Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Debian

Journal: Patching the kernel with Debian

Journal by deadcasuals

So at work recently, I've been setting up a bunch of FreeS/WAN boxes to establish some network to network VPN's. Freeswan requires a kernel patch to operate and patching the kernel has never been one of my favorite things to do... :) First, you loose the ability to update your kernel automatically via apt. It's also more work to do on a bunch of machines when you're trying to keep them all at the same baseline. Well, Debian once again makes this process very easy. Here's a rundown on how to compile a custom freeswan kernel and create nice .deb files that you can install easily on other systems.

1) Download the latest kernel source from kernel.org

2) Unpack it under /usr/src/linux

3) run the following commands:

# apt-get install kernel-package kernel-patch-freeswan
# cd /usr/src/linux
# export PATCH_THE_KERNEL=YES
# make-kpkg --config=menuconfig --revision=vpn1.0 configure

4) At a minimum, you need the following kernel config options selected:

    CONFIG_IPSEC
    CONFIG_IPSEC_IPIP
    CONFIG_IPSEC_AH
    CONFIG_IPSEC_ESP

5) Finally, run:

# make-kpkg binary-arch

This process will take you through all of the make menuconfig, make dep, make clean, make bzImage stuff that you normally do (and I can never remember which order those commands go in either!) and it leaves you with two shiny new .deb files that are your new kernel. Simply dpkg -i them and you're set. dpkg even updates your bootloader config automatically. Pretty slick!

When you apt-get the kernel-patch-freeswan package, it actually puts the patch in /usr/src/kernel-patches. When you export PATCH_THE_KERNEL=YES, it tells make-kpkg to look in the /usr/src/kernel-patches/apply directory for a list of kernel patches to apply.

Debian

Journal: pam_smb on debian

Journal by deadcasuals

I've used pam_smb quite a bit in the past (mostly on Red Hat) to authenticate local linux users against a windows domain and I've always thought it worked pretty well. I completly love PAM and think it's one of the coolest parts of *nix. I had quite a time getting it to work today, though. I've always used the "sufficient" directive to allow both local shadow password lookups as well as domain lookups which is nice because you can still have local passwords for root.

Well, on the Woody system, when I modified the /etc/pam.d/ssh file to have both pam_unix.so and pam_smb_auth.so set to sufficient, the net result was that you could log in to the system using *any* password! Even incorrect ones! Not exactly the effect I was looking for... To make a long story short, I found that you need an extra line at the bottom of the pam config file if you have multiple "sufficient" auth lines. You have to put in "auth required pam_deny.so" which acts as a "catch all" deny statement.

It's funny.  Laugh.

Journal: Bad Candy

Journal by deadcasuals

OK, this site is pretty damn funny... It contains reviews of some of the most awful candy in the world. Candy like "Fruit Salted Plumb Suckers". Candy that lists "ashes" and "humidity" as ingrediants. Candy that looks like bear shit!! Unbelievable!

The Ultimate Bad Candy Web Site

All the simple programs have been written.

Working...