Friday, December 21, 2007

CEO of Red Hat Steps Down

Just saw this on slashdot.. Related articles are here and here

A parting blog message from Matthew Szulik can be found here..

Is this really happening ? It is..!

SSH with no passwords..

This is quite handy, if you want to have a script to perform some activities on a remote host..
Very useful info can be found here and here.

This is what you have to do..

1. Generate a key-pair to be used in the ssh transactions.
You can use "ssh-keygen" to create a key pair..

ssh-keygen -t dsa -b 2048

This would create a dsa key of size 2048 bits.

If you prefer a rsa key, you can use something like below..
ssh-keygen -t rsa


Just press enter when it prompts for a password, otherwise you'll have to enter that password when you start ssh transaction.

I am not exactly sure which encryption method is better, may be i'll post something later, on that..( -when i know better )

2. Configuring the ssh server to trust the client's providing the newly created key.

Depending on the key type you selected, you will be able to find the public key of the key pair in your home directory inside .ssh/ if you didn't specify a separate location for the keys to be saved. Normally the key will be under a name like id_rsa.pub or is_dsa.pub

What you have to do is quite simple. Just copy the content of the key file, and put it in to the file $HOME/.ssh/authorized_keys on the OpenSSH server. $HOME is relative to the user you are loging in, as on the ssh server..
eg: if as root /root/.ssh/authorized_keys

Thursday, December 20, 2007

Squid, LDAP and Active Directory

Below is procedure i used in integrating squid with OpenLDAP, and the Active Directory with the information gathered from numerous google searches, and various links from friends..

Integrating squid with LDAP ( I used OpenLDAP 2.3, on ubuntu 7.10 ) is quite straight-forward..
I used a squid 2.5 on a RHEL4 for this..

Below are the steps i followed..
1. Installing OpenLDAP.
I used the apt to install openldap server ( slapd )..which was quite easy..
I had below in my default configuration, which allows everyone to read from the LDAP db..,without requiring to authenticate.
access to *
by dn="cn=admin,dc=multios,dc=net" write
by * read
2. Installing PHP-LDAP-Admin
I believe it's possible to install PHPLDAPAdmin from apt..but i was too dumb not to check it there, i downloaded it directly from the site and configured it.. I only had to copy
config.php.example to config.php and put the below entries..Was not difficult at all..
$ldapservers->SetValue($i,'server','name','My LDAP Server');
You can put any name for 'My LDAP Server'. It's just a name so you can identify between multiple LDAP servers you can manage from PHPLDAPAdmin panel.
$ldapservers->SetValue($i,'server','host','127.0.0.1');
In my case the LDAP server was running on the same host as PHPLDAPAdmin, therefore the '127.0.0.1' is used.. To point it to a different host, you can simply put the host name-as long as the name resolution is working- or ip.
$ldapservers->SetValue($i,'server','port','389');
I think this is the standard LDAP port.. If your LDAP service is running on a different port only, you will have to change this.
$ldapservers->SetValue($i,'server','base',array('dc=multios,dc=net'));
Here you have to specify the base of your LDAP hierarchy.. This is what i preferred as mine..
Interesting articles i found are here and here.
$ldapservers->SetValue($i,'login','dn','cn=admin,dc=multios,dc=net');
This is the LDAP db administrator account..PHPLDAPAdmin use this, if you plan to update LDAP entries using PHPLDAPAdmin ( believe me, you'll need this.. )

You can even explore your active directory LDAP with this too.. Below is my configuration on PHPLDAPAdmin to work with a Active Directory.
$ldapservers->SetValue(2,'server','name','Active Directory');
$ldapservers->SetValue(2,'server','host','192.168.128.141');
$ldapservers->SetValue(2,'server','port','389');
$ldapservers->SetValue(2,'server','base',array('dc=msmgt,dc=local'));
$ldapservers->SetValue(2,'login','dn','cn=Administrator,cn=Users,dc=msmgt,dc=local');
Notice the "2" on each line...You have to assign different values for this, to each connection you configure on PHPLDAPAdmin. At the begining this is set to a "0". You can simply keep on increasing, as it works as some sort of an array -i think..

3. Configuring Squid to use OpenLDAP for authentication..
As i mentioned above, i used squid-2.5 on a RHEL4 box.. There was this "squid_ldap_auth" authentication helper module out of the box. The funny thing is i installed squid 2.6 on ubuntu from apt, and there's no such authenticator.. I searched around a lot, but had no luck finding the exact thing, but i found a lot of similar modules, which -sadly- did not work for me..

