in a SQL insert statement. Oh. I'm not that good on sed, but awk would be: awk '{gsub(/\t/, ,, $0);print $0;}' tabtextfile. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
On 6/9/2011 10:07 AM, Jussi Hirvi wrote: On 9.6.2011 18.01, m.r...@5-cent.us wrote: Why do vim scripting? That's what sed, or awk, or perl, are for. The latter two, of course, are much easier to comprehend the logic, too. Maybe just because I know vim better than sed, awk or perl, which I haven't used at all. :-) The regexp parts will just have minor syntax differences. The practical purpose is to turn a tabtext file into CSV (comma-separated) to be used in a SQL insert statement. I'd highly recommend perl for this because it can also do the SQL part directly via DBI without all of the intermediate contortions you'll have to do in files otherwise. It should take about half a page of your own code to connect to the DB, read the file, transform it line-by-line to sql and execute the sql statements. And unlike other approaches with a pipeline of different tools, you can generate sensible error messages in the right places that have something to do with the input. -- Les Mikesell lesmikes...@gmail.co ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
On 06/09/2011 08:37 AM, Les Mikesell wrote: I'd highly recommend perl for this because it can also do the SQL part directly via DBI without all of the intermediate contortions you'll have to do in files otherwise. It should take about half a page of your own code to connect to the DB, read the file, transform it line-by-line to sql and execute the sql statements. And unlike other approaches with a pipeline of different tools, you can generate sensible error messages in the right places that have something to do with the input. *AND* by using prepared statements in Perl you don't have to worry about escaping the text to prevent accidental SQL injections. It is all handled for you. -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 76, Issue 3
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2011:0859 Moderate CentOS 5 x86_64 cyrus-imapd Update (Karanbir Singh) 2. CESA-2011:0859 Moderate CentOS 5 i386 cyrus-imapd Update (Karanbir Singh) 3. CESA-2011:0862 Moderate CentOS 5 x86_64 subversion Update (Karanbir Singh) 4. CESA-2011:0862 Moderate CentOS 5 i386 subversion Update (Karanbir Singh) -- Message: 1 Date: Wed, 8 Jun 2011 20:42:26 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2011:0859 Moderate CentOS 5 x86_64 cyrus-imapd Update To: centos-annou...@centos.org Message-ID: 20110608204226.ga7...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2011:0859 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0859.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: d37b0693363e531541c8318e89a6c6db cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm eeac95e6cac1042ecb3da5661bcc11ea cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm 77294ef6fe9eef5d58e5723792422a74 cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm 0eb5d5beee6135093fbfa03622eee610 cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm b2db4fda2d3a3ecb845f8d7e5ae32c7c cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm Source: df42a3ba3d217583e6bfda46530c4184 cyrus-imapd-2.3.7-7.el5_6.4.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net -- Message: 2 Date: Wed, 8 Jun 2011 20:42:26 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2011:0859 Moderate CentOS 5 i386 cyrus-imapd Update To: centos-annou...@centos.org Message-ID: 20110608204226.ga7...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2011:0859 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0859.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 643fcb6b921f9a497d33e3ba17e6e3fa cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm e212ffb4b42601778061b885607c5923 cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm 02f97044ea9f5a5ce9f433073f1ca288 cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm 6744f92f98e7f05854d5e9eb83fecf2a cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm Source: df42a3ba3d217583e6bfda46530c4184 cyrus-imapd-2.3.7-7.el5_6.4.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net -- Message: 3 Date: Wed, 8 Jun 2011 22:32:53 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2011:0862 Moderate CentOS 5 x86_64 subversion Update To: centos-annou...@centos.org Message-ID: 20110608223253.ga7...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2011:0862 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0862.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 973a6a5255be2a3006919d3874fb23d5 mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm 5a4834151a28f065847200401c49febc subversion-1.6.11-7.el5_6.4.i386.rpm 9c9687342fa17e080283b6d52f011c4a subversion-1.6.11-7.el5_6.4.x86_64.rpm 3b211b6828fc002dadee128e154d76da subversion-devel-1.6.11-7.el5_6.4.i386.rpm ce33eb62c383b7b6ffb5bb5576c9b69e subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm 166353f7df90760ed81910faa1b7fbbe subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm 2b656c4760b5c2f899470c504743fa9a subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm a8cfa89bb777c5086dc228d41f790f51 subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm Source: 614a8a3175d0c28eda7c3173e647166c subversion-1.6.11-7.el5_6.4.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net -- Message: 4 Date: Wed, 8 Jun 2011 22:32:53 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2011:0862 Moderate CentOS 5 i386 subversion Update To: centos-annou...@centos.org Message-ID: 20110608223253.ga7...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2011:0862 Moderate Upstream details at :
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/9/11, Mathias Burén mathias.bu...@gmail.com wrote: The first thing that comes to my mind: Have you tried another IO scheduler? and the first thing that came to this noob's mind was: Wait, you mean there's actually more than one? AND I get to choose? I'll probably be experimenting with deadline and anticipatory since the i/o wait seems to be due to the disk running back and fro trying to serve the file scan as well as legit read request so having that small wait for reads in the same area sounds like it would help. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/9/11, Benjamin Franz jfr...@freerun.com wrote: You should look at running your process using 'ionice -c3 program'. That way it won't starve everything else for I/O cycles. Also, you may want to experiment with using the 'deadline' elevator instead of the default 'cfq' (see http://www.redhat.com/magazine/008jun05/features/schedulers/ and http://www.wlug.org.nz/LinuxIoScheduler). Neither of those would require you to change your hardware out. Also, setting 'noatime' for the mount options for partition holding the files will reduce the number of required I/Os quite a lot. Thanks for pointing out noatime, I came across in my reading previously but it never sunk in. This experience is definitely going to make sure of that :) Tthe crawl process is started by another program. crond starts the program, the program starts the email crawl or take other more crucial action depending on situation so I'm unsure if I should run it with ionice since it could potentially cause the more crucial action to lag/slow down. But I'll give it a try anyway over the weekend when any negative effect has lesser consequences and see if it affects other things. But yes, in general, distributing your load across more disks should improve your I/O profile. I'm going with noatime and ionice first to see the impact before I start playing around with the i/o scheduler. If all else fails, then I'll see about requesting for the extra hard disk. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 9.6.2011 12:38, Benjamin Franz wrote: On 06/09/2011 02:24 AM, Emmanuel Noobadmin wrote: I'm trying to resolve an I/O problem on a CentOS 5.6 server. The process basically scans through Maildirs, checking for space usage and quota. Because there are hundred odd user folders and several 10s of thousands of small files, this sends the I/O wait % way high. The server hits a very high load level and stops responding to other requests until the crawl is done. setting 'noatime' for the mount options for partition holding the files will reduce the number of required I/Os quite a lot. Yes, but before doing this be sure that your Software does not need atime. -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High system load but low cpu usage
On 6/9/11, Steven Tardy s...@its.msstate.edu wrote: top Cpu(s) line is averaged for all cpus/cores. to display individual cpus/cores press: 1 you'll likely see one cpu/core being pegged with iowait. to identify the offending process within top press: fjenter to display the P column(last used CPU). watch top for a few minutes to see what is using all of the disk io. Thanks for these tips, it really helped narrow down the issue. Became quite clear that cpu 0 was taking up most of the user and sys time, somewhere in the 10x compared to the other 3. Based on the VM memory usage, I think I know which VM it is but I'm going to start pinning it to confirm it's the culprit. sar output is averaged over the 10 minute interval. for smaller sar time slices edit cron file: /etc/cron.d/sysstat disks are often swamped by two things happening at once... backups migrating a VM database upgrades .rrd average updates Unfortunately, the VMs are public facing and the offending one has got a relatively popular Wordpress blog as well as relatively high email traffic. So it's likely the result of those two things happening at once. I'm increasing the memory allocation on it and hope maybe more of the Wordpress content gets cached and see if it helps. The odd thing is I set the VM to 512MB but a max of 1.5G assuming that KVM will assign the extra memory as needed but it seems to be stuck at 512MB. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On Thu, Jun 9, 2011 at 12:38 PM, Benjamin Franz jfr...@freerun.com wrote: On 06/09/2011 02:24 AM, Emmanuel Noobadmin wrote: I'm trying to resolve an I/O problem on a CentOS 5.6 server. The process basically scans through Maildirs, checking for space usage and quota. Because there are hundred odd user folders and several 10s of thousands of small files, this sends the I/O wait % way high. The server hits a very high load level and stops responding to other requests until the crawl is done. I am wondering if I add another disk and symlink the sub-directories to that, would that free up the server to respond to other requests despite the wait on that disk? Alternatively, if I mdraid mirror the existing disk, would md be smart enough to read using the other disk while the first's tied up with the first process? You should look at running your process using 'ionice -c3 program'. That way it won't starve everything else for I/O cycles. Also, you may want to experiment with using the 'deadline' elevator instead of the default 'cfq' (see http://www.redhat.com/magazine/008jun05/features/schedulers/ and http://www.wlug.org.nz/LinuxIoScheduler). Neither of those would require you to change your hardware out. Also, setting 'noatime' for the mount options for partition holding the files will reduce the number of required I/Os quite a lot. But yes, in general, distributing your load across more disks should improve your I/O profile. -- Benjamin Franz ___ Can one mount the root filesystem with noatime? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/10/11, Markus Falb markus.f...@fasel.at wrote: Yes, but before doing this be sure that your Software does not need atime. For a brief moment, I had that sinking Oh No... why didn't I see this earlier feeling especially since I've already remounted the filesystem with noatime. Fortunately, so far it seems that everything's still alive and working, keeping fingers crossed :D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High system load but low cpu usage
Emmanuel Noobadmin wrote: On 6/9/11, Steven Tardy s...@its.msstate.edu wrote: snip The odd thing is I set the VM to 512MB but a max of 1.5G assuming that KVM will assign the extra memory as needed but it seems to be stuck at 512MB. *sigh* Is this a java process? If so, look at the configuration, and see what it's mem.max and shm.mem are. You might also look at this thread, and see if it relates to what you're doing: http://communities.vmware.com/thread/291824 mark I hate java ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 06/09/11 2:24 AM, Emmanuel Noobadmin wrote: Alternatively, if I mdraid mirror the existing disk, would md be smart enough to read using the other disk while the first's tied up with the first process? that woudl be my first choice, and yes, queued read IO could be satisfied by either mirror, hence they'd have double the read performance. next step would be a raid 1+0 with yet more disks. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High system load but low cpu usage
On 6/9/2011 12:02 PM, Emmanuel Noobadmin wrote: disks are often swamped by two things happening at once... backups migrating a VM database upgrades .rrd average updates Unfortunately, the VMs are public facing and the offending one has got a relatively popular Wordpress blog as well as relatively high email traffic. So it's likely the result of those two things happening at once. Don't forget the VM's don't isolate contention for the physical disk heads on the host device(s). They just sort of hide your ability to see where that time goes. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/9/2011 12:09 PM, Emmanuel Noobadmin wrote: On 6/10/11, Markus Falbmarkus.f...@fasel.at wrote: Yes, but before doing this be sure that your Software does not need atime. For a brief moment, I had that sinking Oh No... why didn't I see this earlier feeling especially since I've already remounted the filesystem with noatime. Fortunately, so far it seems that everything's still alive and working, keeping fingers crossed :D Some email software might use it to see if something has been updated since being read. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
On 06/09/2011 08:48 AM, Jussi Hirvi wrote: I am working on my first vim script. The script is supposed to do some find/replace on a file, then save the file with a new name and quit vim. I will save the script in a file and then call it from a bash script like this: vim path-to-the-file -s path-to-my-script Maybe I have not found the right resources. I can find/replace with expressions that are similar to those I use manually, for example: :% s/\t/,/g Then I should add something to the beginning of file (line 1, char 1). And append something to the end of the file (last line, last char). But I cannot find a way to do this. Should I move the cursor (and how?), or what? - Jussi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You can do this at the command line (or in a script) like this: sed s/\t/,/g [your file] [new_modified_file] If needed then you can rename the modified file back over the original -- - Kevin Kempter - Constent State A PostgreSQL Professional Services Company www.consistentstate.com - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
--On Thursday, June 09, 2011 07:04:24 PM +0200 Rudi Ahlers r...@softdux.com wrote: Can one mount the root filesystem with noatime? Generally speaking, one can mount any of the filesystems with noatime. Whether or not this is a good thing depends on your use. As was previously mentioned, some software (but not a lot) depends on it. The only thing that comes to mind offhand is mail software that uses a single-file monolithic mailbox. (Cyrus IMAPd, for example, uses one file per message, so noatime doesn't affect its behavior). With noatime, you also (obviously) lose the ability to look at access times. *Once*, in my career, that was useful for doing forensics on a cracked system. OTOH, it can make a good performance improvement. On SSDs, it's can also help extend the drive's life. Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/9/2011 1:09 PM, Emmanuel Noobadmin wrote: On 6/10/11, Markus Falbmarkus.f...@fasel.at wrote: Yes, but before doing this be sure that your Software does not need atime. For a brief moment, I had that sinking Oh No... why didn't I see this earlier feeling especially since I've already remounted the filesystem with noatime. Fortunately, so far it seems that everything's still alive and working, keeping fingers crossed :D The last access time is generally not needed, especially for Maildirs. On our setup, Postfix and Dovecot don't care. I always mount as many file systems as possible with 'noatime'. (Our IMAP Maildir storage is a 4-disk RAID 1+0 array with a few million individual messages across a lot of accounts.) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/9/2011 1:26 PM, John R Pierce wrote: On 06/09/11 2:24 AM, Emmanuel Noobadmin wrote: Alternatively, if I mdraid mirror the existing disk, would md be smart enough to read using the other disk while the first's tied up with the first process? that woudl be my first choice, and yes, queued read IO could be satisfied by either mirror, hence they'd have double the read performance. next step would be a raid 1+0 with yet more disks. mdadm is good, but you'll never get double the read performance. Even on our 3-way mirrors (RAID 1, 3 active disks), we don't come close to twice the performance gain. RAID 1+0 with 4/6/8 spindles is the best way to ensure that you get better performance. Adding RAM to the server so that you have a larger read buffer might also be an option. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High system load but low cpu usage
On 6/9/2011 1:02 PM, Emmanuel Noobadmin wrote: On 6/9/11, Steven Tardys...@its.msstate.edu wrote: top Cpu(s) line is averaged for all cpus/cores. to display individual cpus/cores press: 1 you'll likely see one cpu/core being pegged with iowait. to identify the offending process within top press: fjenter to display the P column(last used CPU). watch top for a few minutes to see what is using all of the disk io. Thanks for these tips, it really helped narrow down the issue. Became quite clear that cpu 0 was taking up most of the user and sys time, somewhere in the 10x compared to the other 3. Also consider installing atop, which I find to be a bit more self-explanatory then regular top. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On Thu, 9 Jun 2011, Emmanuel Noobadmin wrote: I'm trying to resolve an I/O problem on a CentOS 5.6 server. The process basically scans through Maildirs, checking for space usage and quota. Because there are hundred odd user folders and several 10s of thousands of small files, this sends the I/O wait % way high. The server hits a very high load level and stops responding to other requests until the crawl is done. If the server is reduced to a crawl, it's possible that you are hitting the dirty_ratio limit due to writes and the server has entered synchronous I/O mode. As others have mentioned, setting noatime could have a significant effect, especially if there are many files and the server doesn't have much memory. You can try increasing dirty_ratio to see if it has an effect, eg: # sysctl vm.dirty_ratio # sysctl -w vm.dirty_ratio=50 Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
--On Thursday, June 09, 2011 12:28:28 PM -0600 Devin Reade g...@gno.org wrote: The only thing that comes to mind offhand is mail software that uses a single-file monolithic mailbox. Another message reminded me that most such software is probably basing its checks off of the mtime anyway. Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 06/09/11 11:48, Emmanuel Noobadmin wrote: I'm going with noatime and ionice first did you set noatime on the host filesystem and/or the VM filesystem? i would think noatime on the VM would provide more benefit than on the host... shrug. now my brain hurts. gee thanks. (: -- Steven Tardy Systems Analyst Information Technology Infrastructure Information Technology Services Mississippi State University s...@its.msstate.edu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for gfs2-kmod SRPM
This is kind of figured out now. The actual RPM I'm using is from the debuginfo repo here: http://debuginfo.centos.org/5/x86_64/gfs2-kmod-debuginfo-1.92-1.1.el5_2.2.x86_64.rpm The contents of the RPM are identical to the RedHat RPM: http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/x86_64/Debuginfo/gfs2-kmod-debuginfo-1.92-1.1.el5_2.2.x86_64.rpm The problem here is that the source included in the debuginfo RPM does not match the binary. When running the binary, I get f:q in my gfs2_tool lockdump output, which definitely cannot happen given the source code in the RPM. It appears that this patch has been applied during compilation. https://www.redhat.com/archives/cluster-devel/2011-May/msg00037.html But the patch is not applied to the source code included. Clearly this is not a CentOS issue as the RedHat RPM is wrong too, so this is just informational to close out the issue. Brian On 11-06-2011 at 2:05 AM, John Doe jd...@yahoo.com wrote: From: centoslistbr...@nym.hush.com centoslistbr...@nym.hush.com I'm searching for the SRPM corresponding to this installed RPM. % yum list | grep gfs2 gfs2-kmod-debuginfo.x86_64 1.92-1.1.el5_2.2 It is missing from: http://msync.centos.org/centos-5/5/os/SRPMS/ How can you expect to find a CentOS srpm for a package that does not come from CentOS...? As you can see, http://msync.centos.org/centos-5/5/os/i386/CentOS/ only lists gfs2-utils JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] pam_succeed_if
Hi, The default system-auth file for PAM on CentOS has the following auth section: authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authrequired pam_deny.so What's the use of the pam_succeed_if line? It will only be reached if the pam_unix doesn't succeed and from my understanding it will prevent system accounts from logging in. Is it useless or am I missing something? Thanks, Daniel. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High system load but low cpu usage
On 06/09/11 11:52 AM, Thomas Harold wrote: Also consider installing atop, which I find to be a bit more self-explanatory then regular top. another cool tool is IBM's NMON, works something like TOP but has a lot more types of info you can selectively display, including disk utilization. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ultrasecure sshd server
Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vim scripting - cursor motion
On Thu, Jun 9, 2011 at 11:03 AM, CS DBA cs_...@consistentstate.com wrote: On 06/09/2011 08:48 AM, Jussi Hirvi wrote: I am working on my first vim script. The script is supposed to do some find/replace on a file, then save the file with a new name and quit vim. I will save the script in a file and then call it from a bash script like this: vim path-to-the-file -s path-to-my-script Maybe I have not found the right resources. I can find/replace with expressions that are similar to those I use manually, for example: :% s/\t/,/g Then I should add something to the beginning of file (line 1, char 1). And append something to the end of the file (last line, last char). But I cannot find a way to do this. Should I move the cursor (and how?), or what? - Jussi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You can do this at the command line (or in a script) like this: sed s/\t/,/g [your file] [new_modified_file] If needed then you can rename the modified file back over the original Or you can have sed edit your file directly, just use the -i switch: sed -e 's:find:replace:g' -i your.file.name HTH, -at ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
Am 09.06.2011 um 23:34 schrieb Eero Volotinen: Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Used google lately? http://www.google.com/search?client=safarirls=enq=sshd+key+passwordie=UTF-8oe=UTF-8#sclient =psyhl=enclient=safarirls=ensource=hpq=ssh+key+and +passwordaq=faqi=aql=oq=pbx=1bav=on. 2,or.r_gc.r_pw.fp=b9cfb64a5f16eb0cbiw=1444bih=948 That's for accelerating my pulse for two seconds. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
2011/6/10 Rainer Duffner rai...@ultra-secure.de: Am 09.06.2011 um 23:34 schrieb Eero Volotinen: Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Used google lately? http://www.google.com/search?client=safarirls=enq=sshd+key+passwordie=UTF-8oe=UTF-8#sclient =psyhl=enclient=safarirls=ensource=hpq=ssh+key+and +passwordaq=faqi=aql=oq=pbx=1bav=on. 2,or.r_gc.r_pw.fp=b9cfb64a5f16eb0cbiw=1444bih=948 That's for accelerating my pulse for two seconds. Well, some say that it's possible with pam hacks. main problem is that openssh public key does not contains expiry information (is not possible to expire public keys). it migth be possible with openssh certificates? -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
Am 10.06.2011 um 00:02 schrieb Eero Volotinen: Well, some say that it's possible with pam hacks. main problem is that openssh public key does not contains expiry information (is not possible to expire public keys). it migth be possible with openssh certificates? As I understand it (following the arstechnica link, then using the RequiredAuthentication keyword as a new search term) - it's only impossible with openssh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NTLM auth fails after upgrade to centos 5.6
Hi, I upgraded a working centos5.5 with squid using ntlm auth to centos 5.6 today. After doing so squid failed to authenticate. Downgrading samba3x to samba3x-3.3.8-0.52.el5_5.2 got things working again. In the squid config I have, auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp in the squid config and this was working until the upgrade. testparm shows no errors and the logs do not indicate a problem except that authentication fails. With samba3x-3.5.4-0.70.el5_6.1.x86_64 installed the following command fails: /usr/bin/ntlm_auth --username=myuser with the following error: [2011/06/09 10:21:19.538041, 2] winbindd/winbindd_pam.c:2001(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [mydomain]\[myuser] returned NT_STATUS_INVALID_HANDLE (PAM: 4) with samba3x-3.3.8-0.52.el5_5.2 I get the following: (indy pts3) # /usr/bin/ntlm_auth --username=myuser password: NT_STATUS_OK: Success (0x0) (indy pts3) # [2011/06/09 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: myuser [2011/06/09 18:18:30, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [myuser] - [myuser] - [myuser] succeeded Has anyone else seen this behavior? Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
At Fri, 10 Jun 2011 00:34:06 +0300 CentOS mailing list centos@centos.org wrote: Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. Just require a ssh public key AND require that public keys be created with a passphrase. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
On Thursday 09 June 2011 17:34, the following was written: How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. Have you thought about securing your ssh keys with a pasword? I do that here so if someone would happen to get a hold of my keys they still could not use them. I am guessing that is why you are looking for both keys and passwords. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
On Thu, Jun 09, 2011 at 08:53:30PM -0400, Robert Heller wrote: Just require a ssh public key AND require that public keys be created with a passphrase. Is this enforceable if you don't have access to users' private keys? (e.g., they are on servers not under your control) --keith -- kkel...@wombat.san-francisco.ca.us pgpkGzxcY002h.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Possible to use multiple disk to bypass I/O wait?
On 6/10/11, Steven Tardy s...@its.msstate.edu wrote: did you set noatime on the host filesystem and/or the VM filesystem? i would think noatime on the VM would provide more benefit than on the host... shrug. now my brain hurts. gee thanks. (: I was trying it on the host first, thinking that would cut down on half the writes since the host wouldn't have to update the atime everytime the diskfiles are accessed. But now that you brought it up, I'm wondering if that would had been pointless. If the kernel considers KVM opening the diskfile and holding onto it as a single access, regardless of how many subsequent reads/writes there are, then this wouldn't make a difference would it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
2011/6/10 Robert Heller hel...@deepsoft.com: At Fri, 10 Jun 2011 00:34:06 +0300 CentOS mailing list centos@centos.org wrote: Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. Just require a ssh public key AND require that public keys be created with a passphrase. This is not same case, I need publickey and normal password authentication. not password protected privatekey. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
2011/6/10 Rainer Duffner rai...@ultra-secure.de: Am 10.06.2011 um 00:02 schrieb Eero Volotinen: Well, some say that it's possible with pam hacks. main problem is that openssh public key does not contains expiry information (is not possible to expire public keys). it migth be possible with openssh certificates? As I understand it (following the arstechnica link, then using the RequiredAuthentication keyword as a new search term) - it's only impossible with openssh. So, this requires ssh.com (tectia) client and server? commercial version? -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
2011/6/10 Eero Volotinen eero.voloti...@iki.fi: 2011/6/10 Rainer Duffner rai...@ultra-secure.de: Am 10.06.2011 um 00:02 schrieb Eero Volotinen: Well, some say that it's possible with pam hacks. main problem is that openssh public key does not contains expiry information (is not possible to expire public keys). it migth be possible with openssh certificates? As I understand it (following the arstechnica link, then using the RequiredAuthentication keyword as a new search term) - it's only impossible with openssh. So, this requires ssh.com (tectia) client and server? commercial version? -- Eero Looks like there is patch for openssh: https://bugzilla.mindrot.org/show_bug.cgi?id=983 -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
On 6/10/11, Eero Volotinen eero.voloti...@iki.fi wrote: This is not same case, I need publickey and normal password authentication. not password protected privatekey. How about using the ForceCommand described here https://calomel.org/openssh.html to add a second layer of authentication. In his case, he used a date related question but it should be possible to run a script checking for a normal login password? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
On 06/09/11 8:59 PM, Eero Volotinen wrote: This is not same case, I need publickey and normal password authentication. not password protected privatekey. I've not heard of *any* SSH system that worked that way, its key or password, not and, i don't think the ssh protocol supports stacking auth methods like that. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
2011/6/10 John R Pierce pie...@hogranch.com: On 06/09/11 8:59 PM, Eero Volotinen wrote: This is not same case, I need publickey and normal password authentication. not password protected privatekey. I've not heard of *any* SSH system that worked that way, its key or password, not and, i don't think the ssh protocol supports stacking auth methods like that. looks like tectia ssh supports and openssh also with patch. I think I can resolve issue by patching openssh-server. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos