710 lines
28 KiB
HTML
710 lines
28 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<title>The Answer Guy Issue 24</title>
|
|
</head>
|
|
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
|
|
ALINK="#FF0000">
|
|
<!--endcut ========================================================= -->
|
|
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
<P> <HR> <P>
|
|
|
|
<!-- =============================================================== -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../gx/ans.gif" alt="" border=0 align=middle>
|
|
The Answer Guy
|
|
<img src="../gx/ans.gif" alt="" border=0 align=middle>
|
|
</A></H1> <BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
Starshine Technical Services, <A HREF="http://www.starshine.org/">
|
|
http://www.starshine.org/</A> </H4>
|
|
</center>
|
|
|
|
<p><HR><p>
|
|
<H3>Contents:</H3>
|
|
<ul>
|
|
<li><a HREF="./lg_answer24.html#net1">Netscape Mail Crashing</a>
|
|
<li><a HREF="./lg_answer24.html#slack">Slackware Help</a>
|
|
<li><a HREF="./lg_answer24.html#net2">Netscape /var/spool/USER </a>
|
|
<li><a HREF="./lg_answer24.html#virtual">Getting Rid of Virtual Screens</a>
|
|
<li><a HREF="./lg_answer24.html#diald">diald's niche</a>
|
|
<li><a HREF="./lg_answer24.html#redh1">Upgrade to Red Hat 5.0?</a>
|
|
<li><a HREF="./lg_answer24.html#redh2">Red Hat Linux and WABI and other things</a>
|
|
<li><a HREF="./lg_answer24.html#pdt">Linux as a PDT</a>
|
|
</ul>
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="net1"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Netscape Mail Crashing
|
|
</H3>
|
|
<P> <B>
|
|
From: Jim Kelley, <A
|
|
HREF="mailto:the-jim@swbell.net">the-jim@swbell.net</A><BR>
|
|
</B> <P> <B>
|
|
I've been running Netscape Communicator 4.04 on my RedHat Linux system
|
|
since the day it came out and yesterday it started crashing whenever I
|
|
check for new messeges or try to go to a newsgroup. I've deleted NC4.04
|
|
and re-installed it but to no avail.
|
|
Any suggestions?
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
When you removed NC4.04 (which I didn't know had been released
|
|
yet -- I'm still using 4.03) did you also remove your ~/.netscape
|
|
directory tree?
|
|
<P>
|
|
What happens if you try it from another account on the same
|
|
system? What happens if you use different e-mail and newsreaders?
|
|
(elm, pine, emacs' mh-e and/or tin, nn, trn, or emacs' Gnus
|
|
for respective examples).
|
|
<P>
|
|
I would suspect a data or configuration file corruption. Many
|
|
programming practices that I most loathe and detest have to do
|
|
with a lack of robustness and simple error messages with regard
|
|
to corrupted input. Is it really that hard to have a switch
|
|
that logs each input source like: "Reading configuration from
|
|
~/.netscape/foorc....." and "Bounds error at ~/.netscape/bar.conf
|
|
offset 0x2AFF9A77"?
|
|
|
|
I haven't looked at the innards of NS Comm's data files -- I
|
|
wouldn't use their mail and newsreaders since I'm very
|
|
particular about my mail and netnews -- and I need extensible,
|
|
configurable, text mode capable systems (so I use emacs' mh-e and
|
|
Gnus).
|
|
<P>
|
|
--Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="slack"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Slackware Help
|
|
</H3>
|
|
<P> <B>
|
|
From: Ralph, <A HREF="mailto:RPMAXEDGE@aol.com">RPMAXEDGE@aol.com</A>
|
|
</B> <P> <B>
|
|
HELP!!!!!!!!!!!!!<BR>
|
|
Recently I installed Linux Slackware version 3.2, everything loaded fine, but
|
|
I really run into problems when I set up the password for the root, for some
|
|
reason the one i register doesn't allow me to log in. I have problems on how
|
|
to mount the /root and remove the existing password from the /etc/shadow. I
|
|
install linux with partitions for a SCSI hardrive sda1 sda2.