Below are the squid settings..
auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b "cn=Internet,dc=multios,dc=net" -f uid=%s lnx1.multios.net
This can be tested before actually putting on to the squid.conf in below way..
/usr/lib/squid/squid_ldap_auth -v 3 -b "cn=Internet,dc=multios,dc=net" -f uid=%s lnx1.multios.net
then you have to type a LDAP username and the associated password with a space in between.
If it prints "OK" to the terminal, you are set..Otherwise check the parameters with your setup..
-v - to use LDAP version 3
-b - is the search base. You have to make sure your useraccounts are below this level in the LDAP hierarchy, or else the authenticator will never see your accounts when it's querying the LDAP server.
-f - search filter. LDAP objects have lot of attributes on them. I used posixAccount as user accounts and i chose the "uid" attribute to be used as the username to authenticate with the proxy.. If you wish to use a different attribute you have to specify it here.. Leave =%s part intact, it tells the authenticator to match the user input with the uid.

If you configured your LDAP without allowing anonymous queries, then you will have to specify
-D and -w or -W with appropriate values, ( a username and the password that is allowed to query the LDAP database )

Took me a while to get it to work...but finally used "-v 3" which made it work. Quite helpful information was found from here.
Worked quite fine..

I wanted to have a web based interface, so that the users them selves can change their passwords..After a bit of googling around found this nice php program developed by Karyl F. Stein, which does exactly the same thing.. It is no longer maintained though, but it worked nicely for me..
This requires that you allow authenticated users to change their password on the LDAP. Below on the slapd.conf did it for me.
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=multios,dc=net" write
by anonymous auth
by self write
by * none
If i recall correctly, i didn't have to put it manually, it was on the default settings.

To configure phpLdapPasswd i had to make the below changes to the config.php
$LDAPSERVER = "ldap://lnx1.multios.net/";
$LDAPPORT = 389;
$LDAPBASEDN = "dc=multios,dc=net";
This program has a nice feature, if a user forgets the password, they can request a reset, and the new auto-generated password is e-mailed to them, provided that your users have their email address on the LDAP db.
You have to put the below settings on config.php to make it work, but i didn't test this yet.
Default attribute it searches is "mail", but if you want to change it, i believe you can set it from the config.php as below.
$RESETBINDDN = "cn=admin,dc=multios,dc=net";
$RESETBINDPW = "redhat";
$MAILATTRIBUTE = mail;
Finally i wanted to integrate squid with an Active Directory Server, so in a MS Windows environment, user/password information can be centrally handled from the domain controller it-self.
I believe there are two methods for this, or at least i have tried two methods successfully..

1. To use ldap,kerberos, smb-winbind, ntlm_auth
This method, i used some time back and was a little difficult to get it to work..
It depends on all the above components, and even the system times of the squid server and the Active Directory has to be the same, for this to work.. But i think, it's possible to achieve a single-sign-on setup for the proxy with this..
May be i'll post the steps i took for this on a separate post..

2. To use ldap, squid_ldap_auth
This method is quite straight-forward, and comparatively easier than the winbind method. All you have to do is put the below, in the squid.conf for auth_param
auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=msmgt,dc=local" -D "cn=Administrator,cn=Users,dc=msmgt,dc=local" -w "vcs123" -f sAMAccountName=%s -h ad.multios.net
A very helpful guide is here.

-b as explained above is the search base. My Active Directory base was msmgt.local

-D is used to authenticate on to the LDAP as Active Directory LDAP service doesn't allow anonymous queries. I used the domain Administrator password, which is not advisable..You can simply create a user on Active Directory just for this..user doesn't need to have administrative privileges.

-w is the Active Directory Administrator password.. It is possible to put this on to a separate file and store the password there with -W, which i didn't try.

-f as above is the search filter "sAMAccountName" is an attribute under which the Active Directory login name is kept.

-h specifies the Active Directory hostname, ip should work here too..

All this worked quite nicely and comparatively easier with other methods..
I have yet to try out the helper module "squid_ldap_group" and the external_acls on squid..
I will be posting the findings later on, once i try that out..

till then, cheers..!

Thursday, November 22, 2007

Game Ratings

Just like for movies, they have a rating system for games as well. Below are the rating icons they put on, along with what they mean.. I might write some more on this later.

EARLY CHILDHOOD
Titles rated EC (Early Childhood) have content that may be suitable for ages 3 and older. Contains no material that parents would find inappropriate.


EVERYONE
Titles rated E (Everyone) have content that may be suitable for ages 6 and older. Titles in this category may contain minimal cartoon, fantasy or mild violence and/or infrequent use of mild language.

EVERYONE 10+
Titles rated E10+ (Everyone 10 and older) have content that may be suitable for ages 10 and older. Titles in this category may contain more cartoon, fantasy or mild violence, mild language and/or minimal suggestive themes.

TEEN
Titles rated T (Teen) have content that may be suitable for ages 13 and older. Titles in this category may contain violence, suggestive themes, crude humor, minimal blood, simulated gambling, and/or infrequent use of strong language.



MATURE
Titles rated M (Mature) have content that may be suitable for persons ages 17 and older. Titles in this category may contain intense violence, blood and gore, sexual content and/or strong language.

ADULTS ONLY
Titles rated AO (Adults Only) have content that should only be played by persons 18 years and older. Titles in this category may include prolonged scenes of intense violence and/or graphic sexual content and nudity.

RATING PENDING
Titles listed as RP (Rating Pending) have been submitted to the ESRB and are awaiting final rating. (This symbol appears only in advertising prior to a game's release.)

The ESRB rating icons are registered trademarks of the Entertainment Software Association.
man, aren't these icons nice ? I think they look amazing..regardless of what they mean..

Movie Ratings

I always wanted to know about the movie rating system, and finally got a chance to search around.
Those green/red screens they put right before a movie starts, saying parental advisory and some shit, it Does have a meaning.

According to what i found and i quote "it is a voluntary system sponsored by the Motion Picture Association of America and the National Association of Theatre Owners to provide parents with advance information on films, enabling parents to make judgments on movies they want or do not want their children to see.". Doesn't mean very much to me..! Good thing it didn't, to my parents either.

Still i think those logo things they have are cool.. So here we go..

These general-audience or G-rated movies contains nothing in theme, language, nudity, sex, violence or other matters that, as those movie rater ppl think, would offend parents whose younger children view the motion picture. But still they mention its neither a “certificate of approval,” nor does it signify a “children’s” motion picture. No stronger words, no violence, no nudity, no sex scenes and no drug use are shown in those type of movies.. It does kindda make you wonder if it IS a movie or not, doesn't it?

Now when it comes to a PG rated movie, what it means is that parents should investigate about the movie, before allowing their kids to watch it. Its kind of a loose rating, where parents make a choice, that weather a movie is suitable for their young or not.

PG-13 is very common, for me this is the one i have noticed the most. This strongly recommends that parents to investigate if the movie is OK to be watched by their kids. These contain some strong words, some nudity, some of everything. Kind of nice, isn't it.. ?

Now this here is something where they have gotten wrong, at least in the way i look at it. They say below 17's should accompany a parent or a guardian. They must be kidding...it'd be awkward n shit when the people on the screen start to Do Stuff..not just that, they put the Advisory in red background, and it sure as shit will scare off those edgy parents waiting for something like that. I like my R rated movies, and i like to watch them alone, or at least with nobody's parents around.

This here is the deal.. I have yet to see the advisory screen of one of those.. They say those contain stuff too adult for below 17s. And they don't mean just sex, movie could be about drug addictions, violent stuff and so on.

Only NS-17s i think i have seen is ( n yeah, i don't think i saw the advisory, i can't imagine what color they chose for that.. ) Young Adam and it was rated because of the explicit sexual content. Movie was ok though..

Thats about it, for now... may be i'll post some more info later..

And before i forget "All ratings marks and logos (G, PG, PG-13, R, NC-17) are registered trademarks of the Motion Picture Association of America. Their use is regulated by the Classification and Rating Administration (CARA)."

Wednesday, November 14, 2007

Google Releases Android SDK and Emulator

OSNews reports that Google has finally released Android, the opensource platform that will be used by the Open Handset Alliance. The platform is based in the Linux kernel, freetype, sqlite, webkit, a 2D/3D subsystem and other pieces, but the application framework is built in Java using a embedded-optimized VM called Dalvik. The SDK is available for Linux, Mac and Win and it includes an emulator."

The official Google channel has published few videos, on Android platform.

Androidology - Part 1 of 3 - Architecture Overview



Androidology - Part 2 of 3 - Application Lifecycle



Androidology - Part 3 of 3 - APIs

Thursday, September 27, 2007

Association of Tamils of Sri Lanka in the USA

Came across this site while googling..
http://www.sangam.org
http://www.sangam.org/taraki/articles/2006/02-10_Thamizhar_Martial_Arts.php?uid=1510

Tuesday, September 04, 2007

Setting up a simple Gateway on a Linux Machine


Quite easy
1. Set "net.ipv4.ip_forward = 1" in /etc/sysctl.conf
2. Enter command "sysctl -p" as root.
3. Enter command "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
4. Enter command "/etc/init.d/iptables save" to make the settings permanent.
( only on Redhat,Fedora and alike ) Use some other means on different distros like rc.local file.