[CentOS-virt] Introduction
Hi guys I'm Danilo Falcão (fcon), a Sys Admin from Brazil and living in Germany. Recently I have joined Fedora QA Infrastructure and now the CentOS project to work with Lokesh (lsm5) building RPMS for Docker and related packages. In the past years I've been working a lot with Virtualization (XEN and KVM mostly) and since Docker appeared I became a big fan of it. I'm also a Bash scripter and a Python Fabric lover. If there's anything I can help you guys with, just holla at me @ Freenode or drop an e-mail :) Cheers, Danilo ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] CentOS-announce Digest, Vol 124, Issue 17
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2015:1192 CentOS 7 openssl BugFix Update (Johnny Hughes) 2. CESA-2015:1194 Moderate CentOS 6 postgresql Security Update (Johnny Hughes) 3. CESA-2015:1193 Moderate CentOS 7 xerces-c Security Update (Johnny Hughes) 4. CESA-2015:1194 Moderate CentOS 7 postgresql Security Update (Johnny Hughes) -- Message: 1 Date: Mon, 29 Jun 2015 13:10:10 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2015:1192 CentOS 7 openssl BugFix Update Message-ID: 20150629131010.ga18...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2015:1192 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1192.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: e6c2ef7c0b89fcfacb8e64488d2802271ab082921512860385fb1c0aae46684a openssl-1.0.1e-42.el7.9.x86_64.rpm b96a444096055df0ceec150eb107130a814060558ddaa4ecbec1abcfc0acc99e openssl-devel-1.0.1e-42.el7.9.i686.rpm 018b50c925ec2feba99dd5b06e651327da4258b7a0c0a4bb4e551c6f0710ceb0 openssl-devel-1.0.1e-42.el7.9.x86_64.rpm 7a2778580ee3d50584b8329e859d4be55d93ff749b088f50df2bb9a6879eb817 openssl-libs-1.0.1e-42.el7.9.i686.rpm b4dcd15094fc1a2f4e9742169d66e5de06a6751de26f2baa13282cca64954e3d openssl-libs-1.0.1e-42.el7.9.x86_64.rpm 13600af8063a7f56cb8686a5261c1c8cf42335a2a5f41ada1038d3e55ef78b08 openssl-perl-1.0.1e-42.el7.9.x86_64.rpm 3c62e5f755a5db436f16c15af1236b8c80565b69b00d31f60bb4b686f36270c7 openssl-static-1.0.1e-42.el7.9.i686.rpm 0aae83ae75cbcb9bb61c5c85fe5a06b35a8fc96d5fd35ce2b845d647c243b160 openssl-static-1.0.1e-42.el7.9.x86_64.rpm Source: ad13e94dd6fb298aef32f250d95ea9f27a2de4a62d2f1e9f3e3ecc7c8e034c84 openssl-1.0.1e-42.el7.9.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Mon, 29 Jun 2015 16:03:44 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2015:1194 Moderate CentOS 6 postgresql Security Update Message-ID: 20150629160344.ga21...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2015:1194 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1194.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 38011c1a69aac2d06e4309c0fa4cf17d8fa3f6393d9b99116365d277bf9df8a4 postgresql-8.4.20-3.el6_6.i686.rpm 75b8c97fbcc379ff002cc3ec6a9e65c3163966add47d9cc51a09ee8526ba31c7 postgresql-contrib-8.4.20-3.el6_6.i686.rpm 392b1251aab447568fbb76fd8c4997ff331246061db197b0cd13574a18cd4415 postgresql-devel-8.4.20-3.el6_6.i686.rpm dea73d52e9d5185a49ab859220cdecca739c8c7d85f7a51fba49d6dd7bfaa012 postgresql-docs-8.4.20-3.el6_6.i686.rpm 292276c6e567d46ef194cdd9fff8cb0fb11b7e924d418ad75cc3be1555634aeb postgresql-libs-8.4.20-3.el6_6.i686.rpm e570c1313bfe0e7502299d0af4696feb56f7d8847165896913e2baa3a198ea94 postgresql-plperl-8.4.20-3.el6_6.i686.rpm ae287231ae774f9aba82085551e38447eb4a611e2af5cf16887d666de6de0581 postgresql-plpython-8.4.20-3.el6_6.i686.rpm dd785db4e8c9f57a86907ac5abab40af293019afbfc731d9801083eaa3ad64ff postgresql-pltcl-8.4.20-3.el6_6.i686.rpm 110719e3176139a68fb8a6867b6183feee528b1a56fb45bc23ce8b4e5a3eb072 postgresql-server-8.4.20-3.el6_6.i686.rpm d02ede44f9cbd547693b9de880f3aed6583f390c9f478a53df6e25430804dd47 postgresql-test-8.4.20-3.el6_6.i686.rpm x86_64: 38011c1a69aac2d06e4309c0fa4cf17d8fa3f6393d9b99116365d277bf9df8a4 postgresql-8.4.20-3.el6_6.i686.rpm 449c2c72585adb94d9fbfcae049e2bcd3ef329b273c36e55c5a1f6a9f3da1e94 postgresql-8.4.20-3.el6_6.x86_64.rpm 19ee23df9fd054b6b748b6a91bd1d07a24e14e56eab91c8587e703daaea544ff postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm 392b1251aab447568fbb76fd8c4997ff331246061db197b0cd13574a18cd4415 postgresql-devel-8.4.20-3.el6_6.i686.rpm 5afb7ab33f153c23ec0414273d02e1d0c801bd90878069dbd294873fbcbc5c16 postgresql-devel-8.4.20-3.el6_6.x86_64.rpm fff82d8f6ed8594ab0a2ac856cf555175520f03eb02b1227fe46810cf68df140 postgresql-docs-8.4.20-3.el6_6.x86_64.rpm 292276c6e567d46ef194cdd9fff8cb0fb11b7e924d418ad75cc3be1555634aeb postgresql-libs-8.4.20-3.el6_6.i686.rpm
Re: [CentOS] Using a CentOS 6 Machine as a gateway/router/home server
On 06/29/2015 10:43 AM, m.r...@5-cent.us wrote: James B. Byrne wrote: On Mon, June 29, 2015 02:14, Sorin Srbu wrote: OS 6? Please note: I'm not criticizing, just curious about the argument behind using a regular OS to do firewall-stuff. Maintenance. A consistent set of expectations does wonders for debugging odd-ball occurrences. Why learn the idiosyncrasies of two distros when one suffices? Just start with a minimal CentOS install on your router/gateway and add only the packages that you know that you need. Any critical omission will evidence itself in short order and can be added then; or the source of the need removed as circumstance warrants. Being a longtime RH/CentOS user recently flirting with debian, I have to agree. Another advantage to using a single distro across multiple machines is the ability to compare them (e.g., does this system system file have the same size and timestamp on all my systems?). I'm running DD-WRT on an ASUS router these days, and I'm *NOT* wildly impressed. I mean, it seems ok, but the project is run in what I can only describe as amateur, in the worst sense of the word. The several official developers release a build, and you can choose which one of who's; people on the mailing list have favorite builds, which is not a phrase I have *ever* heard used with an o/s before, and I'm afraid to update, as some of their documentation is out of date, or wrong. I agree on dd-wrt. Several docs and occasional forum postings say, check the wiki. Other docs and forum postings say, ignore the wiki, it's outdated. Finding the latest build is like an easter egg hunt. The whole project seemed to me to be very disorganized. Re: administration and docs again: My router's wifi radio seemed to go out one day (after a power outage). I couldn't connect to the router anymore via wifi. The lack of reliable docs made figuring out the settings a guessing game. And I didn't know what tools existed for diagnosing the hardware and software. I have to sympathize with the dd-wrt developers though. There are a lot of routers on the market. Most are vastly different in what hardware and features they have. And too, in most case (I'd think) they have docs from manufacturers, so have to reverse-engineer the code, and do this separately for dozens if not hundreds of routers on the market. Given these circumstances, it's amazing they've been able to do what they've done. Waxing further off-topic, a solution to this, IMO, would be something very much like a Raspberry Pi router: essentially an RPi with a half-dozen RJ45 ports. It would be nice to have the wifi built into it, but because these are country-specific, the wifi-radio would probably need to be a separate plug-in part. But having non-volatile memory on a card, as RPi's already have, would make testing and upgrading-- and also downgrading-- much easier and worry-free. At some point, I may just get a PI, and run CentOS, or some firewall/router distro, though that would mean not having WiFi for guests. When the radio on my wifi went out, I found it a simple matter to set up a secure wifi AP (using hostapd) on an RPi and plug it into an RJ45 on my router. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Qemu 2.x on CentOS 7?
