Comments for Linux Czar

Comment on Inserting Section Names in Latex Beamer Documents by Alan Lee

Alan Lee — Thu, 29 Mar 2012 12:27:06 +0000

I want to put my section titles in small fonts at the top of each slide. How can I do this?

Comment on Creating SHA512 Password Hashes by b wing

b wing — Mon, 19 Sep 2011 14:16:15 +0000

thanks for the post and script!
I actually modified your code for use for verifying existing passwords. i added a -s/–salt parameter that allows the user to specify a salt on command line rather than having it auto generated. with this feature i was able to verify your script’s functionality by re-generating the password hash on a couple different linux boxes i have access to.

my script modification is available at:
http://dickey.freeshell.org/hashpw.py

thanks again.

Comment on Build Systems: Making RHEL5 Packages on RHEL6 by Thorsten Scherf

Thorsten Scherf — Thu, 15 Sep 2011 11:09:24 +0000

That should be the default setting. Checking /usr/lib/rpm/macros:

# Algorithm to use for generating file checksum digests on build.
# If not specified or 0, MD5 is used.
# WARNING: non-MD5 is backwards incompatible, don’t enable lightly!
# The supported algorithms may depend on NSS version, as of NSS
# 3.11.99.5 the following are supported:
# 1 MD5 (default)
# 2 SHA1
# 8 SHA256
# 9 SHA384
# 10 SHA512
#
#%_source_filedigest_algorithm 1
#%_binary_filedigest_algorithm 1

Comment on Encryption Types Order in Kerberos by Scott

Scott — Fri, 05 Aug 2011 03:09:12 +0000

Or don’t use weak types in the first place? DES is broken, after all.

Comment on Mental Note: Generating x509 Certificates and CAs by Scott

Scott — Tue, 15 Mar 2011 01:25:31 +0000

The link is dead :-(

Comment on Rebooting Isn’t Learning by Tom Limoncelli

Tom Limoncelli — Tue, 11 Jan 2011 13:58:41 +0000

Thanks for the props!

Comment on RHEL, Kerberos, and CIFS by Mark Hamrick

Mark Hamrick — Tue, 04 Jan 2011 02:39:17 +0000

Will be watching this shortly…

Comment on GDM and Alternate Home Directories by jjneely

jjneely — Tue, 21 Sep 2010 18:25:11 +0000

The emergency home directories are created by the profile scripts or the Xsession scripts that are run as the user. So any place they get created are vulnerable to that kind of attack. However, /tmp is regularly cleaned out with tmpwatch.

Secondly, I’d like to use the automounter with a script to figure out the end point of the AFS bind mount. The script can determine if the user’s real home directory is down or not and return the right value. However, currently my LDAP source gives me the AFS path as the home directory not the automounted path. So until that’s fixed, I don’t have a away to intercept the mount point.

Comment on GDM and Alternate Home Directories by Scott

Scott — Tue, 21 Sep 2010 11:35:12 +0000

Two things: First, I wouldn’t use /tmp, or I would be extremely careful about it. Keep in mind the various attacks where one user pre-creates the directories that will be used by another.

Second, I’d say either automount, or the really simplistic case of “symlink /home/user to /afs/REALM/…/…/user if present, to emergency_location otherwise”

Comment on Note to Self: Automount CIFS / AD Shares by Mark Hamrick

Mark Hamrick — Sat, 26 Jun 2010 16:52:52 +0000

Yea, I am going to be having to look at this also. Will let you know what I find out.