LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/intro-linux/html/sect_10_04.html

1372 lines
32 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Internet/Intranet applications</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Introduction to Linux"
HREF="index.html"><LINK
REL="UP"
TITLE="Networking"
HREF="chap_10.html"><LINK
REL="PREVIOUS"
TITLE="Network configuration and information"
HREF="sect_10_02.html"><LINK
REL="NEXT"
TITLE="Remote execution of applications"
HREF="sect_10_05.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Introduction to Linux: </TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="sect_10_02.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 10. Networking</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="sect_10_05.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="sect_10_04"
></A
>10.3. Internet/Intranet applications</H1
><P
>The Linux system is a great platform for offering networking services. In this section, we will try to give an overview of most common network servers and applications.</P
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_01"
></A
>10.3.1. Server types</H2
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_01_01"
></A
>10.3.1.1. Standalone server</H3
><P
>Offering a service to users can be approached in two ways. A daemon or service can run in standalone mode, or it can be dependent on another service to be activated.</P
><P
>Network services that are heavily and/or continuously used, usually run in the standalone mode: they are independent program daemons that are always running. They are most likely started up at system boot time, and they wait for requests on the specific connection points or ports for which they are set up to listen. When a request comes, it is processed, and the listening continues until the next request. A web server is a typical example: you want it to be available 24 hours a day, and if it is too busy it should create more listening instances to serve simultaneous users. Other examples are the large software archives such as <A
HREF="http://sourceforge.net"
TARGET="_top"
>Sourceforge</A
> or <A
HREF="http://tucows.com"
TARGET="_top"
>your Tucows mirror</A
>, which must handle thousands of FTP requests per day.</P
><P
>An example of a standalone network service on your home computer might be the <B
CLASS="command"
>named</B
> (name daemon), a caching name server. Standalone services have their own processes running, you can check any time using <B
CLASS="command"
>ps</B
>:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;<TT
CLASS="prompt"
>bob:~&#62;</TT
> <B
CLASS="command"
>ps auxw | grep named</B
>
named 908 0.0 1.0 14876 5108 ? S Mar14 0:07 named -u named
</PRE
></FONT
></TD
></TR
></TABLE
><P
>However, there are some services that you can use on your PC, even if there is no server process running for that services. Examples could be the FTP service, the secure copy service or the finger service. Those services have the Internet Daemon (<B
CLASS="command"
>inetd</B
>) listening in their place.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_01_02"
></A
>10.3.1.2. (x)inetd</H3
><P
>On your home PC, things are usually a bit calmer. You may have a small network, for instance, and you may have to transfer files from one PC to another from time to time, using FTP or Samba (for connectivity with MS Windows machines). In those cases, starting all the services which you only need occasionally and having them run all the time would be a waste of resources. So in smaller setups, you will find the necessary daemons dependent on a central program, that listen on all the ports of the services for which it is responsible.</P
><P
>This super-server, the Internet services daemon, is started up at system initialization time. There are two common implementations: <B
CLASS="command"
>inetd</B
> and <B
CLASS="command"
>xinetd</B
> (the extended Internet services daemon). One or the other is usually running on every Linux system:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;<TT
CLASS="prompt"
>bob:~&#62;</TT
> <B
CLASS="command"
>ps -ef | grep inet</B
>
root 926 1 0 Mar14 ? 00:00:00 xinetd-ipv6 -stayalive -reuse \
-pidfile /var/run/xinetd.pid
</PRE
></FONT
></TD
></TR
></TABLE
><P
>The services for which the Internet daemon is responsible, are listed in its configuration file, <TT
CLASS="filename"
>/etc/inetd.conf</TT
>, for <B
CLASS="command"
>inetd</B
>, and in the directory <TT
CLASS="filename"
>/etc/xinetd.d</TT
