20100831

Some gifts just before Ubuntu Maverick Beta rollout

Some gifts for you:


  • FAI 3.4
    We removed FAI during the Karmic or Lucid cycle, I don't know anymore. Since then the FAI community (Debian/Grml/Ubuntu) worked hard to get FAI back into the Ubuntu archives.
    Today, after several weeks of testing of FAI Packages from the FAI team PPA (on LP), I wrote the freeze exception, and thanks to ScottK it got approved. The upload happened some minutes after the Ack and now we are waiting to get the FAI source package out of NEW and after that the binary packages, too.
    Thanks to all people involved.
  • Zend Framework 1.10.8
    This looks like the last 1.10.x series upload for Ubuntu Maverick. As you know, the Zend Framework team is working hard on releasing Zend Framework 2.x, which could be uploaded after Mavericks release. As always, MicahG is doing a great job of backporting the latest releases to our older  supported releases and MicahG is also providing the packages in our zend-framework team PPA. 


20100823

The real "eiPOTT"

Just found that on heise.de,


The company "Koziol" named this "Egg Breaker" "eiPOTT" (pronounced: iPOD).
The court from the City of Hamburg followed Apple and forbid this naming. 

Well, the fun part, "Koziol" could name other products "eiPOTT" just not the Egg Breaker.



20100820

[SOLVED] OpenLDAP, passwd and CRYPT passwords

Ok, the problem is solved.

You have to do three simple steps to get what I wanted:


  1. openldap server:
    1. add under global dn cn=config group:
      1. olcPasswordCryptSaltFormat: "$6$%.86s"
    2. add under DN: olcDatabase={-1}frontend,cn=config
      1. olcPasswordHash: {CRYPT}
  2. ldap clients, ldap.conf:
    1. search for the "pam_password" entry and change it to "exop"
"pam_password exop" in ldap.conf means:

The directive "pam_password exop" tells pam-ldap to change passwords in a way that allows OpenLDAP to apply the hashing algorithm specified in /etc/ldap/slapd.conf, instead of attempting to hash locally and write the result directly into the database.
(explanation taken from: http://karmak.org/archive/2003/02/ldap/ldap-linux.htm)


There you go, you have the $6$ salting scheme and someone can convert from /etc/shadow to ldap and vice versa.

Thx a lot to the people of #openldap (especially blingme) and to Jo Shields for finding the needed server attributes.

OpenLDAP, passwd and CRYPT passwords

Well,

working with LDAP again for user authentication and authorisation, which gave me back some good memories. But now, I'm a bit surprised.

I configured ldap and pam like that every user can change their ldap passwords via the simple "passwd" command.

When you use "passwd" with a local account (which uses simple /etc/passwd, /etc/shadow) you will get a password hash inside /etc/shadow with SHA512:

"shermann:$6$j7K1xdEK$1E1vfHvsjxOGBteIumC8nYMniUqLmJrWFFRVPPrkun/bPYPkHNPoPyMbIuk8fFBekeHHZb1tvdYAFMDrCxZT2.:14841:0:99999:7:::
"

$6$ tells us that this password is SHA512 hashed. The documentation about the different $$ meanings you can find in crypt(3):

NOTES
   Glibc Notes
       The glibc2 version of this function supports additional encryption algorithms.
       If salt is a character string starting with the characters "$id$" followed by a string terminated by "$":
              $id$salt$encrypted
       then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted.   The  fol‐
       lowing values of id are supported:
              ID  | Method
              ─────────────────────────────────────────────────────────
              1   | MD5
              2a  | Blowfish (not in mainline glibc; added in some
                  | Linux distributions)
              5   | SHA-256 (since glibc 2.7)
              6   | SHA-512 (since glibc 2.7)
       So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one.
       "salt"  stands  for  the up to 16 characters following "$id$" in the salt.  The encrypted part of the password string is the actual computed password.  The size of this
       string is fixed:
       MD5     | 22 characters
       SHA-256 | 43 characters
       SHA-512 | 86 characters
       The characters in "salt" and "encrypted" are drawn from the set [a–zA–Z0–9./].  In the SHA implementation the entire key is significant (instead of  only  the  first  8
       bytes in MD5).

Now, when you do the same with an LDAP account, you only get a simple MD5 hash.

How can someone tell passwd and openldap to use the strong hash method with SHA512?

It would be great to use glibcs crypt possibilities even with LDAP without manual interaction on the LDAP  server.
So, if somebody knows how to do that, please leave a comment or write an email to my known address.

Thanks!

20100819

Ubuntu 10.04 LTS and OpenLDAP

This is just a post as a reminder to me in the future, which resources could be important for installing OpenLDAP on Ubuntu 10.04 LTS.



20100817

mutt-patched for google mail for domains

Well,

evolution and also kmail are big beasts for my daily private email things.
Therefore I decided to go back to mutt-patched (the mutt version with the folder patch ;))
And if you are a user of Google mail for domains, this could be also your configuration:

set from=your email address here
set realname="Real Name"
set reverse_name=yes
set reverse_realname=no
set imap_user = 'username@domain.tld'
set spoolfile = "imaps://imap.gmail.com:993"

set smtp_url="smtp://username\@domain.tld@smtp.gmail.com:587/"
set folder = "imaps://imap.gmail.com:993"

set record="+[Gmail]/Sent Mail"
set postponed="+[Gmail]/Drafts"

set header_cache="~/.mutt/cache/headers"
set message_cachedir="~/.mutt/cache/bodies"
set certificate_file=~/.mutt/certificates

set move=no
set delete=yes
set edit_hdrs
set include
set reply_to
set abort_nosubject=no
alternates '(username|altusername)([-+].*)?@.*'
set hdr_format="%4C %Z %{%m/%d} %-15.15F (%4c) %s" # format of the index

hdr_order From: Date: User-Agent: X-Mailer To: Cc: Reply-To: Subject:
ignore *
unignore From: Date: User-Agent: X-Mailer To: Cc: Reply-To: Subject:
my_hdr Reply-To:

mailboxes ! =ubuntu-devel =ubuntu-motu =ubuntu-uploads =fai-linux =fai-linux-devel =django-devel =django-users =wine-devel =opensuse-packaging =pyqt-devel =drupal-devel
mailboxes =maverick-changes =lucid-changes =jaunty=changes =hardy-changes =dapper-changes
mailboxes =[Gmail]/Spam

bind index,pager \CP sidebar-prev
bind index,pager \CN sidebar-next
bind index,pager \CO sidebar-open
macro index,pager B 'toggle sidebar_visible'
color sidebar_new yellow default

set sidebar_width=30


macro index \ec "T.*\n;WN;^T.*\n" "Cath up"