GroupWise and openSUSE 11.3

16 05 2013

Here is a little howto install the GroupWise 8 client on openSUSE 11.3

STEP 1: Prepare openSUSE 11.3 for the Novell GroupWise 8 client
(as root)
zypper in openmotif openmotif22-libs libstdc++33
(for 64bit-Systems, the “-32bit” versions of openmotif22-libs and libstdc++33 are required)

STEP 2: Download latest Novell GroupWise client
Latest GroupWise client available here

STEP 3: Install the Novell GroupWise 8 client
(as root)
unzip *.zip
rpm -Uhv *.rpm
(alternative, you can click your way around and install using the GUI)





Simple Two-Factor SSH Authentication

23 09 2011

In a two-part post I’m going to show you some tricks you can do with SSH logins. This post covers setting up two-factor SSH authentication with the Google Authenticator app.

I was recently getting some servers in shape so I can pass the Payment Card Industry standards questionnaire and one requirement was two-factor authentication access to the server. I queried whether SSH key + passphrase was acceptable but didn’t get a clear answer so I figured I’d explore setting up another authentication factor myself, plus it piqued my interest.

After a bit of research I found it was possible using a PAM module but it doesn’t work along with SSH key authentication (only password authentication) and I only use SSH key logins for my servers.

The magic

I wanted to find the simplest method of implementing this so I started looking at what we can do with SSH itself. There is an option in the authorized_keys file that allows you to run a command when a user authorizes with a particular key eg.

command="/usr/bin/my_script" ssh-dsa AAA...zzz me@example.com

The command="..." part invokes a different command upon key authentication and runs the /usr/bin/my_script instead. Now we’ve got a starting point to work on the Google Authenticator logic.

Simple implementation

I’ve chosen ruby to implement this simple example but in theory you could use anything you want. This is a naive implementation but it will prove the concept. You’re going to need therotp library as well for this to work gem install rotp.

We put the following in /usr/bin/two_factor_ssh

#!/usr/bin/env ruby
require 'rubygems'
require 'rotp'
# we'll pass in a secret to this script from the authorized_keys file
abort unless secret = ARGV[0]
# prompt the user for their validation code
STDERR.write "Enter the validation code: "
until validation_code = STDIN.gets.strip
  sleep 1
end
# check the validation code is correct
abort "Invalid" unless validation_code == ROTP::TOTP.new(secret).now.to_s
# user has validated so we'll give them their shell
Kernel.exec ENV['SSH_ORIGINAL_COMMAND'] || ENV['SHELL']

The secret is in Kernel.exec which, upon successful validation, replaces thetwo_factor_ssh script process with the original command the user was attempting or their default shell so it is a completely seamless experience from that point on.

Generating the secret

We need to generate a secret token that is shared between the Google Authenticator app and the server.

Here’s a little script that will spit out a new token and a link to a QR code that can be scanned into the Google Authenticator application.

#!/usr/bin/env ruby
require 'rubygems'
require 'rotp'
secret = ROTP::Base32.random_base32
data = "otpauth://totp/#{`hostname -s`.strip}?secret=#{secret}"
puts "Your secret key is: #{secret}"
puts url

Running this produces:

We can scan the QR code directly into Google Authenticator and then update ourauthorized_keys file as follows:

command="/usr/bin/two_factor_ssh 4rr7kc47sc5a2fgt" ssh-dsa AAA...zzz me@example.com

That should do it!

Testing it out

[richard@mbp ~]$ ssh moocode@myserver
Enter the validation code: wrong
Invalid
Connection to myserver closed.
[richard@mbp ~]$
[richard@mbp ~]$ ssh moocode@myserver
Enter the validation code: 410353
moocode@myserver:~$

Great, that seems to work as expected.

Wrapping up

I’ve got a slightly more involved example that adds in support for ‘remember me’ by IP address for a fixed period of time so you don’t have to reach for the phone on every single login from the same IP.

The extended example also does some primitive logging but I’d like to add in a better auditing system (another PCI compliance requirement) as this would allow us to know which key is used to log into the server and whether they validated.

We should also probably have a fallback mechanism (a master key or 5 one-time codes like Google does) so we don’t inadvertently lock ourselves out of the server.

Article: moocode.com





MrNovell is back!

23 09 2011

Hey All,

I know it’s been long while since I posted but I have a lot of new ideas that I want to post about and I’ll give an update of what I been up to the past year or so.

Stay Tuned!





Subversion and Snow Leopard

9 12 2009

Along with so many others, I upgraded to Snow Leopard. Overall the upgrade went without a hitch. However, I noticed that my Subversion repository was no longer available from Subclipse or via the Web Browser. Not good.

So I did some digging around and upon finding this article from Patrick Rice http://patrick-rice.net/daybook/2009/09/20/subversion-snow-leopard-etc/ I was up and working again in a few minutes.

Apparently with the Snow Leopard upgrade, the Apache mod_dav_svn configuration was removed from /etc/apache2/other/svn.conf. Patrick references the following article. It’s extremely educational and informative: How To: Manage Your Own Subversion Repository In Leopard. The details still apply in Snow Leopard, as well.

Following these articles I just created a new /etc/apache2/other/svn.conf.

LoadModule dav_svn_module /usr/libexec/apache2/mod_dav_svn.so

<Location /svn>
    DAV svn

    SVNParentPath /Users/Shared/svn

    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /etc/apache2/svn-auth-file
    Require valid-user
</Location>

Restart the Apache server (via Sharing in the System Preferences application). And you should have your repository back.

Snipts from: CodeThought





Google Chrome on OpenSuSE 11.2

2 12 2009

Google has released official builds of Google Chrome for Linux and Mac OS X
Here is how you install this puppy on openSUSE 11.2

zypper ar -t YUM http://dl.google.com/linux/rp

zypper in google-chrome-unstable





New Feature List for OpenSUSE 10.3

8 10 2007

1. Improved boot times – down to just about half of what it used to be (27 seconds from 55 seconds)
2. One-Click Install – installs your RPMs and adds their associated package repositories
3. Package Management Overhaul – ZMD removed, replaced with improved libzypp, zypper, and OpenSUSE Updater
4. Compiz and Compiz Fusion – many added features, effects, and functionality for your 3D accelerated desktop
5. KDE 4 – option to check out the developments in the KDE 4 Desktop Environment
6. Gnome 2.20 – Tomboy sync between computers, evolution attachment reminder
7. 1-CD Installation/Multimedia Support – One CD for KDE installs, one CD for Gnome installs – no more 5-disc downloads
8. Codec Installer – ability to install needed codec support with the click of a button
9. Virtualization – many developments in OpenSUSE’s virtualization support
10. Tons of other sweet stuff – updater tool, repository merge (packman and guru), XFCE 4.4.1 availability, localization, OpenOffice 2.3, community repositories already available, KDEPIM enterprise branch, Giver, and KIWI

That is a very quick summary, more details as follows:

OpenSUSE 10.3 – Improved Boot Times

OpenSUSE 10.3 will include some great improvements to the init boot scripts which will dramatically decrease the time your computer takes to boot up. These come as the result of many different tests and research.

Tests done using a Sony Vaio VGN-FE11S, with completely default installs, local users, and IP configured via DHCP.
10.2 => 55 seconds
10.3 Beta 1 => 27 seconds!

more information here

OpenSUSE 10.3 – One-Click Install: Hassle-Free Installation of Software

Once you click on 1-Click Install you are guided through a wizard that guides you through the simple process of installation the application. It will automatically add the repository for you and install the package.

more information here

OpenSUSE 10.3 – New Package Management

OpenSUSE 10.3 is set to contain a new, significantly improved and more mature package management stack by default. ZMD, the package management component causing problems in SUSE Linux 10.1 and to a lesser extent in OpenSUSE 10.2, has been completely removed and is now replaced by the new libzypp and its tools.

new tools

zypper, an advanced, featureful command-line tool
OpenSUSE Updater, a software updater applet that notifies you about software updates

more information here

OpenSUSE 10.3 – Compiz and Compiz Fusion

Compiz and Xgl are two classic examples of where SUSE engineers have revolutionised the Linux desktop. OpenSUSE 10.3 will contain the latest Compiz 0.5.4 installed by default, and Compiz Fusion – the result of a merge between the Compiz and Beryl communities – will be available in the official online repository for all to get through YaST.

features

1. having native KDE window decorations while still running compiz
2. Blurring of windows (such as inactive/background windows)
3. The ability to highlight particular areas of the screen or to just draw on any part of it – useful for presentations
4. The animation plugin produces beautiful window effects on window transformations.
5. Added cube effects, incl. viewing all desktops at once
6. Added accessibility features and functionality

CompizConfig Settings Manager

Compiz Fusion has a completely new manager for handling its plugins and settings, as well as all settings belonging to Compiz itself: ccsm. It has a more accessible and intuitive design while still retaining all the same configurability.

window navigation

There are now a couple of possiblities, a Ring Switcher and a Shift Switcher. The Ring Switcher rotates the Windows as you press Super+Tab, and the Shift Switcher focuses onto one window while placing the others to the side; you can then shift which window is focused, while throwing the others to the side.

more information here

OpenSUSE 10.3 – KDE 4

The old component-style of packaging for KDE has also gone, and applications are now in separate individual packages. Games are the first components to be included in KDE 4. If you would like a LiveCD with KDE 4 on it, see the KDE Four Live CD.

more information here

OpenSUSE 10.3 – SUSE-Polished GNOME 2.20

The new Note Synchronisation feature allows you to synchronise your notes with all the computers that have Tomboy. If you mention an attached file in an email you are sending, and forget to attach it, Evolution will now pop up a little reminder asking you if you really wish to send the email without an attachment. There is also considerable work done on the new GTK+ front-end to YAST.

more information here

OpenSUSE 10.3 – 1-CD Installation & Multimedia support

In the past, OpenSUSE releases were primarily provided over 5 open source software (OSS) CDs, 1 optional non-oss add-on CD, or the 1 DVD which was the sum of those CDs. Though you only needed 3 of the first 5 OSS CDs for a default KDE and GNOME installation, it was not seen as an ideal scenario. Now the 5 OSS CDs have been commpletely dropped, and in their place comes two new CDs.

1 OSS CD for a complete KDE installation

1 OSS CD for a complete GNOME installation

An extremely nice feature in the installation of OpenSUSE 10.3 is the new default option of adding repositories before the installation. OpenSUSE has always had a default installation for each desktop environment, but it has also always given you the choice of installing exactly what packages you want from the given media.

OpenSUSE 10.3 – OpenSUSE Codec Installer

Now, with a completely default OSS installation, if you try to play an MP3 (in Amarok or Banshee) you will get a nice little dialog informing you that you have attempted to play an audio file that is currently not supported. It also gives you the option to install the additional codecs providing you with MP3. This link will take you to a place where you quite simply only need to click on one link, and, using One-Click-Install grab the GStreamer Fluendo codec for you and install it (not available in RC1, but will be in the final release), leaving you ready to play MP3s straight away!

more information here

OpenSUSE 10.3 – Virtualization

VirtualBox – VirtualBox is a wonderful new open source virtualisation product, with a huge range of capabilities, and excellent documentation. As well as having nice enterprise features, for the regular openSUSE user it can be a great tool for trying out new installations or live CDs of openSUSE, and even other operating systems and distributions altogether.

Xen 3.1 – openSUSE gets all the enterprise Xen virtualisation features, such as full support for Xen 3.1 virtualization on both 32- and 64-bit x86-based architectures with the capability to host 32-bit virtual machines on 64-bit virtualization host servers. It also features support for both paravirtualization and full virtualization on the same server, leveraging both Intel VT and AMD Virtualization (AMD-V) processor capabilities. Also, a fully graphical and command-line virtual machine management tools for easy virtual machine (VM) administration and configuration, as well as tools for VM installation and lifecycle management.

VM YaST Module – To help with setting up and configuring Xen, openSUSE even has a nice Install Hypervisor and Tools (in the yast2-vm package) module which can do a lot of the work for you. After the install has finished you’ll have two extra YaST modules to create and manage virtual machines.

Kernel-based Virtual Machine (KVM) – Also in this release is the latest Linux kernel virtualisation infrastructure, KVM. KVM itself is to be considered experimental, but it is progressing very quickly. The latest versions come with reports of even better performance and Windows Vista support.

more information here

OpenSUSE 10.3 – A Plethora of Other Great Improvements

OpenSUSE Updater as an Upgrade Tool too – ‘updates’ refers to patches, ‘upgrades’ refers to package versions – the OpenSUSE Updater tool does both of these important tasks

Guru Repository Merging into Packman

Xfce 4.4.1 – An impressive lightweight desktop environment – somewhere between window managers and full-blown desktop environments like KDE or Gnome

OpenSUSE Community Translations – The community is now able to participate in localization efforts

Redesigned Network Card Module – The new one is simpler, clearer, and better reflects the more common situations and usage of the network card module

OpenOffice.org 2.3 – bunches of new features – really there are too many to list

Community Repositories – added new Community Repositories module which provides you with a nice list of the main official OpenSUSE repositories, popular repositories from the OpenSUSE Build Service, and other repositories added by the community from other locations.

KDEPIM Enterprise Branch – This version contains a whole bunch of fixes and a few handy new features such as the Favourite Folders container

Giver – Easy Local File Sharing – To transfer images, files or even folders, all you have to do is drag it onto the person you want to send it to. They will get a small dialog asking them to accept or decline receiving the file. If they accept, it’ll pop up right onto their desktop. Simple!

KIWI – Unlike other system image tools, KIWI is completely configurable and has a very clean design. You can specify exactly the packages that you want, and you can build a full range of images including Live CDs, Installer Images, virtualisation systems like QEMU/VMware and Xen images, network (pxe) images and more. It is even now used as the base for LTSP in OpenSUSE.

more information here

Full details are available from the OpenSUSE Sneak Peeks page.

Article By: Scott Morris (SuSEBlog.Com)





Skype Outage!

21 08 2007

Well, While at work I noticed that Skype was not working. So as a good little IT Manager I sent a email you all the employees letting them know sent our help desk tickets were growing with complaints about Skype not working. At least this gives me a excuse to implement a Jabber Server a