> for <B
CLASS="command"
>xinetd</B
>. Commonly managed services include file share and print services, SSH, FTP, telnet, the Samba configuration daemon, talk and time services.</P
><P
>As soon as a connection request is received, the central server will start an instance of the required server. Thus, in the example below, when user <EM
>bob</EM
> starts an FTP session to the local host, an FTP daemon is running as long as the session is active:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;<TT
CLASS="prompt"
>bob:~&#62;</TT
> <B
CLASS="command"
>ps auxw | grep ftp</B
>
bob 793 0.1 0.2 3960 1076 pts/6 S 16:44 0:00 ncftp localhost
ftp 794 0.7 0.5 5588 2608 ? SN 16:44 0:00 ftpd:
localhost.localdomain: anonymous/bob@his.server.com: IDLE
</PRE
></FONT
></TD
></TR
></TABLE
><P
>Of course, the same happens when you open connections to remote hosts: either a daemon answers directly, or a remote <B
CLASS="command"
>(x)inetd</B
> starts the service you need and stops it when you quit.</P
></DIV
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_02"
></A
>10.3.2. Mail</H2
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_02_01"
></A
>10.3.2.1. Servers</H3
><P
><SPAN
CLASS="application"
>Sendmail</SPAN
> is the standard mail server program or Mail Transport Agent for UNIX platforms. It is robust, scalable, and when properly configured with appropriate hardware, handles thousands of users without blinking. More information about how to configure <SPAN
CLASS="application"
>Sendmail</SPAN
> is included with the <SPAN
CLASS="application"
>sendmail</SPAN
> and <SPAN
CLASS="application"
>sendmail-cf</SPAN
> packages, you may want to read the <TT
CLASS="filename"
>README</TT
> and <TT
CLASS="filename"
>README.cf</TT
> files in <TT
CLASS="filename"
>/usr/share/doc/sendmail</TT
>. The <B
CLASS="command"
>man <TT
CLASS="parameter"
><I
>sendmail</I
></TT
></B
> and <B
CLASS="command"
>man <TT
CLASS="parameter"
><I
>aliases</I
></TT
></B
> are also useful.</P
><P
><SPAN
CLASS="application"
>Qmail</SPAN
> is another mail server, gaining popularity because it claims to be more secure than <SPAN
CLASS="application"
>Sendmail</SPAN
>. While <SPAN
CLASS="application"
>Sendmail</SPAN
> is a monolithic program, <SPAN
CLASS="application"
>Qmail</SPAN
> consists of smaller interacting program parts that can be better secured. <SPAN
CLASS="application"
>Postfix</SPAN
> is another mail server which is gaining popularity.</P
><P
>These servers handle mailing lists, filtering, virus scanning and much more. Free and commercial scanners are available for use with Linux. Examples of mailing list software are <SPAN
CLASS="application"
>Mailman</SPAN
>, <SPAN
CLASS="application"
>Listserv</SPAN
>, <SPAN
CLASS="application"
>Majordomo</SPAN
> and <SPAN
CLASS="application"
>EZmlm</SPAN
>. See the web page of your favorite virus scanner for information on Linux client and server support. <SPAN
CLASS="application"
>Amavis</SPAN
> and <SPAN
CLASS="application"
>Spamassassin</SPAN
> are free implementations of a virus scanner and a spam scanner.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_02_02"
></A
>10.3.2.2. Remote mail servers</H3
><P
>The most popular protocols to access mail remotely are <EM
>POP3</EM
> and <EM
>IMAP4</EM
>. IMAP and POP both allow offline operation, remote access to new mail and they both rely on an SMTP server to send mail.</P
><P
>While POP is a simple protocol, easy to implement and supported by almost any mail client, IMAP is to be preferred because:</P
><P
></P
><UL
><LI
><P
>It can manipulate persistent message status flags.</P
></LI
><LI
><P
>It can store as well as fetch mail messages.</P
></LI
><LI
><P
>It can access and manage multiple mailboxes.</P
></LI
><LI
><P
>It supports concurrent updates and shared mailboxes.</P
></LI
><LI
><P
>It is also suitable for accessing Usenet messages and other documents.</P
></LI
><LI
><P
>IMAP works both on-line and off-line.</P
></LI
><LI
><P
>it is optimized for on-line performance, especially over low-speed links.</P
></LI
></UL
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_02_03"
></A
>10.3.2.3. Mail user-agents</H3
><P
>There are plenty of both text and graphical E-mail clients, we'll just name a few of the common ones. Pick your favorite.</P
><P
>The UNIX <B
CLASS="command"
>mail</B
> command has been around for years, even before networking existed. It is a simple interface to send messages and small files to other users, who can then save the message, redirect it, reply to it etcetera.</P
