Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Journal Journal: Patching the kernel with Debian

So at work recently, I've been setting up a bunch of FreeS/WAN boxes to establish some network to network VPN's. Freeswan requires a kernel patch to operate and patching the kernel has never been one of my favorite things to do... :) First, you loose the ability to update your kernel automatically via apt. It's also more work to do on a bunch of machines when you're trying to keep them all at the same baseline. Well, Debian once again makes this process very easy. Here's a rundown on how to compile a custom freeswan kernel and create nice .deb files that you can install easily on other systems.

1) Download the latest kernel source from

2) Unpack it under /usr/src/linux

3) run the following commands:

# apt-get install kernel-package kernel-patch-freeswan
# cd /usr/src/linux
# make-kpkg --config=menuconfig --revision=vpn1.0 configure

4) At a minimum, you need the following kernel config options selected:


5) Finally, run:

# make-kpkg binary-arch

This process will take you through all of the make menuconfig, make dep, make clean, make bzImage stuff that you normally do (and I can never remember which order those commands go in either!) and it leaves you with two shiny new .deb files that are your new kernel. Simply dpkg -i them and you're set. dpkg even updates your bootloader config automatically. Pretty slick!

When you apt-get the kernel-patch-freeswan package, it actually puts the patch in /usr/src/kernel-patches. When you export PATCH_THE_KERNEL=YES, it tells make-kpkg to look in the /usr/src/kernel-patches/apply directory for a list of kernel patches to apply.


Journal Journal: pam_smb on debian

I've used pam_smb quite a bit in the past (mostly on Red Hat) to authenticate local linux users against a windows domain and I've always thought it worked pretty well. I completly love PAM and think it's one of the coolest parts of *nix. I had quite a time getting it to work today, though. I've always used the "sufficient" directive to allow both local shadow password lookups as well as domain lookups which is nice because you can still have local passwords for root.

Well, on the Woody system, when I modified the /etc/pam.d/ssh file to have both and set to sufficient, the net result was that you could log in to the system using *any* password! Even incorrect ones! Not exactly the effect I was looking for... To make a long story short, I found that you need an extra line at the bottom of the pam config file if you have multiple "sufficient" auth lines. You have to put in "auth required" which acts as a "catch all" deny statement.

It's funny.  Laugh.

Journal Journal: Bad Candy

OK, this site is pretty damn funny... It contains reviews of some of the most awful candy in the world. Candy like "Fruit Salted Plumb Suckers". Candy that lists "ashes" and "humidity" as ingrediants. Candy that looks like bear shit!! Unbelievable!

The Ultimate Bad Candy Web Site

Don't sweat it -- it's only ones and zeros. -- P. Skelly