|
|
I would really appreciate some few hints to solve this problem.. Thank YOU
|
|
VERY MUCH.
|
|
</B> <P> <B>
|
|
--Ralph
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
I haven't used any of the newer Slackware systems -- so I don't know
|
|
if there's anything specific to their system that would contribute
|
|
to or cause this problem.
|
|
<P>
|
|
The general way to fix this sort of problem (lost root password) is
|
|
to boot from a rescue diskette (or from an "alternate root partition")
|
|
mount your normal root partition (let's you put it under /mnt/oldroot)
|
|
and then simply edit the mnt/oldroot/etc/passwd file -- and maybe the
|
|
corresponding shadow file).
|
|
<P>
|
|
Another trick is to use the chroot command instead of editing the
|
|
passwd files directly. Basically you can follow the mount with
|
|
a command sequence like:
|
|
<PRE>
|
|
cd /mnt/oldroot/ && usr/sbin/chroot . bin/sh
|
|
</PRE>
|
|
... and then:
|
|
<PRE>
|
|
passwd
|
|
</PRE>
|
|
(allows you to use the normal passwd command -- and forces it to
|
|
update the passwd files *under* the (chroot)/etc directory rather
|
|
than the one of the root diskette or the alternative root part).
|
|
<P>
|
|
A properly maintained alternative root partition should have
|
|
extra copies (mirrors) of the whole /etc directory from your
|
|
production root partition. This makes recovery from errors
|
|
*much* easier. On some systems you may be able to use a
|
|
removable drive (LS120, Zip, Jaz, magneto-optical, Bernouli,
|
|
Syquest, DynaMO, whatever) as your alternative root system.
|
|
<P>
|
|
-- Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="net2"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Netscape /var/spool/USER
|
|
</H3>
|
|
<P> <B>
|
|
From: John Liebenrood, <A
|
|
HREF="mailto:k7ro@teleport.com">k7ro@teleport.com</A>
|
|
</B> <P> <B>
|
|
I'm running Redhat 4.2 with Netscape 3.01. I can
|
|
send mail fine but I can't receive mail. I don't understand
|
|
how to configure my /var/spool/USER. I've used chown mail.mail
|
|
and chmod 01777 on USER file. But still can't get mail to come
|
|
in...
|
|
all talk no listen
|
|
</B> <P> <B>
|
|
--john
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
Do you have a POP account? Are you trying to
|
|
read you mail from the localhost? Where is your
|
|
localhost supposed to get it's mail from?
|
|
<P>
|
|
Normally 'sendmail' (or smail, deliver, or procmail)
|
|
appends messages to your spool file. 'sendmail' gets
|
|
your mail via SMTP or from your UUCP system (depending
|
|
on your configuration and your ISP/account type).
|
|
<P>
|
|
There are a bunch of factors that anyone would need to
|
|
know before answering your question.
|
|
<P>
|
|
Netscape is normally configured to fetch mail via the
|
|
POP protocol and to send it directly via SMTP. If your
|
|
system is already configured to send and recieve mail
|
|
(i.e. you can use other mail user agents (MUA's) like
|
|
elm, pine, mh, etc) then you should be able to configure
|
|
Netscape to use "localhost" (the loopback interface --
|
|
internal to your own system).
|
|
<P>
|
|
Personally I won't use NS Nav. (or Comm.) as a mail or
|
|
news client. I absolutely require a text mode interface
|
|
<P>
|
|
-- Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="virtual"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Getting Rid of Virtual Screen
|
|
</H3>
|
|
<P> <B>
|
|
From: <A HREF="mailto:bmiles@intergate.bc.ca">bmiles@intergate.bc.ca</A>
|
|
</B> <P> <B>
|
|
Hi, how do i get rid of the virtual screen under x windows, it's bloody
|
|
annoying!! I've tried disabling it under install and I've even tried
|
|
resetting my resolution size, please help!!!
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
Assuming you're using XFree86 you'd edit your XF86Config file
|
|
(which might be /etc/X11/XF86Config or might be something more
|
|
like /usr/X11R6/lib/.... or something).
|
|
<P>
|
|
Find the Screen section for the device driver and mode you're
|
|
using, look for the display subsection that applies you your
|
|
monitor and modify the "Virtual" line thereunder.
|
|
<P>
|
|
If you've tried that (if that's what you mean by "resetting my
|
|
resolution" or "disabling it under install") than it's possible
|
|
that you're using a different X Server than I think you are
|
|
(Xig, or Metro-X or something) or that your installation or
|
|
distribution is using a config file in a different location
|
|
than you think it is.
|
|
<P>
|
|
The man pages for 'X', 'startx' and 'xinit' may help -- in
|
|
particular the XFree86 servers allow you to specify an option
|
|
of -xf86config file -- which allows you to explicitly over-ride
|
|
the system wide configuration (and is a great reason for
|
|
security concscious sysadmins to limit the execution of X to
|
|
some trusted local users -- and maybe use xdm).
|
|
<P>
|
|
I found this option in XFree86(1) (that's the XFree86 man page
|
|
in chapter one on my man pages). Don't confuse it with the
|
|
-config option referred to in the XServer(1) man page. That
|
|
option just says that more *command-line options* are stored
|
|
in a file. The XServer man page refers to options and
|
|
configuration information that should apply to any Unix X
|
|
Windows display server. The XFree86(1) page refers to the
|
|
extensions which apply to the servers written as part of the
|
|
XFree86 project. The various XF86_* man pages refer to the
|
|
features that are specific to specific servers (that is the
|
|
ones which are compiled for a given video card or chipset).
|
|
<P>
|
|
You're only running one binary -- yet three man pages apply
|
|
to whichever one you're using. This is unnecessarily confusing
|
|
-- and one of the books I've perused (on Unix, X, or Linux)
|
|
cover this sort of thing. So you have to wander through lots
|
|
of different man pages and /usr/doc/* files without a clear
|
|
roadmap.
|
|
<P>
|
|
I'm hoping that some future distribution (maybe the Red Hat
|
|
5.0 that's supposed to be shipping in the next couple of
|
|
weeks, or the next Debian) will have a really good set of
|
|
HTML (lynx clean!) documents, served by default off of the
|
|
initial localhost webserver which takes a top down, organized
|
|
approach to educating and informing us about all the power and
|
|
choices we have in Linux.
|
|
<P>
|
|
-- Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="diald"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
diald's Niche
|
|
</H3>
|
|
<P> <B>
|
|
From: Pollywog, <A
|
|
HREF="mailto:caldera-users@rim.caldera.com">caldera-users@rim.caldera.com
|
|
</A>
|
|
</B> <P> <B>
|
|
Put it anywhere you'd like. The .rpm version installs into defined
|
|
sub-directories, but keep the .rpm file anywhere you like. I have
|
|
/usr/local/packages for tarballs and .rpms....
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
I recommend that SA's use a /usr/local/from directory
|
|
tree. You can then have a set of directories named
|
|
after your favorite FTP and web sites and after the
|
|
volume names of your favorite CD's.
|
|
<P>
|
|
When you download/fetch a file -- put it into a directory
|
|
that reminds you where you got it from such as:
|
|
<P>
|
|
/usr/local/from/sunsite/
|
|
/usr/local/from/redhat/
|
|
/usr/local/from/ftp.replay.com/
|
|
<P>
|
|
... etc.
|
|
<P>
|
|
Now when you want to upgrade a package you can see where
|
|
you got the previous version from -- and consequently you
|
|
have a headstart on where to look for upgrades.
|
|
<P>
|
|
This technique is also handy if you read an alert about a
|
|
compromised (trojan) package -- you can easily see where
|
|
*you* got your copy from.
|
|
<P>
|
|
For files you install off of the CD -- create a directory
|
|
name that reminds of you which CD it is like:
|
|
<P>
|
|
/usr/local/from/cd/MOP/ (Mother of Perl)
|
|
/usr/local/from/cd/rharchive.fall97/
|
|
<P>
|
|
... etc.
|
|
<P>
|
|
Now you just put symlinks from that directory to your usual
|
|
CD-ROM mount point (ln -s /mnt/cdrom/dir/foo foo).
|
|
<P>
|
|
This creates a tree of "broken" links -- but it tells you
|
|
where to find the source file if/when you need to rebuild.
|
|
<P>
|
|
As you can probably see this technique is really a "poor
|
|
man's HSM" (hierarchial storage management system). You can
|
|
also extend this idea to migrated data files from your home
|
|
directories to removable media (such as Zip, Syquest, MO,
|
|
and CDR devices).
|
|
<P>
|
|
It's also a very handy form of self-documentation in businesses
|
|
where you may have many sysadmins or you may have various
|
|
consultants "stomping" around on your systems.
|
|
<P>
|
|
-- Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="redh1"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Upgrade to Red Hat 5.0?
|
|
</H3>
|
|
<P> <B>
|
|
From: Jason Welsh, <A HREF="mailto:jwelsh@mci.net">jwelsh@mci.net</A>
|
|
</B> <P> <B>
|
|
hey, im running an older 4.something version of Red Hat and was
|
|
wondering if I just wanted to upgrade it to 5.0, do I need to
|
|
download certain RPMS or do I need to get the whole thing?
|
|
or get it on CD.. just curious if there was a shortcut I could
|
|
take..
|
|
</B> <P> <B>
|
|
--Jason.
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
I would get the CD (in fact I did -- but I haven't
|
|
run the upgrade yet -- want to finish some work and
|
|
do an extra backup first).
|
|
<P>
|
|
CD's save lots of bandwidth and save lots of time.
|
|
<P>
|
|
If you don't need the commercial packages that come
|
|
with Red Hat (the BRU and Metro-X) you can wait a
|
|
month or so for the "Archives" set to come out --
|
|
which is about $20 (less than half the full version).
|
|
<P>
|
|
-- Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="redh2"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Red Hat Linux and WABI and other things
|
|
</H3>
|
|
<P> <B>
|
|
From: <A
|
|
HREF="mailto: peter@trimatrix.net">peter@trimatrix.net</A>
|
|
</B> <P> <B>
|
|
I have RedHat Linux v5.0 (kernal 2.x) ($49) and (silly me)
|
|
found out that Caldera OpenLinux Standard ($399) supports
|
|
WABI for Windows 3.1 apps, FreeDOS (or is it DOSEMU??) for
|
|
DOS apps, and NetWare 3.x/4.x client supporting NDS (Network
|
|
Directory Services).
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
WABI/Linux (a.k.a the Windows 3.1 Applications Binary
|
|
Interface) is available separately from Caldera. It
|
|
is a commercial package -- and it should install on
|
|
most Linux systems without much trouble.
|
|
<P>
|
|
There's also WINE ("WINdows Emulation" or "WINE is not
|
|
Emulation" -- take your pick of acronym expansion).
|
|
This is a freeware project to implement enough support
|
|
for the lower level Windows API's to allow Linux (and
|
|
other Unix) users to install MS-Windows and run Windows
|
|
programs.
|
|
<P>
|
|
I've heard that it is also possible to run Windows 3.1
|
|
in "standard mode" under DOSEMU/MS-DOS. I'm not sure if
|
|
that works under other DOS variants running under DOSEMU.
|
|
<P>
|
|
OpenDOS is Caldera's release of "Novell DOS" (which
|
|
was formerly "DR DOS" -- from Digital Research).
|
|
Caldera aquired the licenses and rights to Novell DOS
|
|
when Novell decided to "refocus on its 'core' markets"
|
|
(and practically gutted itself in the process). In
|
|
fact Caldera's "Network Desktop" (their distribution that
|
|
preceded the OpenLinux/Base and OpenLinux/Standard) was
|
|
originally a research project at Novell.
|
|
<P>
|
|
OpenDOS is partially commercial -- it is free for personal
|
|
use (or for students, or something like that -- read their
|
|
web pages for details). It has little to do with DOSEMU.
|
|
OpenDOS is available on CD for about $30(US).
|
|
<P>
|
|
DOSEMU is really a bit of a misnomer. Technically it's
|
|
a BIOS emulator which can be used to run any x86 "real mode"
|
|
operating system (such as CP/M-86 or some versions of Forth).
|
|
When you install DOSEMU you also have to install some copy of
|
|
DOS (MS-DOS, PC-DOS, OpenDOS, whatever) to get any practical
|
|
use out of it. DOSEMU includes several DOS programs which
|
|
connect to the underlying Linux system. This allows one to
|
|
access Linux directories and NFS mounts as DOS "network"
|
|
drive letters, and do other things like that.
|
|
<P>
|
|
FreeDOS is a different project -- you can learn more about
|
|
it at http://www.freedos.org. They are quite Linux friendly
|
|
-- but I haven't played with their release (and I've barely
|
|
touched DOSEMU or Caldera's OpenDOS) so I can't say much about
|
|
it.
|
|
<P>
|
|
Regarding Netware access from Linux:
|
|
<P>
|
|
Caldera's Netware client access (with bindery and NDS support)
|
|
is only available as part of their OpenLinux Standard (as far as
|
|
I know). I've heard that some people have successfully installed
|
|
the clients on other Linux distributions. However it appears
|
|
that you are legally required to purchase the commercial
|
|
COL/Standard (Caldera OpenLinux is often called COL by participants
|
|
of it's mailing lists).
|
|
<P>
|
|
There are also a couple of free packages that implement some
|
|
Netware protocols for Linux. 'ncpfs' is one that allows you
|
|
to 'mount' Netware partitions in a way that similar to NFS.
|
|
This is a system-wide mount (unlike the Caldera netware clients
|
|
where each user has unique "virtual" mountings that are not
|
|
visible from other concurrent processes on the system.
|
|
<P>
|
|
There's also the mars_nwe (Netware emulator) that implements
|
|
a subset of the Netware fileserver protocols -- allowing DOS
|
|
and other systems to access portions of your Linux
|
|
filesystem(s) using the Netware clients (similar to 'samba'
|
|
for Windows for Workgroups/LANMan/NT functionality).
|
|
<P> <B>
|
|
<img align=bottom alt=" " src="../gx/ques.gif">
|
|
I would like to know if this support can be added to RedHat
|
|
Linux by downloading this stuff from somewhere, and recompiling
|
|
the kernel? Can you help? I'm new to RedHat and have not
|
|
yet gotten an answer from them.... If not, can you direct me
|
|
to where I can inquire? This is a quest to make use of our
|
|
486 computers at work (and just need to know) by running
|
|
Linux, and still support some things like Windows 3.1x Lotus Lotsuite,
|
|
etc., which Caldera claims to do, but I would like
|
|
to find out how much trouble it would be to add support to
|
|
Redhat.....
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
In general, anything you can run under Caldera you
|
|
can get to run under Red Hat or any other reasonably
|
|
recent Linux distribution.
|
|
<P>
|
|
Since Caldera, Red Hat, Craftworks, and a couple of
|
|
other Linux distributions use the same package
|
|
management system (the RPM -- or "Red Hat Package
|
|
Manager") sharing packages among them is somewhat
|
|
simpler than installing a Debian package or Slackware
|
|
"tarball" would be.
|
|
<P>
|
|
I'd look at any FTP mirror of Red Hat's "contrib"
|
|
directory for the lastest dosemu "rpm" and install
|
|
that. You'll probably find one of these on your set
|
|
of Red Hat CD's in addition to the ones online.
|
|
You can check the online directory for updates and
|
|
recent additions.
|
|
<P>
|
|
-- Jim
|
|
|
|
<p><HR><p>
|
|
<!--================================================================-->
|
|
|
|
<a name="pdt"></a>
|
|
<H3><img align=bottom alt=" " src="../gx/ques.gif">
|
|
Linux as a PDT
|
|
</H3>
|
|
<P> <B>
|
|
From: Karl Rossing, <A HREF="mailto:gtivr6@pangea.ca">gtivr6@pangea.ca</A>
|
|
</B> <P> <B>
|
|
Linux as a PDC (Primary Domain Controller), NIS/NIS+ Master -- etc.
|
|
</B> <P> <B>
|
|
I was wondering if it is possble to get windows 95/NT to authenticate
|
|
to LINUX (using nis or nis+). I'm really getting tired of adding
|
|
accounts on the nt boxes for the linux boxes(for smb)...Is there any
|
|
commercial software availible?
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
It sounds like you're asking fundamentally different
|
|
questions here.
|
|
<P>
|
|
In your subject you refer to using Linux as a PDT
|
|
by which I presume you meant a PDC (Primary Domain
|
|
Controller). Here you refer to using NIS/NIS+ --
|
|
which would involve adding client support (third party
|
|
software) to all of the NT/'95 boxes.
|
|
<P>
|
|
A broader questions is:
|
|
<P>
|
|
What network authentication and directory
|
|
services system/model/architecture should
|
|
you use?
|
|
<P>
|
|
This is a sticky question with no easy answer.
|
|
<P>
|
|
A simpler question is:
|
|
<P>
|
|
How can I configure my MS client machines
|
|
(NT and '95) to use my Linux system's
|
|
account information for access control and
|
|
authentication?
|
|
<P>
|
|
<P>
|
|
I'll provide some thoughts on each of these questions
|
|
after commenting on the rest of your message:
|
|
<P> <B>
|
|
<img align=bottom alt=" " src="../gx/ques.gif">
|
|
I know of p-sync [http://www.m-tech.ab.ca/psynch/index.html]
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
I glanced at their web pages and was not impressed.
|
|
They have almost no text and are almost completely
|
|
unreadable for Lynx users. They also don't offer
|
|
any functionality in their demo -- which is just a
|
|
mockup of the GUI (crippleware).
|
|
<P> <B>
|
|
<img align=bottom alt=" " src="../gx/ques.gif">
|
|
and NSGINA
|
|
[http://www.dcs.qmw.ac.uk/~williams/]
|
|
which seems a bit of work to setup...
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
That would "NISGINA" This is by Nigel Williams -- apparently
|
|
derived from work by Doug Scoular(*). It is apparently released
|
|
under a BSD'ish license. So this is much more promising than
|
|
the p-sync package right off the bat.
|
|
<P>
|
|
* (http://www.arch.usyd.edu.au/~doug/gina.html)
|
|
<P>
|
|
GINA (graphical identification and authentication) is the
|
|
NT DLL that manage logins at the NT console -- there are
|
|
several different GINA's -- one from Novell for NDS, one
|
|
from MIT for Kerberos, another similar one for NT-AFS
|
|
(Transarc's distributed filesystem -- which uses a
|
|
Kerberos 4 authentication model) etc.
|
|
|
|
Here are some related URLS:
|
|
<P>
|
|
NT GINA related information:
|
|
http://web.mit.edu/cartel/ntgina.html
|
|
-- very informative -- leads to all the rest that I found.
|
|
<P>
|
|
ND_GINA - An alternative authentication method for Windows NTr,
|
|
http://www.nd.edu/~dobbins/ntarch/nd_gina_doc.html
|
|
<P>
|
|
NT/UNIX Integration with Doug's GINA replacement,
|
|
http://www.arch.usyd.edu.au/~doug/gina.html
|
|
<P>
|
|
The problem with GINA is that it doesn't appear to be
|
|
available for '95 (or earlier versions of Windows or
|
|
DOS). That may be a show stopper for for this approach
|
|
<P>
|
|
I can't recommend in good faith that you upgrade
|
|
you Win '95 systems to NT (since that just buys you
|
|
in further to this proprietary OS model -- and just
|
|
worsens your dilemma when '98 and NT 5.x ship).
|
|
<P> <B>
|
|
<img align=bottom alt=" " src="../gx/ques.gif">
|
|
I'm not really looking for passwd syncronisation, i'd like to
|
|
consolidate it to the linux box, because the users use both linux/95/nt.
|
|
nuff said, thanks.
|
|
</B> <P>
|
|
<img align=bottom alt=" " src="../gx/ans2.gif">
|
|
I don't think nearly 'nuff's been said about this topic.
|
|
There are a large number of directory service and
|
|
authentication methods that are vying for control of your
|
|
network. Each as its own security implications -- making
|
|
them co-exist is difficult from the start, and a
|
|
constant drain on administrative time and resources -- and
|
|
having them running concurrently usually means that the
|
|
weakest link prevails in your security model.
|
|
<P>
|
|
There's an excellent white paper about this at Cygnus
|
|
Solutions:
|
|
<P>
|
|
http://www.cygnus.com/product/unifying-security.html
|
|
<P>
|
|
That aside, some of your choices are:
|
|
<ul>
|
|
<li>Microsoft's WINS (and its PDC/BDC domain model)
|
|
<li>Kerberos and Cygnus Kerbnet
|
|
<li>NIS/NIS+
|
|
<li>RADIUS/TACACS
|
|
<li>LDAP (lightweight directory access protocol)
|
|
<li>Netware NDS, Banyan StreetTalk, etc.
|
|
<li>Host based security -- custom synchronization
|
|
<li>scripts.
|
|
</ul>
|
|
So far I don't like any of them. NIS/NIS+ is usually
|
|
used with NFS. Kerberos is the models that's used
|
|
in conjunction with AFS/DFS (and CODA if they ever
|
|
finish it). CIFS/SMB filesharing can be done with
|
|
very weak authentication (workgroups style) or with
|
|
the WINS Microsoft model.
|
|
<P>
|
|
Overall I think I'll like CODA best when we have a
|
|
reasonably Linux server and client for it.
|
|
<P>
|
|
More more info on the CODA project at CMU browse
|
|
through their mailling list archives at:
|
|
<P>
|
|
http://www.coda.cs.cmu.edu/maillists/linux-coda/0175.html
|
|
<P>
|
|
I could rant for sometime about the security models of
|
|
the various network/shared filesystems -- but it's late
|
|
so let it suffice to say I like that even less than the
|
|
choices for DS and authentication. So far I think I like
|
|
TCFS (transparent cryptographic filesystem) the best for
|
|
security -- though I'm quite concerned about its performance
|
|
costs.
|
|
<P>
|
|
I presume you're using Samba on your Linux server(s) to
|
|
provide file services to your Windows clients. From a
|
|
glance at the Samba Meta-FAQ and some of its other pages
|
|
it looks like you could just let Linux/Samba manage the
|
|
accounts for your whole network.
|
|
<P>
|
|
Here's some links that relate to that:
|
|
<P>
|
|
Samba: User accounts
|
|
http://samba.anu.edu.au/samba/docs/smb_serv/html/smb_se-4.html#ss4.1
|
|
<P>
|
|
Samba Server HOWTO
|
|
http://samba.anu.edu.au/samba/docs/smb_serv/html/smb_se.html
|
|
<P>
|
|
(*Note: if I read this correctly -- Samba can't currently
|
|
be a "password server." This seems to mean that it can't
|
|
act as a PDC/BDC (backup domain controller) for NT systems
|
|
to refer client authentication requests through).
|
|
<P>
|
|
It looks like the future will hold some sort of LDAP and
|
|
Kerberos -- for NT and many other OS' and packages. This
|
|
would be fine -- if it weren't for the inevitable politicking
|
|
and kneebiting that the various commercial vendors are going
|
|
to do.
|
|
<P>
|
|
The problem is that everyone's version of LDAP (directory
|
|
services) and Kerberos (authentication) will be just
|
|
different enough that each vendor's OS will just *need* to
|
|
be *the* server for *their* domain. They'll all make
|
|
press releases about their "interoperability" -- and most
|
|
will refuse to release enough details about their "extensions"
|
|
for any other vendor (or freeware programmers) to implement
|
|
them elsewhere.
|
|
<P>
|
|
I guess it will take a few years after the initial deployment
|
|
for enough of this proprietary info to leak out (and/or be
|
|
reverse engineered) to allow system administrators to actually
|
|
have any semblance of a unified directory service and
|
|
authentication system. The bugs and security problems will
|
|
probably keep popping up for a long time after that (they've
|
|
been popping up in Unix for 27 years -- and many of them are
|
|
reappearing in NT now).
|
|
<P>
|
|
Meanwhile we're going to see a continuing explosion of
|
|
servers and network applications (client server systems)
|
|
that each require different user account (with associated
|
|
group, token, and other information) and authentication
|
|
information.
|
|
<P>
|
|
Worse yet, the various layers of management above us
|
|
are already hearing the marketeers lies -- that the
|
|
solutions are "already shipping" or "just around the
|
|
corner." This is just what management wants to hear
|
|
-- so many of them are believing it -- and planning their
|
|
budgets and project schedules accordingly. A system
|
|
administration disaster in the making.
|
|
<P>
|
|
Sorry I can't offer a brighter hope for the new year --
|
|
but I'm no marketeer.
|
|
<P>
|
|
-- Jim
|
|
|
|
<!--================================================================-->
|
|
<P> <HR> <P>
|
|
<center><H4>Previous "Answer Guy" Columns</H4></center>
|
|
<P>
|
|
<A HREF="../issue13/answer.html">Answer Guy #1, January 1997</A><BR>
|
|
<A HREF="../issue14/answer.html">Answer Guy #2, February 1997</A><br>
|
|
<A HREF="../issue15/answer.html">Answer Guy #3, March 1997</A><br>
|
|
<A HREF="../issue16/answer.html">Answer Guy #4, April 1997</A><br>
|
|
<A HREF="../issue17/answer.html">Answer Guy #5, May 1997</A><br>
|
|
<A HREF="../issue18/lg_answer18.html">Answer Guy #6, June 1997</A><br>
|
|
<A HREF="../issue19/lg_answer19.html">Answer Guy #7, July 1997</A><br>
|
|
<A HREF="../issue20/lg_answer20.html">Answer Guy #8, August 1997</A><br>
|
|
<A HREF="../issue21/lg_answer21.html">Answer Guy #9, September 1997</A><br>
|
|
<A HREF="../issue22/lg_answer22.html">Answer Guy #10, October 1997</A><br>
|
|
<A HREF="../issue23/lg_answer23.html">Answer Guy #11, December 1997</A>
|
|
<P><HR><P>
|
|
<center><H5>Copyright © 1998, James T. Dennis <BR>
|
|
Published in Issue 24 of the Linux Gazette January 1998</H5></center>
|
|
<P> <HR> <P>
|
|
<!--================================================================-->
|
|
<A HREF="./index.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF
|
|
CONTENTS ]"></A> <A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
|
|
ALT="[ FRONT PAGE ]"></A>
|
|
<A HREF="lg_bytes24.html"><IMG SRC="../gx/back2.gif" ALT=" Back "></A>
|
|
<A HREF="./nielsen.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
|
|
<!--startcut ======================================================= -->
|
|
</body>
|
|
</html>
|
|
<!--endcut ========================================================= -->
|