LDAP+Kerberos authentication on Debian Squeeze (+ AFS client)

Posted on by
Reply

Start by installing the necessary packages:

1

apt-get install krb5-user libnss-ldap libpam-krb5 libpam-ldap openafs-client openafs-modules-dkms libpam-afs-session

 

Modify /etc/pam_ldap.conf and /etc/libnss-ldap.conf to look like this:

1
2
3

base dc=example,dc=com
uri ldap://ip.to.ldap.host
ldap_version 3

 

Add ldap to passwd and group lines in /etc/nsswitch.conf, it should now look like this:

1
2
3
4
5
6
7
8
9
10
11
12
13

passwd:         compat ldap
group:          compat ldap
shadow:         compat
 
hosts:          files dns
networks:       files
 
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
 
netgroup:       nis

 

Add host principal, (the reverse dns for client must also point towards it’s hostname (client.domain)):

1
2
3

kadmin -p root/admin
addprinc -randkey host/client.domain
ktadd host/client.domain

 

Enable GSSAPI Authentication in SSH server by this to /etc/ssh/sshd_config

1

GSSAPIAuthentication yes

 

Also enable GSSAPI in the SSH client by adding this to /etc/ssh/ssh_config:

1
2

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

Multiple virtual network interfaces using netgraph

Posted on by
Reply

Load the ng_ether module, to make the real interfaces visible to netgraph

1

kldload ng_ether

or add it to /boot/loader.conf to load it on boot

1

echo 'ng_ether_load="YES"' >> /boot/loader.conf

Create the bridge and give it a name:

1
2

ngctl mkpeer em0: bridge lower link1
ngctl name em0:lower br0

Connect the physical interface to the bridge:

1

ngctl connect em0: br0: upper link2

Disable the overwriting of source route on the physical interface

1

ngctl msg em0: setautosrc 0

Enable promiscous mode on the physical interface

1

ngctl msg em0: setpromisc 1

Create the virtual interfaces and connect them to the bridge

1
2

ngctl mkpeer br0: eiface link3 ether
ngctl mkpeer br0: eiface link4 ether

Set an unique MAC-address to each of the virtual interfaces:

1
2

ifconfig ngeth0 link 00:5c:16:10:dd:79
ifconfig ngeth1 link 00:5c:16:10:dd:80

MySQL to PostgreSQL

Posted on by
Reply

( From: http://anti.teamidiot.de/nei/2007/02/mysql_to_postgresql/ )

If you want to convert from MySQL to PostgreSQL, use the following command to have mysqldump spit out sane SQL:

1

mysqldump $DATABASE_NAME -v -nt --compatible=ansi,postgresql --complete-insert=TRUE --extended-insert=FALSE --compact --default-character-set=UTF8 -u $DATABASE_USER -p -r $OUTPUT_FILE

You should then hoopefully be able to load this dump into your PostgreSQL database using

=> \i $OUTPUT_FILE

from within psql.

This piece of information is hidden deeply within the net! It is not clearly written in the mysqldump docs. There are lots of Google results for “MySQL to PostgreSQL” but most of them are needlessly silly and of doubting quality. Spread this info!

Converting the database schema cannot be handled by witty mysqldump switches and is left as an exercise to the reader.