Is there any way to get the latest Qemu to run on CentOS 7? I'm looking for a way to create backup snapshots, but the current install says: [root@vhost1 ~]# virsh snapshot-create-as myvm snapshot1 snapshot1 description error: Operation not supported: live disk snapshot not supported with this QEMU binary -- Robert ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] set up login.defs but password still not expire?
Hi, On Tue, Jun 30, 2015 at 1:29 AM, mcclnx mcc mcc...@yahoo.com.tw wrote: We have Centos 5.8 on LInux server.I setup /etc/login.defs following: PASS_MAX_DAYS 3 PASS_MIN_DAYS 0 PASS_MIN_LEN8 PASS_WARN_AGE 1 after that I chack user password policy and it show:# chage -l user1 Last password change: Jun 29, 2015 Password expires: never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 9 Number of days of warning before password expires : 7 anyone know why? I did reboot server still same. It will not be applied automatically to existing users, you have to do that manually by running below command, For an example, # chage -E 6/30/2015 -m 5 -M 90 -I 30 -W 14 test ( For more information read Man page ) If you gonna create a new user after making changes into /etc/login.defs then password policy will be applied automatically on new user and you can check it by running chage -l username. --Regards Ashishkumar S. Yadav ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] set up login.defs but password still not expire?
On 06/30/2015 07:59 AM, mcclnx mcc wrote: We have Centos 5.8 on LInux server.I setup /etc/login.defs following: PASS_MAX_DAYS 3 So you're saying that you're running a CentOS that has not been updated in three years and as such is full of security vulnerabilities and bugs and yet you are security-conscious enough to want a 3 day password expire? Do yourself a favor and yum update, that will help you to secure your system way better than your password policy. Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Vpn pptpd
Muchas gracias por responder, ahora haciendo una investigación en esta empresa ya han tenido antes una VPN pero no se sabe exactamente con que VPN está trabajando si es openvpn u otra, tengo al posibilidad de verificar en el servidor master que aún existe en la oficina remota, ahora la pregunta seria si es una VPN con openvpn que debería hacer en este servidor, es decir solo copiar los certificados al nuevo servidor. Agradezco de antemano su ayuda -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 25/06/15 11:16, Javier Aquino wrote: Hola César, Para una VPN site-to-site te recomiendo OpenVPN o LibreSWan. En mi caso, tengo una vpn con LibreSWAN entre mi oficina y otras 10 en diferentes paises y nunca he tenido inconvenientes salvo por problemas con el internet. Saludos y éxitos en tu proyecto. *JAVIER AQUINO* Jefe de TI C LEXUS EDITORES El 25 de junio de 2015, 11:08, César Martinez cmarti...@servicomecuador.com escribió: Saludos amigos listeros, acudo a ustedes con una consulta, quiero implementar una VPn con pptp entre dos servidores Linux para unir dos oficinas distantes, cada una tiene un proveedor de internet diferente y van a tener un servidor Linux centos con una ip publica fija , he usado pptpd pero solo con un servidor y los clientes deben realizar una conexión nueva para conectarse, existe la posibilidad de hacerlo con pptp pero sin necesidad que los usuarios deban crear esta nueva conexión, es decir solo van a cualesquiera de las redes de las oficinas ingresan a al red y ya pueden ver archivos y carpetas de la otra red. Agradeciendo a todos. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-docs] wiki.centos.org/TipsAndTricks/VncHeadlessInstall
On 30 June 2015 at 05:46, Kevin Bulgrien kbulgr...@att.net wrote: (Apologies for the potential duplicate post. My initial post had a smashed subject line. This post only adds the subject and this note.) I would like permission to edit this page. The changes I have in mind are: 1) It is not necessary to burn a CD/DVD to do a headless install in cases where the installed system has a monitor, but for some reason cannot support a graphical install directly. This can be caused by: a server that has too little memory to run a graphical install, or running the install in a virtual machine where the install does not work properly in the virtual machine console because the display is too small and controls are not shown. One situation where I ran into this situation was doing an install of 6.5 on very old server hardware. The text mode install did not allow me to preserve partitions, and it was critical to preserve the /home mount to avoid data loss. I had to run the graphical install, but the only way to do it on this hardware was to do a headless install. I was thankful for the page because it helped me figure out how to do the headless install even though I didn't need to go to the trouble of making bootable media. It seems potentially beneficial to make notes that help others also learn how to do it without burning media if this could solve their issue. Also, just last week I tried to perform a graphical install CentOS 