This morning i lost a good friend. Tor, you are going to be missed.
If there is an after life i am sure you will be waiting at the gate. Thank you for being my friend.
-sam
This morning i lost a good friend. Tor, you are going to be missed.
If there is an after life i am sure you will be waiting at the gate. Thank you for being my friend.
-sam
Ah good old FreeBSD sometimes you forget that you actually have to patch it. While I am fairly good about keeping my release current, this is one of the few times that I have had to update because of an exploit that concerned me enough that I patched because of it. FreeBSD-SA-07:09.random.asc
Seeing this I also noticed my documentation on updating was out of date, especially in light of a few FreeBSD ports that now make it easier. This is the quick and dirty way of updating a 6.2 FreeBSD System
Dependencies: portmanager, portsnap, pkg_version
# freebsd-update fetch
# freebsd-update install
# uname -a
# shutdown -r now
# uname -a
# portsnap fetch
If you are running Portsnap for the first time, extract the snapshot into /usr/ports:
# portsnap extract
If you already have a populated /usr/ports and you are just updating, run the following command instead:
# portsnap update
# pkg_version -vIL=
# portmanager -u
Since Netinfo was replaced by Directory Services in Leopard there are several user based tweaks that I like to do. This had not been a problem on my Mac Pro since I did an upgrade, but I just got a new MacBook with a fresh install of Leopard. Now there are several user based tweaks I like to make. I change my UID to my standard one; it makes file sharing and remote work much easier. I am also a tcsh user. So there are two ways to adjust this sans NetInfo
1) GUI — Go to System Preferences > Accounts and right click (control-click) on the user you wish to modify. An advance window will appear and you can make changes here.
2) CLI — su – to root and run dscl
su –
dscl localhost
cd /Local/Default/Users
You can see all users by doing an ls and you can see the attributes of the users by catting the user (e.g. cat someuser
). Man dscl and man 8 DirectoryServices will give more info on changing attributes.
Another problem I ran into is that Parallels v.3 network bridge mode stopped working. This is related to the fact that I did an upgrade and not a fresh install of the OS. Reinstalling parallels does not solve the problem. The following files need to me moved out of the way and a reboot done.
After the reboot a fresh install of parallels fixed the problem. Interestingly Fusion did not have the same problems.
I just upgraded to Leopard and so far the first big problem I found is that Photoshop v.7 will not work. Granted this is an old version and designed to run in both classic and OS X, which I suspect is the cause of the problem.
After sending most of my day on a memory upgrade, I discovered something fun. IBM pSeries 660 model 7026-6H1 Servers count their memory in quads and not pairs. Even though the memory vendor sells the upgrade kit as a pair.
I have recently left my job at Rockefeller University and move across the street to Weill Medical College of Cornell University. I thought this would also be an excellent time to pick the blog back up and see if I can make something of it.
At least it will be useful place to park tidbits as I learn the fun and exciting world of AIX HACMP and CACHE databases.
Append or edit /etc/hostconfig with the following:
HOSTNAME="machine.your.domain"
1) Create the certificate authority certificate and key. Make sure you remember the password you use. You will need to use it repeatedly.
mkdir /CERTS/ldap-certs/ca
cd /CERTS/ldap-certs/ca
openssl req -new -x509 -keyout ./ca.key -out ./ca.crt
echo 01 > /CERTS/ldap-certs/ca/serial
touch > /CERTS/ldap-certs/ca/index.txt
2) Create the openssl.cf file in /CERTS/ldap-certs
####################################################################
[ ca ]
default_ca = CA_default # The default ca section####################################################################
[ CA_default ]dir = /CERTS/ldap-certs/ca # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/private/.rand # private random number file# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext#default_days = 365 # how long to certify for
default_days = 3650 # how long to certify for
#default_crl_days= 30 # how long before next CRL
default_crl_days= 0 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that.
policy = policy_anything# For the ‘anything’ policy
# At this point in time, you must list all acceptable ‘object’
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
3) Generate a Certificate Signing Request
mkdir /CERTS/ldap-certs/server
cd /CERTS/ldap-certs/server
openssl genrsa -out hostname.key
openssl req -new -key hostname.key -out hostname.csr
4) Sign the hostname certificate with your certificate authority
openssl ca -config ../openssl.cf -out hostname.crt -infiles ./hostname.csr
Camp wiki
I am here for the conference on Shibboleth.