Promoting LDAP vs NIS on RHL
by Dax Kelson
An LDAP directory can have numerous advantages over NIS. For example:
* Strong mutual authentication of client machines and LDAP servers
* All network traffic and be encrypted (by mandate even) via SSL or TLS.
* A rouge root on client machines cannot access user data, collect
encrypted password strings for user accounts
* Shadow password functionality including aging can be used
I would like to encourage Linux sysadmins to "properly" and securely
setup LDAP directories as opposed to NIS.
What can be done to encourage this?
For starters, it would be nice to have a good generic LDAP directory
browser/editor that was SSL/TLS enabled. RHL7.3 shipped with a decent
one, GQ, but it was dropped.
The slick looking "directoryadministrator" can be used to administer an
directory post-setup.
Any have other ideas?
I'll have a follow up as well.
Dax Kelson
Guru Labs
20 years, 8 months
mailing list for RHEL?
by James Ralston
As long as we're having a general mailing list cleanup, would it make
sense to create a mailing list specifically for Red Hat Enterprise
Linux?
Personally, I'd like to see it...
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
20 years, 8 months
apt and upgrades
by Chris Croome
Hi
For the last year or so I have been updating and installing additional
software for all my RedHat boxes using Freshrpms [1] and other apt
repositories like Fedora [2]. I've also been using apt and yum with
YellowDog.
One nice thing about this is that it allows mirrors to be used with the
updater -- is this something that RedHat might consider?
My other question is if there is no longer going to be boxed CDs for
sale perhaps it might be possible in the future for upgrading between
versions to work in a way that doesn't require CDs?
Chris
[1] http://freshrpms.net/
[2] http://www.fedora.us/
--
Chris Croome <chris(a)webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
20 years, 8 months
removing redundant mailing lists?
by Alex Kanavin
Now that we have four new lists made specifically for those interested in
the RHL project, it seems to me that some old lists could be
removed/merged to avoid confusion. redhat-devel-list and redhat-list stand
out as the obvious candidates for that. What do you think?
--
Alexander
Homepage: http://www.sensi.org/~ak/
20 years, 8 months
Red Hat Linux: Security Patches?
by Bruce A. Locke
Hello.
Now that Red Hat Linux appears to be a non-retail "product" with a much
shorter release cycle I am wondering about the following:
Is it Red Hat's plan to continue to produce security patches and other
errata for baseline Red Hat Linux releases for at least 12 months? (As
outlined for past releases on http://www.redhat.com/apps/support/errata/)
Thank You.
- Bruce
20 years, 8 months
Announcing a beta release of Red Hat Linux: Severn
by Bill Nottingham
Thank you gentlemen. This is rumor control. Here are the facts.
As some of you know, new Red Hat Linux Beta bits crash landed
here at 1000 on the morning watch. There was one survivor.
Two dead processes, and a daemon that was hopelessly smashed
beyond repair. The survivor is called SEVERN.
It's that time again.
(Time to floss?)
(Time to make a gooky?)
No, it's time for a Red Hat Linux Beta, named SEVERN.
"I just want to say that I took a vow of stability. That also
includes betas. We all took the vow. Now let me say, that I
for one, do not appreciate Company policy allowing beta bits
to freely intermingle..."
"Cheeky bastard, right sir?"
"What brother means to say is ... We view the presence of
any outside OS, beta, as a violation of the stability, a
potential break in the spiritual unity."
We are well aware of your feelings in this matter. You will
be pleased to know that I have requested a testing team -
Hopefully, they will be here inside of a few hours and
evaluate it A.S.A.P.
As always, betas such as SEVERN are not intended for use on
production environments. Use as such could lead to your machines
being slaughtered like pigs by the dragon. Or just public laughter.
Problems with SEVERN should be reported via bugzilla, at:
http://bugzilla.redhat.com/bugzilla/
What's its development status?
"It doesn't seem too horrendously in flux. Difficult at this
moment to make a specific diagnosis."
Among other things, SEVERN has:
- a new graphical boot
- GCC 3.3
- an updated 2.4.21 kernel
- updated Evolution and Mozilla
- and more!
Will it live?
"Yes, I should think so."
Look, none of us here is naive. It's in everybody's best
interests if this beta doesn't come out into production until
the testing team is through with it. And certainly not
without the proper qualification and bug reports. Right? So
we should all stick to our set routines and not get
unduly agitated. Correct? All right. Thank you gentlemen.
Speaking of unduly agitated... there's lots of rumors going on
about Red Hat Linux. We've been doing it for nearly ten years
now, and in that time, there's been various changes. From
rpp to RPM, from Red Hat Commercial Linux to Official Red Hat
Linux, from 'install' to anaconda. And now, we're making another
change.
We changed the rules. We said our Linux should be your Linux. Just as
most of the software in Red Hat Linux is developed in an open
fashion, so should Red Hat Linux itself; driven by those who
develop, test, document, and translate. To accomplish this, we're
opening up our process.
Now this is an evolution, not a revolution. The first steps will
be moving much of our development discussions and schedules
external, via mailing lists and other means, and including external
developers in the process of making technical decisions. More
will be done from there. Red Hat Linux will remain as it has been; a
freely available general purpose operating system, released on the
average every six months. For more information, see:
http://rhl.redhat.com/
For discussion of SEVERN, send mail to:
rhl-beta-list-request(a)redhat.com
with
subscribe
in the subject line. You can leave the body empty. Or see:
https://listman.redhat.com/mailman/listinfo/rhl-beta-list/
As always, you can get SEVERN at redhat.com, specifically:
ftp://ftp.redhat.com/pub/redhat/beta/severn/
Or the following mirrors:
North America:
United States:
ftp://moni.msci.memphis.edu/pub/redhat/linux/beta/severn/
http://moni.msci.memphis.edu/pub/redhat/linux/beta/severn/
ftp://linux.stanford.edu/pub/mirrors/redhat/linux/beta/severn/
ftp://ftp.cse.buffalo.edu/pub/RedHat/redhat/linux/beta/severn/
ftp://mirror.eas.muohio.edu/mirrors/redhat/linux/beta/severn/
ftp://mirrors.secsup.org/pub/linux/redhat/beta/severn/
ftp://redhat.dulug.duke.edu/pub/redhat/linux/beta/severn/
ftp://mirror.hiwaay.net/redhat/redhat/linux/beta/severn/
http://mirror.hiwaay.net/redhat/redhat/linux/beta/severn/
http://www.gtlib.cc.gatech.edu/pub/redhat/linux/beta/severn/
ftp://ftp.gtlib.cc.gatech.edu/pub/redhat/linux/beta/severn/
rsync://rsync.gtlib.cc.gatech.edu/redhat/linux/beta/severn/
Canada:
ftp://less.cogeco.net/pub/redhat/linux/beta/severn/
ftp://ftp.nrc.ca/pub/systems/linux/redhat/ftp.redhat.com/linux/beta/severn/
South America:
Brazil:
http://bastion.las.ic.unicamp.br/pub/redhat/linux/beta/severn
ftp://bastion.las.ic.unicamp.br/pub/redhat/linux/beta/severn
Chile:
ftp://ftp.tecnoera.com/Linux/redhat-beta/severn/
Europe:
Austria:
ftp://gd.tuwien.ac.at/opsys/linux/redhat.com/dist/linux/beta/severn/
http://gd.tuwien.ac.at/opsys/linux/redhat.com/dist/linux/beta/severn/
rsync://gd.tuwien.ac.at/opsys/linux/redhat.com/dist/linux/beta/severn/
Czech Republic:
ftp://sunsite.mff.cuni.cz/MIRRORS/ftp.redhat.com/redhat/linux/beta/severn/
ftp://ultra.linux.cz/MIRRORS/ftp.redhat.com/redhat/linux/beta/severn/
ftp://sunsite.cnlab-switch.ch/mirror/redhat/linux/beta/severn/
ftp://ftp.linux.cz/pub/linux/redhat/linux/beta/severn/
ftp://ftp6.linux.cz/pub/linux/redhat/linux/beta/severn/
Denmark:
ftp://klid.dk/pub/redhat/linux/beta/severn/
Germany:
ftp://ftp.tu-chemnitz.de/pub/linux/redhat-ftp/redhat/linux/beta/severn/
http://wftp.tu-chemnitz.de/pub/linux/redhat-ftp/redhat/linux/beta/severn/
ftp://ftp.informatik.uni-frankfurt.de/pub/linux/Mirror/ftp.redhat.com/lin...
ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/redhat/linux/beta/severn/
Ireland:
ftp://ftp.esat.net/mirrors/ftp.redhat.com/redhat/linux/beta/severn/
http://ftp.esat.net/mirrors/ftp.redhat.com/redhat/linux/beta/severn/
rsync://ftp.esat.net/mirrors/ftp.redhat.com/redhat/linux/beta/severn/
Netherlands:
ftp://ftp.nluug.nl/pub/os/Linux/distr/RedHat/ftp/redhat/linux/beta/severn/
ftp://ftp.surfnet.nl/pub/os/Linux/distr/RedHat/ftp/redhat/linux/beta/severn/
ftp://alviss.et.tudelft.nl/pub/redhat/beta/severn/
Poland:
ftp://sunsite.icm.edu.pl/pub/Linux/redhat/linux/beta/severn/
rsync://sunsite.icm.edu.pl/ftp/pub/Linux/redhat/linux/beta/severn/
http://sunsite.icm.edu.pl/pub/Linux/redhat/linux/beta/severn/
Romania:
ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.redhat.com/pub/redhat/linux/beta...
http://ftp.iasi.roedu.net/mirrors/ftp.redhat.com/pub/redhat/linux/beta/se...
rsync://ftp.iasi.roedu.net/ftp.redhat.com/pub/redhat/linux/beta/severn/
Turkey:
ftp://ftp.linux.org.tr/pub/redhat/beta/severn/
United Kingdom:
http://zeniiia.linux.org.uk/pub/distributions/redhat/beta/severn/
ftp://zeniiia.linux.org.uk/pub/distributions/redhat/beta/severn/
rsync://zeniiia.linux.org.uk/ftp/pub/distributions/redhat/beta/severn/
Asia/Pacific:
Australia:
http://planetmirror.com/pub/redhat/linux/beta/severn/
ftp://ftp.planetmirror.com/pub/redhat/linux/beta/severn/
http://mirror.aarnet.edu.au/pub/redhat/linux/severn/
ftp://mirror.aarnet.edu.au/pub/redhat/linux/severn/
Japan:
ftp://ftp.sfc.wide.ad.jp/pub/Linux/RedHat/linux/beta/severn/
Singapore:
ftp://ftp.oss.eznetsols.org/linux/redhat/linux/beta/severn/
rsync://rsync.oss.eznetsols.org/linux/redhat/linux/beta/severn/
One additional feature provided by the Linux community is the
availability of SEVERN via BitTorrent.
http://torrent.dulug.duke.edu/severn-binary-iso.torrent
http://torrent.dulug.duke.edu/severn-source-iso.torrent
RPMS for Red Hat Linux 7.3 through 9 of BitTorrent are available from:
http://torrent.dulug.duke.edu/btrpms/
Usage is simple:
btdownloadcurses.py --url http://URL.torrent
Allow incoming TCP 6881 - 6889 to join the torrent swarm.
http://torrent.dulug.duke.edu/
20 years, 8 months