><P
>While it is not commonly used as a client anymore, the <B
CLASS="command"
>mail</B
> program is still useful, for example to mail the output of a command to somebody:</P
><P
><B
CLASS="command"
>mail <TT
CLASS="email"
>&#60;<A
HREF="mailto:future.employer@whereIwant2work.com"
>future.employer@whereIwant2work.com</A
>&#62;</TT
> &#60; <TT
CLASS="filename"
>cv.txt</TT
></B
> </P
><P
>The <B
CLASS="command"
>elm</B
> mail reader is a much needed improvement to <B
CLASS="command"
>mail</B
>, and so is <B
CLASS="command"
>pine</B
> (Pine Is Not ELM). The <B
CLASS="command"
>mutt</B
> mail reader is even more recent and offers features like threading.</P
><P
>For those users who prefer a graphical interface to their mail (and a tennis elbow or a mouse arm), there are hundreds of options. The most popular for new users are Mozilla Mail/Thunderbird, which has easy anti-spam configuring options, and Evolution, the MS Outlook clone. Kmail is popular among KDE users.</P
><DIV
CLASS="figure"
><A
NAME="AEN10332"
></A
><P
><B
>Figure 10-1. Evolution mail and news reader</B
></P
><DIV
CLASS="mediaobject"
><P
><IMG
SRC="images/evolution.png"></P
></DIV
></DIV
><P
>There are also tens of web mail applications available, such as <SPAN
CLASS="application"
>Squirrelmail</SPAN
>, <SPAN
CLASS="application"
>Yahoo!</SPAN
> mail, <SPAN
CLASS="application"
>gmail</SPAN
> from Google and <SPAN
CLASS="application"
>Hotmail</SPAN
>.</P
><P
>An overview is available via the <A
HREF="http://www.tldp.org/HOWTO/Mail-User-HOWTO/index.html"
TARGET="_top"
>Linux Mail User HOWTO</A
>.</P
><P
>Most Linux distributions include <B
CLASS="command"
>fetchmail</B
>, a mail-retrieval and forwarding utility. It fetches mail from remote mail servers (POP, IMAP and some others) and forwards it to your local delivery system. You can then handle the retrieved mail using normal mail clients. It can be run in daemon mode to repeatedly poll one or more systems at a specified interval. Information and usage examples can be found in the Info pages; the directory <TT
CLASS="filename"
>/usr/share/doc/fetchmail[-&#60;version&#62;]</TT
> contains a full list of features and a FAQ for beginners.</P
><P
>The <B
CLASS="command"
>procmail</B
> filter can be used for filtering incoming mail, to create mailing lists, to pre-process mail, to selectively forward mail and more. The accompanying <B
CLASS="command"
>formail</B
> program, among others, enables generation of auto-replies and splitting up mailboxes. Procmail has been around for years on UNIX and Linux machines and is a very robust system, designed to work even in the worst circumstances. More information may be found in the <TT
CLASS="filename"
>/usr/share/doc/procmail[-&#60;version&#62;]</TT
> directory and in the man pages.</P
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TH
ALIGN="LEFT"
VALIGN="CENTER"
><B
>A note on E-mail Etiquette</B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Some people these days seem to think that an E-mail message shouldn't be too formal. That depends, of course. If you are writing to someone you don't know, best to keep some distance, just like you would do in a traditional letter. And don't forget: people you don't know might be male or female...
</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_03"
></A
>10.3.3. Web</H2
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_03_01"
></A
>10.3.3.1. The Apache Web Server</H3
><P
><SPAN
CLASS="application"
>Apache</SPAN
> is by far the most popular web server, used on more than half of all Internet web servers. Most Linux distributions include <SPAN
CLASS="application"
>Apache</SPAN
>. <SPAN
CLASS="application"
>Apache</SPAN
>'s advantages include its modular design, SSL support, stability and speed. Given the appropriate hardware and configuration it can support the highest loads.</P
><P
>On Linux systems, the server configuration is usually done in the <TT
CLASS="filename"
>/etc/httpd</TT
> directory. The most important configuration file is <TT
CLASS="filename"
>httpd.conf</TT
>; it is rather self-explanatory. Should you need help, you can find it in the <B
CLASS="command"
>httpd</B
> man page or on the <A
HREF="http://www.apache.org"
TARGET="_top"
>Apache website</A
>.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_03_02"
></A
>10.3.3.2. Web browsers</H3
><P
>A number of web browsers, both free and commercial, exist for the Linux platform. <SPAN
CLASS="application"
>Netscape Navigator</SPAN
> as the only decent option has long been a thing of the past, as <SPAN
CLASS="application"
>Mozilla/Firefox</SPAN
> offers a competitive alternative running on many other operating systems, like MS Windows and MacOS X as well.</P
><P
>Amaya is the W3C browser. Opera is a commercial browser, compact and fast. Many desktop managers offer web browsing features in their file manager, like <B
CLASS="command"
>nautilus</B
>.</P
><P
>Among the popular text based browsers are <B
CLASS="command"
>lynx</B
> and <B
CLASS="command"
>links</B
>. You may need to define proxy servers in your shell, by setting the appropriate variables. Text browsers are fast and handy when no graphical environment is available, such as when used in scripts.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_03_03"
></A
>10.3.3.3. Proxy servers</H3
><DIV
CLASS="sect4"
><H4
CLASS="sect4"
><A
NAME="sect_10_04_03_03_01"
></A
>10.3.3.3.1. What is a proxy server?</H4
><P
>Companies and organizations often want their users to use a proxy server. Especially in environments with lots of users, a proxy server can enable faster downloads of web pages. The proxy server stores web pages. When a user asks for a web page that has already been requested previously, the proxy server will give that page to the user directly, so that s/he does not need to get it from the Internet, which would take longer. Of course, measures can be taken so that the proxy server does a quick check and always serves the most recent version of a page. In some environments, usage of the proxy server is compulsory, in other environments you may have the choice whether or not to use it.</P
></DIV
><DIV
CLASS="sect4"
><H4
CLASS="sect4"
><A
NAME="sect_10_04_03_03_02"
></A
>10.3.3.3.2. Proxy configuration</H4
><P
>If you have the proxy server name and port, it should be rather obvious to feed that information into your browser. However, many (command line) applications depend on the variables <TT
CLASS="varname"
>http_proxy</TT
> and <TT
CLASS="varname"
>ftp_proxy</TT
> for correct functioning. For your convenience, you might want to add a line like the following to your <TT
CLASS="filename"
>~/.bashrc</TT
>:</P
><P
><B
CLASS="command"
>export <TT
CLASS="varname"
>http_proxy</TT
>=<TT
CLASS="parameter"
><I
>http://username:password@proxy_server_name:port_number</I
></TT
></B
> </P
><P
>For instance:</P
><P
><B
CLASS="command"
>export <TT
CLASS="varname"
>http_proxy</TT
>=<TT
CLASS="parameter"
><I
>http://willy:Appelsi3ntj3@proxy:80</I
></TT
></B
> </P
><P
>If you do not need to give a username and password, simply leave out everything before the <SPAN
CLASS="QUOTE"
>"@"</SPAN
> sign, this sign included.</P
></DIV
></DIV
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_04"
></A
>10.3.4. File Transfer Protocol</H2
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_04_01"
></A
>10.3.4.1. FTP servers</H3
><P
>On a Linux system, an FTP server is typically run from <B
CLASS="command"
>xinetd</B
>, using the <SPAN
CLASS="application"
>WU-ftpd</SPAN
> server, although the FTP server may be configured as a stand-alone server on systems with heavy FTP traffic. See the exercises.</P
><P
>Other FTP servers include among others <SPAN
CLASS="application"
>vsftpd</SPAN
>, <SPAN
CLASS="application"
>Ncftpd</SPAN
> and <SPAN
CLASS="application"
>Proftpd</SPAN
>.</P
><P
>Most Linux distributions contain the <SPAN
CLASS="application"
>anonftp</SPAN
> package, which sets up an anonymous FTP server tree and accompanying configuration files.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_04_02"
></A
>10.3.4.2. FTP clients</H3
><P
>Most Linux distributions include <B
CLASS="command"
>ncftp</B
>, an improved version of the common UNIX <B
CLASS="command"
>ftp</B
> command, which you may also know from the Windows command line. The <B
CLASS="command"
>ncftp</B
> program offers extra features such as a nicer and more comprehensible user interface, file name completion, append and resume functions, bookmarking, session management and more:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;<TT
CLASS="prompt"
>thomas:~&#62;</TT
> <B
CLASS="command"
>ncftp blob</B
>
NcFTP 3.0.3 (April 15, 2001) by Mike Gleason (ncftp@ncftp.com).
Connecting to blob...
blob.some.net FTP server (Version wu-2.6.1-20) ready.
Logging in...
Guest login ok, access restrictions apply.
Logged in to blob.
<TT
CLASS="prompt"
>ncftp / &#62;</TT
> <B
CLASS="command"
>help</B
>
Commands may be abbreviated. 'help showall' shows hidden and
unsupported commands.
'help &#60;command&#62;' gives a brief description of &#60;command&#62;.
ascii cat help lpage open quote site
bgget cd jobs lpwd page rename type
bgput chmod lcd lrename pdir rhelp umask
bgstart close lchmod lrm pls rm version
binary debug lls lrmdir put rmdir
bookmark dir lmkdir ls pwd set
bookmarks get lookup mkdir quit show
<TT
CLASS="prompt"
>ncftp / &#62;</TT
>
</PRE
></FONT
></TD
></TR
></TABLE
><P
>Excellent help with lot of examples can be found in the man pages. And again, a number of GUI applications are available.</P
><DIV
CLASS="warning"
><P
></P
><TABLE
CLASS="warning"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/warning.gif"
HSPACE="5"
ALT="Warning"></TD
><TH
ALIGN="LEFT"
VALIGN="CENTER"
><B
>FTP is insecure!</B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>Don't use the File Transfer Protocol for non-anonymous login unless you know what you are doing. Your user name and password might be captured by malevolent fellow network users! Use secure FTP instead; the <B
CLASS="command"
>sftp</B
> program comes with the Secure SHell suite, see <A
HREF="sect_10_05.html#sect_10_05_04_04"
>Section 10.4.4.4</A
>.</P
></TD
></TR
></TABLE
></DIV
></DIV
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_05"
></A
>10.3.5. Chatting and conferencing</H2
><P
>Various clients and systems are available in each distribution, replacing the old-style IRC text-based chat. A short and incomplete list of the most popular programs:</P
><P
></P
><UL
><LI
><P
><B
CLASS="command"
>gaim</B
>: multi-protocol instant messaging client for Linux, Windows and Mac, compatible with MSN Messenger, ICQ, IRC and much more; see the Info pages or <A
HREF="http://gaim.sourceforge.net"
TARGET="_top"
>the Gaim site</A
> for more.</P
></LI
><LI
><P
><B
CLASS="command"
>xchat</B
>: IRC client for the X window system:</P
><DIV
CLASS="figure"
><A
NAME="AEN10492"
></A
><P
><B
>Figure 10-2. X-Chat</B
></P
><DIV
CLASS="mediaobject"
><P
><IMG
SRC="images/xchat.png"></P
></DIV
></DIV
><P
>The home page is at <A
HREF="http://sourceforge.net/projects/xchat/"
TARGET="_top"
>SourceForge</A
>.</P
></LI
><LI
><P
>aMSN: an MSN clone.</P
></LI
><LI
><P
><B
CLASS="command"
>Konversation</B
>, <B
CLASS="command"
>kopete</B
>, <B
CLASS="command"
>KVIrc</B
> and many other K-tools from the KDE suite.</P
></LI
><LI
><P
><B
CLASS="command"
>gnomemeeting</B
>: videoconferencing program for UNIX (now <SPAN
CLASS="application"
>Ekiga</SPAN
>).</P
></LI
><LI
><P
><B
CLASS="command"
>jabber</B
>: Open Source Instant Messenging platform, compatible with ICQ, AIM, Yahoo, MSN, IRC, SMTP and much more.</P
></LI
><LI
><P
><B
CLASS="command"
>psi</B
>: jabber client, see <A
HREF="http://psi.affinix.com/"
TARGET="_top"
>the PSI Jabber Client Homepage</A
>.</P
></LI
><LI
><P
><B
CLASS="command"
>skype</B
>: program for making telephone-like calls over the Internet to other <SPAN
CLASS="application"
>Skype</SPAN
> users, see <A
HREF="http://www.skype.com"
TARGET="_top"
>http://www.skype.com</A
> for more info. <SPAN
CLASS="application"
>Skype</SPAN
> is free but not open.</P
></LI
><LI
><P
><SPAN
CLASS="application"
>Gizmo</SPAN
>: a free (but not open) phone for your computer, see <A
HREF="http://www.gizmoproject.com"
TARGET="_top"
>http://www.gizmoproject.com</A
>.</P
></LI
></UL
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_06"
></A
>10.3.6. News services</H2
><P
>Running a <SPAN
CLASS="application"
>Usenet</SPAN
> server involves a lot of expertise and fine-tuning, so refer to the <A
HREF="http://www.isc.org"
TARGET="_top"
>INN homepage</A
> for more information.</P
><P
>There are a couple of interesting newsgroups in the <EM
>comp.*</EM
> hierarchy, which can be accessed using a variety of text and graphical clients. A lot of mail clients support newsgroup browsing as well, check your program or see your local Open Source software mirror for text clients such as <B
CLASS="command"
>tin</B
>, <B
CLASS="command"
>slrnn</B
> and <B
CLASS="command"
>mutt</B
>, or download Mozilla or one of a number of other graphical clients.</P
><P
><A
HREF="http://deja.com"
TARGET="_top"
>Deja.com</A
> keeps a searchable archive of all newsgroups, powered by Google. This is a very powerful instrument for getting help: chances are very high that somebody has encountered your problem, found a solution and posted it in one of the newsgroups.</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_07"
></A
>10.3.7. The Domain Name System</H2
><P
>All these applications need DNS services to match IP addresses to host names and vice versa. A DNS server does not know all the IP addresses in the world, but networks with other DNS servers which it can query to find an unknown address. Most UNIX systems can run <B
CLASS="command"
>named</B
>, which is part of the BIND (<SPAN
CLASS="application"
>Berkeley Internet Name Domain</SPAN
>) package distributed by the Internet Software Consortium. It can run as a stand-alone caching <EM
>nameserver</EM
>, which is often done on Linux systems in order to speed up network access.</P
><P
>Your main client configuration file is <TT
CLASS="filename"
>/etc/resolv.conf</TT
>, which determines the order in which Domain Name Servers are contacted:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;search somewhere.org
nameserver 192.168.42.1
nameserver 193.74.208.137
</PRE
></FONT
></TD
></TR
></TABLE
><P
>More information can be found in the Info pages on <B
CLASS="command"
>named</B
>, in the <TT
CLASS="filename"
>/usr/share/doc/bind[-&#60;version&#62;]</TT
> files and on the <A
HREF="http://www.isc.org/products/BIND"
TARGET="_top"
>Bind project</A
> homepage. The <A
HREF="http://www.tldp.org/HOWTO/DNS-HOWTO.html"
TARGET="_top"
>DNS HOWTO</A
> covers the use of BIND as a DNS server.</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_08"
></A
>10.3.8. DHCP</H2
><P
>DHCP is the <SPAN
CLASS="application"
>Dynamic Host Configuration Protocol</SPAN
>, which is gradually replacing good old <B
CLASS="command"
>bootp</B
> in larger environments. It is used to control vital networking parameters such as IP addresses and name servers of hosts. DHCP is backward compatible with <B
CLASS="command"
>bootp</B
>. For configuring the server, you will need to read the HOWTO.</P
><P
>DHCP client machines will usually be configured using a GUI that configures the <B
CLASS="command"
>dhcpcd</B
>, the DHCP client daemon. Check your system documentation if you need to configure your machine as a DHCP client.</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="sect_10_04_09"
></A
>10.3.9. Authentication services</H2
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_09_01"
></A
>10.3.9.1. Traditional</H3
><P
>Traditionally, users are authenticated locally, using the information stored in <TT
CLASS="filename"
>/etc/passwd</TT
> and <TT
CLASS="filename"
>/etc/shadow</TT
> on each system. But even when using a network service for authenticating, the local files will always be present to configure system accounts for administrative use, such as the root account, the daemon accounts and often accounts for additional programs and purposes.</P
><P
>These files are often the first candidates for being examined by hackers, so make sure the permissions and ownerships are strictly set as should be:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;<TT
CLASS="prompt"
>bob:~&#62;</TT
> <B
CLASS="command"
>ls -l /etc/passwd /etc/shadow</B
>
-rw-r--r-- 1 root root 1803 Mar 10 13:08 /etc/passwd
-r-------- 1 root root 1116 Mar 10 13:08 /etc/shadow
</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_09_02"
></A
>10.3.9.2. PAM</H3
><P
>Linux can use PAM, the <SPAN
CLASS="application"
>Pluggable Authentication Module</SPAN
>, a flexible method of UNIX authentication. Advantages of PAM:</P
><P
></P
><UL
><LI
><P
>A common authentication scheme that can be used with a wide variety of applications.
</P
></LI
><LI
><P
>PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.</P
></LI
><LI
><P
>Great flexibility and control over authentication for the administrator and application developer.
</P
></LI
><LI
><P
>Application developers do not need to develop their program to use a particular authentication scheme. Instead, they can focus purely on the details of their program.</P
></LI
></UL
><P
>The directory <TT
CLASS="filename"
>/etc/pam.d</TT
> contains the PAM configuration files (used to be <TT
CLASS="filename"
>/etc/pam.conf</TT
>). Each application or service has its own file. Each line in the file has four elements:</P
><P
></P
><UL
><LI
><P
><EM
>Module</EM
>:</P
><P
></P
><UL
><LI
><P
><TT
CLASS="option"
>auth</TT
>: provides the actual authentication (perhaps asking for and checking a password) and sets credentials, such as group membership or Kerberos tickets.</P
></LI
><LI
><P
><TT
CLASS="option"
>account</TT
>: checks to make sure that access is allowed for the user (the account has not expired, the user is allowed to log in at this time of day, and so on).</P
></LI
><LI
><P
><TT
CLASS="option"
>password</TT
>: used to set passwords.</P
></LI
><LI
><P
><TT
CLASS="option"
>session</TT
>: used after a user has been authenticated. This module performs additional tasks which are needed to allow access (for example, mounting the user's home directory or making their mailbox available).</P
></LI
></UL
><P
>The order in which modules are stacked, so that multiple modules can be used, is very important.</P
></LI
><LI
><P
><EM
>Control Flags</EM
>: tell PAM which actions to take upon failure or success. Values can be <TT
CLASS="option"
>required</TT
>, <TT
CLASS="option"
>requisite</TT
>, <TT
CLASS="option"
>sufficient</TT
> or <TT
CLASS="option"
>optional</TT
>.</P
></LI
><LI
><P
><EM
>Module Path</EM
>: path to the pluggable module to be used, usually in <TT
CLASS="filename"
>/lib/security</TT
>.</P
></LI
><LI
><P
><EM
>Arguments</EM
>: information for the modules</P
></LI
></UL
><P
>Shadow password files are automatically detected by PAM.</P
><P
>More information can be found in the <B
CLASS="command"
>pam</B
> man pages or at <A
HREF="http://www.kernel.org/pub/linux/libs/pam"
TARGET="_top"
>the Linux-PAM project</A
> homepage.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="sect_10_04_09_03"
></A
>10.3.9.3. LDAP</H3
><P
>The Lightweight Directory Access Protocol is a client-server system for accessing global or local directory services over a network. On Linux, the <SPAN
CLASS="application"
>OpenLDAP</SPAN
> implementation is used. It includes <B
CLASS="command"
>slapd</B
>, a stand-alone server; <B
CLASS="command"
>slurpd</B
>, a stand-alone LDAP replication server; libraries implementing the LDAP protocol and a series of utilities, tools and sample clients.</P
><P
> The main benefit of using LDAP is the consolidation of certain types of information within your organization. For example, all of the different lists of users within your organization can be merged into one LDAP directory. This directory can be queried by any LDAP-enabled applications that need this information. It can also be accessed by users who need directory information.
</P
><P
>&#13;Other LDAP or X.500 Lite benefits include its ease of implementation (compared to X.500) and its well-defined Application Programming Interface (API), which means that the number of LDAP-enabled applications and LDAP gateways should increase in the future.
</P
><P
>&#13;On the negative side, if you want to use LDAP, you will need LDAP-enabled applications or the ability to use LDAP gateways. While LDAP usage should only increase, currently there are not very many LDAP-enabled applications available for Linux. Also, while LDAP does support some access control, it does not possess as many security features as X.500.
</P
><P
> Since LDAP is an open and configurable protocol, it can be used to store almost any type of information relating to a particular organizational structure. Common examples are mail address lookups, central authentication in combination with PAM, telephone directories and machine configuration databases.</P
><P
>See your system specific information and the man pages for related commands such as <B
CLASS="command"
>ldapmodify</B
> and <B
CLASS="command"
>ldapsearch</B
> for details. More information can be found in the <A
HREF="http://www.tldp.org/HOWTO/LDAP-HOWTO.html"
TARGET="_top"
>LDAP Linux HOWTO</A
>, which discusses installation, configuration, running and maintenance of an LDAP server on Linux. The author of this Introduction to Linux document also wrote an <A
HREF="http://tille.garrels.be/training/ldap/"
TARGET="_top"
>LDAP Operations HOWTO</A
>, describing the basics everyone should know about when dealing with LDAP management, operations and integration of services.</P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="sect_10_02.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="sect_10_05.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Network configuration and information</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="chap_10.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Remote execution of applications</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink