Hi Mark,
Thank you for your advise.
As for your suggestion to upgrade the OS and web server, although your
argument have valid points, at the moment, it's not the best path for
us. All of this related with legacy application, legacy data, and other
strategic constrains. Although, we might have to take this path if the
trial doesn't work.
Best regards,
Alex
Alex Tjahjana, MBCS, MNZCS, PSM I
373 7599 x 86517
From: Mark Montague [mailto:[email protected]]
Sent: Tuesday, 22 March 2011 2:22 p.m.
To: Alex Tjahjana
Cc: [email protected]
Subject: Re: [Cosign-discuss] Can I use CoSign with RedHat 7.3 kernel
v2.4.20-28.7smp?
On March 21, 2011 20:31 , "Alex Tjahjana" <[email protected]>
<mailto:[email protected]> wrote:
Anyone know whether I can use CoSign with RedHat 7.3 kernel
v2.4.20-28.7smp with Apache 1.3?
The document that I can find said that I can use it with Apache 1.3 but
with RedHat 9.
Short answer: Try it; hopefully it will work. But you should really
upgrade both your OS and web server instead.
Long answer:
The kernel version should not matter; cosign does not rely on specific
kernel features.
However, Red Hat Linux 7.3 is from May 2002 -- that's nearly 9 years
old. There have been six major releases since then (8, 9, then RHEL 3
through 6). You may have compiler, library, or autotools problems
because of this (or it may work out of the box, you'd have to try it).
I'd encourage you to upgrade to a newer Linux distribution if you can,
for security and support reasons. If you don't want to buy RHEL 6,
Centos 5 is freely available, as is Fedora 14 and a large number of
other distributions.
Also, Apache HTTP Server 1.3 was removed from the main
http://httpd.apache.org/ page today, after being deprecated for many
years, and after being officially unsupported for the past year. Apache
1.3 was succeeded by 2.0, which is now getting very old itself, 2.2 (the
current major version, which dates from 2005), and the next major
version, 2.4, is due out in a couple of months. I'd strongly recommend
upgrading to Apache HTTP Server 2.2.17 if at all possible, again for
security and support reasons. Despite this, I would expect that the
cosign filter for Apache HTTP Server 1.3.x will still work if you try it
on a recent OS with a recent compiler, recent libraries, and recent
autotools.
Hopefully, you're using the latest release of cosign, version 3.1.2,
since older versions -- particularly 2.x and previous -- have
architectural flaws, and a central weblogin server running cosign 3.x
won't work with cosign-protected web servers running filters versions
prior to 3.0 unless the system administrators running the central
weblogin servers explicitly permit it (but there are good reasons why
they should not permit it).
--
Mark Montague
[email protected]
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