7.1 in a VM under ESXi 6. The install started out okay, but soon reached a point where installer windows/panels and controls did not fit in the console display. While one might try to use TAB to select hidden controls, it was unsafe to do so because one could not even see the controls that needed to be manipulated. As I didn't know how to cure the console size issue during install, it seemed logical to use a headless install method to get a higher resolution install console via a VNC viewer. This might have worked except that: 2) The instructions given do not work for CentOS 7. Something has changed. At this point I am still trying to figure out if the problem is simply a matter of changed kernel options, but after trying many things for a couple of days, it is clear that at least 7.1 does not work. At the very least, the page could be improved by documenting this difficulty with 7. I did find a lead tonight that might allow me to proceed with 7, but I haven't tested it yet. If it works, then the edits would document changes key to making the process work for 7. The proposed edits would show how to invoke a headless install by editing kernel parameters at the initial install menu on the console. Obviously this is not a true headless install, but since it can be used to advantage, and as it is A LOT simpler than burning a CD/DVD, I feel the changes would help others that find themselves in the situation I was in. I am proposing to do the in http://wiki.centos.org/TipsAndTricks/VncHeadlessInstall though if it is felt that it is better to have the content be on a sub-page (due to the fact my edits involve using the console), I am amenable to doing that also. My wikiuser is: KevinBulgrien I have not created my user page at this time, but would plan to follow the editing guidelines and set it up if I am approved to make these changes. Thanks for your consideration of this matter. Kevin Bulgrien Hello Kevin, I have created a wiki home page for you (wiki.centos.org/KevinBulgrien) and would suggest that you use it to lay out your proposed changes in a draft form. When done, just ask on this list for a review and comments and then your contribution(s) can be merged. I have appended a copy of the /TipsAndTricks/VncHeadlessInstall page to your home page so that you have something to work with. Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Qemu 2.x on CentOS 7?
Hello, You might be able to use the live feature by using the qemu-kvm-rhev from Ovirt: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el7/x86_64/ HTH -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Robert Fitzpatrick rob...@webtent.org To: CentOS centos@centos.org Sent: Tuesday, 30 June, 2015 14:27:41 Subject: [CentOS] Qemu 2.x on CentOS 7? Is there any way to get the latest Qemu to run on CentOS 7? I'm looking for a way to create backup snapshots, but the current install says: [root@vhost1 ~]# virsh snapshot-create-as myvm snapshot1 snapshot1 description error: Operation not supported: live disk snapshot not supported with this QEMU binary -- Robert ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 gcc is a bit old
On Jun 29, 2015, at 16:08, James A. Peltier jpelt...@sfu.ca wrote: When you're going to maintain software for long periods of time the Modules environment can come in really handy. See http://modules.sf.net You can even use modules with the SCL packages, it is a simple translation. Hopefully in the future they will provide native modules. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tar CentOS installation and transfer it to new server
On Jun 29, 2015, at 6:50 PM, Mike 1100...@gmail.com wrote: rsync -aAXHx -e 'ssh’ -e ssh has been the default in rsync for a very long time. I believe the newest CentOS where -e defaults to rsh instead is CentOS 3. You only need to give -e nowadays when you need nonstandard ssh options, and you don’t want to put them in your ~/.ssh/config file. A common example is a nonstandard port number: rsync -e ssh -p 222 ... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tar CentOS installation and transfer it to new server
On Tue, Jun 30, 2015 at 12:55 PM, Warren Young w...@etr-usa.com wrote: On Jun 29, 2015, at 6:50 PM, Mike 1100...@gmail.com wrote: rsync -aAXHx -e 'ssh’ -e ssh has been the default in rsync for a very long time. I believe the newest CentOS where -e defaults to rsh instead is CentOS 3. You only need to give -e nowadays when you need nonstandard ssh options, and you don’t want to put them in your ~/.ssh/config file. A common example is a nonstandard port number: Thanks Mr. Young. The man page definitely tracks with your observation. Appreciated. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] user 'not listed' on login screen
On Tue, June 30, 2015 12:58 pm, g wrote: On 06/30/15 12:22, CS DBA wrote: All; I installed centOS 7 (KDE), I also created a user 'postgres' the postgres user does not show up as a user on the login screen. How can I make this user show up on the login screen? I've googled it with no luck log in a root user, check for /home/missing-user. in /etc files; group, gshadow, passwd, shadow, for 'missing-user'. if missing or present, create user again to see if will correct. if it is a daemon as Mark suggest, remove daemon. As far as I remember, by default postgres user has rather low UID number. Users with UID below some number will not be shown on login screen. (500 was this number in the past, 1000 may be on some current Linuxes, 100 was on some Suns if I remember correctly) Valeri hth. -- peace out. -+- If Bill Gates got a dime for every time Windows crashes... ...oh, wait. He does. THAT explains it! -+- in a world with out fences, who needs gates. -+- CentOS GNU/Linux 6.6 tc,hago. g . ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] user 'not listed' on login screen
On 06/30/15 12:22, CS DBA wrote: All; I installed centOS 7 (KDE), I also created a user 'postgres' the postgres user does not show up as a user on the login screen. How can I make this user show up on the login screen? I've googled it with no luck log in a root user, check for /home/missing-user. in /etc files; group, gshadow, passwd, shadow, for 'missing-user'. if missing or present, create user again to see if will correct. if it is a daemon as Mark suggest, remove daemon. hth. -- peace out. -+- If Bill Gates got a dime for every time Windows crashes... ...oh, wait. He does. THAT explains it! -+- in a world with out fences, who needs gates. -+- CentOS GNU/Linux 6.6 tc,hago. g . ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] user 'not listed' on login screen
On 6/30/2015 10:58 AM, g wrote: log in a root user, check for /home/missing-user. in /etc files; group, gshadow, passwd, shadow, for 'missing-user'. if missing or present, create user again to see if will correct. if it is a daemon as Mark suggest, remove daemon. if its the daemon account Mark suggests, don't remove it unless you want to also remove the postgresql database server thats depending on it. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] user 'not listed' on login screen
All; I installed centOS 7 (KDE), I also created a user 'postgres' the postgres user does not show up as a user on the login screen. How can I make this user show up on the login screen? I've googled it with no luck Thanks in advance ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] user 'not listed' on login screen
CS DBA wrote: All; I installed centOS 7 (KDE), I also created a user 'postgres' the postgres user does not show up as a user on the login screen. How can I make this user show up on the login screen? I've googled it with no luck I would think that under no circumstances *should* it show up. It's a user account for a daemon, and no one should be logging in that way, more like su to it. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] gssproxy items...
Hi, I've been working on some systems trying to get kerberized nfsv4 and kerberized web services going on 7. Kerberized nfsv4 was working with 7.0, but with the 7.1 release it stopped working, the key difference between the two setups is that gssproxy wasn't being used with 7.0, but seems to be key with 7.1. The problem I am encountering with Kerberized NFSv4 is that the directory will mount okay, and I can see it's contents as root, but I encounter Permission denied errors when trying to access it as a regular user. 'klist -ce' returns valid results as the user (including a a line for the server spn that I was trying to access), and I am able to access Kerberized NFSv4 shares hosted on EL6 servers as the same user. Kerberized web services have been a recent thing to try in order to see if they would work with gssproxy - a colleague did get Kerberized web services going on 7.1 without using gssproxy. I followed the instructions at https://fedorahosted.org/gss-proxy/wiki/Apache, but still didn't have any success until I added the cred_store line mentioned in comment 6 of https://bugzilla.redhat.com/show_bug.cgi?id=1168962 as we are running with selinux enabled. The success was short-lived for once I started adding user/group checking it would succeed about 30% of the time as the user principal was being returned as elaxdal@REALMH\x86\xf7\x12\x01\x02\x02 instead of just elaxdal@REALM. Today I tried recompiling the 0.4.1-1 source rpm from Fedora 21's updates, installed it onto a 7.1 nfsv4/web server, at which point everything started to consistently work - NFSv4 shares and web services with user/group checking. So it appears that the problem I'm encountering has been addressed. I've also tried recompiling the 0.3.1-1 and 0.3.1-4 source rpms from Fedora 20 and 21, both of which show the same problems I see with the 7.1 version of gssproxy. Some additional background information, the Kerberos server is an AD server that is maintained by another group. The system keytab uses a user account based spn on the AD server, and a computer account based keytab for the system with aliases for host and http keytabs. Any thoughts/suggestions as I'd rather stay with the distribution's version of supplied packages? Thanks, Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gssproxy items...
On 06/30/2015 12:13 PM, m.r...@5-cent.us wrote: Erik Laxdal wrote: The problem I am encountering with Kerberized NFSv4 is that the directory will mount okay, and I can see it's contents as root, but I encounter Permission denied errors when trying to access it as a regular user. 'klist -ce' returns valid results as the user (including a a line for the server spn that I was trying to access), and I am able to access Kerberized NFSv4 shares hosted on EL6 servers as the same user. snip Stupid question: selinux? Not a stupid question, selinux has gotten me with other things from time to time. The server was setup with selinux set to enforcing by default, but I have tried 'setenforce 0', changing it to permissive, and finally disabled (rebooting after each of these state changes) with no change in behaviour. On the client side, I've only tried the 'setenforce 0' command. The gssproxy-0.4.1-1 package was only installed on the server and worked with selinux enabled on both the server and client sides. The client side also has no problem accessing Kerberized NFSv4 shares from EL6 systems with selinux enabled on it. Thanks, Erik ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gssproxy items...
Erik Laxdal wrote: Hi, I've been working on some systems trying to get kerberized nfsv4 and kerberized web services going on 7. Kerberized nfsv4 was working with 7.0, but with the 7.1 release it stopped working, the key difference between the two setups is that gssproxy wasn't being used with 7.0, but seems to be key with 7.1. The problem I am encountering with Kerberized NFSv4 is that the directory will mount okay, and I can see it's contents as root, but I encounter Permission denied errors when trying to access it as a regular user. 'klist -ce' returns valid results as the user (including a a line for the server spn that I was trying to access), and I am able to access Kerberized NFSv4 shares hosted on EL6 servers as the same user. snip Stupid question: selinux? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CPAN issues
From what I can see there you are running cpan as root and installing it under a local lib /root/perl5. The new cpan executable is is under /root/perl5/bin/. Thats probably not in your path? Also the modules under /root/perl5/lib/perl5 are probably not in your module search path. There is a lot of what your are doing here that is either unsafe or unwise. Before we go into that, could we step back a bit and discus your environment and what you are trying to achieve. Specifically, why you feel the need to upgrade CPAN at a system level? There may be a better way to solve the underlying issue. Cheers, K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using a CentOS 6 Machine as a gateway/router/home server
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of m.r...@5-cent.us Sent: den 29 juni 2015 17:25 To: CentOS mailing list Subject: Re: [CentOS] Using a CentOS 6 Machine as a gateway/router/home server The WiFi solution I use still uses a Centos 6 firewall/router/gateway, but one of my inside devices is a WiFi router. Rather than doing double routing, I connect one of the WiFi's LAN connections via a switch to my Router via a switch, leaving the WiFi Router's WAN conection unused. That way, my gateway (and not the WiFi router) is the DHCP server, and can enforce whatever firewall rules I want to apply. No need to give up your guest WiFi if you stick with a Centos gateway. Hmmm... that's a thought. On the other hand, for defence in depth, I'm sort of leary about using my own system as a firewall. As I noted, on my old firewall/router box, I had almost nothing. That's why I'm considering a PI I used to use a similar solution at home with Smoothwall and an AP. Worked fine till the computer running Smoothwall died. Worked fine for home use. IDK if it would be a good solution in a professional environment as well, but scaled up of course. -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using a CentOS 6 Machine as a gateway/router/home server
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Gordon Messmer Sent: den 29 juni 2015 19:40 To: CentOS mailing list Subject: Re: [CentOS] Using a CentOS 6 Machine as a gateway/router/home server On 06/29/2015 06:46 AM, Sorin Srbu wrote: Even considering a minimal CentOS install, is that still less minimal than e.g. Smoothwall or Ipcop? Yes, a minimal install of CentOS is probably larger (less minimal) than a specialized distribution. In my world, security has a price and, and that might be the need to learn another distro in order to minimize security issues (and maybe as in this case minimize attack-surfaces). When all of your systems are one OS, you can more easily build an infrastructure that provides backups, security and bug fix updates, monitoring, etc for all of your systems. Specialized devices are often left out when admins set up infrastructure to provide those services for their primary systems. That's one way that a general purpose OS can be significantly better than a specialized OS. Those are good points, thanks. I'm probably somewhat indoctrinated by the Smoothwall community and the thesis that an appliance like that, that only does one thing is really good at doing just that. Thanks all for your thoughts on this! -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos