Welcome to Planet openSUSE

This is a feed aggregator that collects what openSUSE contributors are writing in their respective blogs.

To have your blog added to this aggregator, please read the instructions.


Saturday
13 August, 2016


face

Здравствуйте читатели, к сожалению, никак не хватает у меня времени сделать еще 2 статьи про быструю настройку NAT и прозрачное проксирование в openSUSE с помощью SQUID. Но надеюсь через 2 недели у меня появиться окошко и я, все-таки, реализую свои планы. А теперь о позитивном, недавно вернулся с конференции HighLoad ++. Узнал очень много нового [...]


face

Привет! Сегодня расскажу вам как быстро поднять файловый сервер в сети, весь процесс настройки не займет и 20 минут(разумеется, если у вас хорошая скорость интернета ) Поехали: 1) Устанавливаем Samba: user@linux-m71t:~> zypper install samba 2) Смотрим конфиг: Хочу рассказать здесь обо всех опциях, которые могут понадобится. По умолчанию в секции global следующие опции: user@linux-m71t:~> cat [...]


face

Здравствуйте, сегодня хочу рассказать, о том, как установить и настроить VirtualBox на сервере, с которым работа ведется только по SSH. Это очень удобно, если где-то у вас имеется мощный сервер, а хочется экспериментов, ставим VirtualBox, поднимаем RDP/VNC в системе, в зависимости от предпочтений и пользуемся Указанная последовательность настройки VirtualBox будет работать в любом линукс дистрибутиве. [...]


face

Вы еще не знаете, как обновить KDE 4.4 вашей Opensuse 11.3 до нового восхитительного релиза KDE 4.5? Тогда этот пост предназначен специально для Вас. Те, кому не терпится увидеть новейший KDE, могут воспользоваться предложением одного из разработчиков KDE Уилла Стивенсона, позволяющим уменьшить количество шагов в процессе обновления. Если вы еще не опытный пользователь или просто [...]


face

Внимание, отличная новость! Недавно команда разработчиков KDE проанонсировала релиз KDE 4.5.0, самого последнего релиза этой знаменитой рабочей среды. Этот выпуск рабочей среды включает обновления для платформы разработчиков, приложений KDE, основного рабочего стола – все это включено в очень важный для всего сообщества KDE релиз. Возможно, из-за слишком больших задержек в процессе выпуска, вы уже не [...]


face

openSUSE линукс считается одной из самых красивых open-source ОС. Учеными доказано - зеленый цвет успокаивает глаза В связи с этим хочу поделиться обоями с символикой хамелеона: Наслаждаемся okbm("http://sapfeer.ru/krasivye-oboi-s-simvolikoj-opensuse/","Красивые обои с символикой openSUSE")


face

Como instalar o Stremio no Linux manualmente

Gostou da volta do Popcorn time? Para não ficar tão dependente desse programa, conheça e veja como instalar o Stremio no Linux manualmente.

Leia o restante do texto "Como instalar o Stremio no Linux manualmente"

Este texto saiu primeiro em Como instalar o Stremio no Linux manualmente


face

My traffic shaping has really worked out using pfsense to lower my buffer bloat and get better network performance.



I built my own pfsense from a Dell OptiPlex 990 SFF PC with an Intel Core i5-2400 3.1GHz. I have installed an Intel PRO/1000 VT Quad Port Server Adapter LP PCI-E for more networks and vlans on my network. Traffic shaping was a breeze with pfsense. I of course run pfsense virtualized as the OS itself doesn't work on the hardware physically. BSD seems to have a limited hardware support than Linux these days. It was really the fact that BSD kernel didn't have the right support for this chip and kept hard locking with a kernel error that made no sense. So I have installed SUSE Linux Enterprise Server 12 SP1 as the HOST OS which is humming along with no kernel errors and pfsense is running as a KVM virtual machine. I have bridged all the network interfaces for the virtual machine and it works great. Its been running for 3 months now with no troubles.

Now to try out Sophos UTM. Looks like a fun alternative to pfsense and its Linux based. :-)



Friday
12 August, 2016


face
Python developers record their dependencies on other Python packages in requirements.txt and test-requirements.txt. But some packages havedependencies outside of python and we should document thesedependencies as well so that operators, developers, and CI systems
know what needs to be available for their programs.

Bindep is a solution to this, it allows a repo to document binarydependencies in a single file. It even enablies specification of which distribution the package belongs to - Debian, Fedora, Gentoo, openSUSE, RHEL, SLES and Ubuntu have different package names - and allows profiles, like a test profile.

Bindep is one of the tools the OpenStack Infrastructure team has written and maintains. It is in use by already over 130 repositories.

For better bindep adoption, in the just released bindep 2.1.0 we have changed the name of the default file used by bindep from other-requirements.txt to bindep.txt and have pushed changes to master branches of repositories for this.

Projects are encouraged to create their own bindep files. Besides documenting what is required, it also gives a speedup in running tests since you install only what you need and not all packages that some other project might need and are installed  by default. Each test system comes with a basic installation and then we either add the repo defined package list or the large default list.

In the OpenStack CI infrastructure, we use the "test" profile for installation of packages. This allows projects to document their run time dependencies - the default packages - and the additional packages needed for testing.

Be aware that bindep is not used by devstack based tests, those have their own way to document dependencies.

A side effect is that your tests run faster, since they have less packages to install. A Ubuntu Xenial test node installs 140 packages and that can take between 2 and 5 minutes. With a smaller bindep file, this can change.

Let's look at the log file for a normal installation with using the default dependencies:
2 upgraded, 139 newly installed, 0 to remove and 41 not upgraded
Need to get 148 MB of archives.
After this operation, 665 MB of additional disk space will be used.

Compare this with the openstack-manuals repostiry that uses bindep - this example was 20 seconds and not minutes:
0 upgraded, 17 newly installed, 0 to remove and 43 not upgraded.
Need to get 35.8 MB of archives.
After this operation, 128 MB of additional disk space will be used.

If you want to learn more about bindep, read the Infra Manual on package requirements 
 
If you have questions about bindep, feel free to ask the Infra team on #openstack-infra.
 
Thanks to Anita for reviewing and improving this blog post and to the OpenStack Infra team that maintains bindep, especially to Jeremy Stanley and Robert Collins.

face
Disclaimer: I am not an expert. This post is my opinion, take it with a teaspoon of salt. I am still learning (a student if you will), don’t rely on my opinions to keep your privacy in tact.

I was browsing around the interwebs last night and came across a post that I felt provided some strange and bad advice for privacy conscious users. It seems to mislead readers into thinking simply the use of these tools will allow you to hide your identity when this is really not the case. The post in question can be found here. There are many posts on the Internet that provide the same or similar advice so this really is not an attack against the author, I am sure they meant well, I just want to highlight the issues that the article has.

To be honest, there is no silver bullet solution to ensuring privacy/anonymity in the Internet, particularly if you are trying to hide from an all powerful adversary. Many tools, even the ones that have good encryption leak metadata that can be used to fingerprint users. So the truth is you need to learn to compartmentalize (separate your identities) yourself if you really want to hide, using hipster services that have never been audited, or running them yourself is a terrible idea unless you really really know what you are doing (protip: you don't).

I have made a list below that covers all the issues I have with this article, hopefully it provides some useful insight:

  1. The article starts off with this:
Your selfies or any other stuff you have on your device or what ever sites you visit are nobody’s concern but yours, so here is my list of over 30 things to help keep your devices and communications private.
But why is privacy important if I am not doing anything wrong?
Well I am not saying that you would, but… if you did a search for spoty dick cream, do you really want 2000 companies around the globe tracking that information? Privacy is a human right and if you close your curtains at night, its because you really do expect some level of privacy.

The author implies that using certain tools will make you “go dark” on the Internet when this just isn't true (I will discuss this more in detail further down). Since it is not clear who we are trying to hide from (Google? Facebook? Your ISP?) it is difficult to know for sure how much effort we should put into trying to stay hidden.

2. VPNs

So lets get started by closing the curtains and using a VPN. This wont make you anonymous but will help keep you private. Importantly it should have a no logging policy and is based outside the US, support OpenVPN, use encryption as well as accept Bitcoin. Here are only four that I found that fit the criteria:

Here’s the thing with this suggestion, If


face

Como instalar o Kernel 4.x nos sistemas baseados em RPM

O kernel 4.x está sendo atualizado continuamente. Por isso, se você precisa instalar ou atualizar o Kernel 4.x nos sistemas baseados em RPM, veja abaixo como fazer isso.

Leia o restante do texto "Como instalar o Kernel 4.x nos sistemas baseados em RPM"

Este texto saiu primeiro em Como instalar o Kernel 4.x nos sistemas baseados em RPM


face

Dear Tumbleweed users and hackers,

First, apologies for skipping last weeks review. There was only one single snapshot (0730) released in this time. This snapshot alone would have given enough reason for a post though. But let me catch up on that, including the snapshots of this week (0803, 0805, 0806, 0808, 0810 and 0811).

Last week, there was only one snapshot as we were fighting issues with two systems which are crucial to openSUSE Tumbleweed: openSUSE Build Service and openQA. Both had some unrelated failures and both teams managing them were more than helpful in getting to the bottom of the issues – Thank you guys!

Now, with so many snapshots to report on, what did we get?

  • Linux Kernel 4.7.0 (0730). As usual, 3rd party drivers have proven to be a source for frustration
  • libinput 1.4.0 (the version is ‘done’ as per upstream’s blog. To be read with a grain of salt)
  • GIMP 2.8.18
  • GNOME Maps 3.20.2 – As MapQuest changed their ToS, a new tile provided needed to be added
  • LXDM was dropped: users are migrated to lightdm
  • Plasma 5.7.2

Quite a list – and I did not mention all packages, as usual. You can find more details in the various changelog files / snapshot announcement mails.

So, with so many things provided: are we done? Of course not: Tumbleweed is rolling – and nothing is taking it the wind out of the sails. Things queued up to reach you soon are:

  • Plasma 5.7.3
  • Mozilla Firefox 48.0
  • glibc 2.24

Thanks to all the contributors keeping this distribution rolling.


face

Receitanet no Debian, Fedora e derivados

Se você quer instalar o Receitanet no Debian, Fedora e derivados ou sistema que suportem pacotes deb e rpm, veja como fazer isso.

Leia o restante do texto "Como instalar o Receitanet no Debian, Fedora e sistemas derivados"

Este texto saiu primeiro em Como instalar o Receitanet no Debian, Fedora e derivados



face

datum konání 1-2 října 2016
místo - Convention Hall UIN Sunan Kalijaga, Yogyakarta
Jl. Laksda Adisucipto Yogyakarta 55281
další info naleznete na news.opensuse.org


face

 

 

 

We are happy to announce that Ramadoni Ashudi design from Indonesia is selected as official logo for openSUSE.Asia Summit 2016 in Yogyakarta, Indonesia. As the winner Ramadoni Ashudi will receive a “magic box” from the committee.
Ramadoni Ashudi submit two designs and his design-2 selected by 28 voters. His design depicts his version of Tugu Yogyakarta, a monument built by Sultan Hamengkubuwono I, the first King of Yogyakarta in 1755.
Ana Maria Martinez from Spain also submit her version of Tugu Yogyakarta and selected by 17 voters on the 2nd place.
On the 3rd place, Shawhong Ser from Thailand submit a design that showing Arjuna character from Wayang Kulit, a traditional Javanese shadow puppet. Arjuna is the 3rd Pandava Brothers from Mahabharata. It is selected by 9 voters.

Total of voters = 65
Ramadoni Ashudi-2 = 28
Ana Maria Martinez = 17
Shawhong Ser =  9
Aris Winardi =  4
Ramadoni Ashudi-1 =  4
Kukuh Syafaat =  3
Danang Aji Bimantoro-1 =  0
Danang Aji Bimantoro-2 =  0

The complete result can be seen on the contest web page

Congratulation to Ramadoni, and many thanks and appreciation to Ana, Aris, Danang, Kukuh, Shawhong  for your participation in this contest.

Have fun.


Thursday
11 August, 2016


face

With any software package, you will need additional packages to run it. Often, there's a tight coupling: The software package will only run with specific other package versions. This dependency information is sometimes found in README files, in code, or in package metadata. If you install the package, you need to figure out the dependency and
handle it properly.

The Python package installer pip uses a list of requirements to install dependent Python packages. This list not only contains the name of packages but also limits which versions to use, or not to use.
In OpenStack we handle these dependencies in a global requirements list and use it for most of the repositories. During initial testing a specific package version is tested but at a later point, another one might be used, or during deployment again another one.

To document what was tested, give guidenance for deployment, and help to figure out breakage by upstream projects, the OpenStack requirements projects maintains a set of constraints with packages pinned to specific package versions that are known to be working.
These are in the upper-constraints.txt file.

Devstack already handles upper-constraints.txt when installing packages and I'm happy to say that tox, the Python testing framework used in OpenStack, can now handle upper-constraints as well everywhere.


Constraints for tox based jobs

To use constraints, change in tox.ini the install command to:

install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}

Caveat

Note that constraints are used for the installation of each packages, so if you want to install a package from source and have constraints for a specific version in the constraints file, it will not work. This happens with some of  the OpenStack python client packages: When they install their dependencies, those might
have a dependency on the client package itself. And this then will cause an error since the client package should get installed from source.

So, projects need to remove the constraints file for themselves if they run into this. Packages like python-novaclient and python-glanceclient therefore use a wrapper (tools/tox_install.sh) as
install command to edit the constraints file first and remove their own project from it.

Also, be aware that this only for those jobs that have been enabled for it in the project-config repository. It's done for all the generic tox enabled targets and should be done for all custom tox targets as well. Some repositories are not using constraints like project-config
itself, so those jobs are not set up.

Constraints for DevStack jobs

Devstack-gate takes care using constraints, there is nothing for a repository to do to honor constraints.

Check the devstacklog.txt file, if constraints are in use it will use lines like:

Collecting oslo.context===2.7.0 (from -c /opt/stack/new/requirements/upper-constraints.txt (line 204))

References

To learn more about constraints read the requirements documents. There is also a spec that explains all the steps that where


face

        Stop Press : La Mairie de Rouen met à notre disposition une salle au rez-de-chaussée et qui sera plus pratique et accessible pour tous. On vous attend! Le samedi 17 Septembre 2016, nous organisons notre Journée Mensuelle du Logiciel Libre au Rez de Chaussée de la Maison St Sever à Rouen (Centre Commercial […]


face

Video tutorial sobre cómo descargar desde SoundCloud sólo con nuestro navegador web sin plugins, extras, ni páginas de terceros. Sólo con las herramientas del navegador Firefox.

Mozilla_Firefox_logo

¿Quieres descargar un audio de SoundCloud y no encuentras la manera de hacerlo? Con este sencillo video tutorial veremos cómo.

Ayer estuve investigando la manera de poder descargar audio de SoundCloud, pero todas las opciones me remitían a utilizar extensiones para el navegador, o utilizar webs de terceros.

Como esas opciones no me convencían, estuve indagando con las propias herramientas del navegador Firefox y finalmente conseguí descubrir cómo hacerlo. En este video tutorial te enseño cómo lo hice. Espero que te sea útil.

El vídeo lo puedes ver y descargar desde Archive.org

También puedes encontrarlo en YouTube en este enlace:

No es necesario que te suscribas al canal, que le des al like ni nada de eso…



Wednesday
10 August, 2016


face

                                    La 8ème édition du forum A l’asso de Rouen qui se déroulera le samedi 10 septembre 2016, de 10h à 18h. Cette forte affluence montre à quel point cet évènement est un rendez-vous important pour le monde […]



face

Tumbleweed-black-greenSince the release of Linux Kernel 4.7 in the 20160730 snapshot, which brought lengthy email discussions about out-of-tree and third-party drivers on the Factory mailing list, openSUSE Tumbleweed produced three snapshots.

Snapshot 20160803 made a small update to the repositories for Mozilla Thunderbird and k3b. The snapshot updated libzypp to version 16.2.1, gnome-online-accounts to 3.20.3 and obs-service-source_validator. In 20160803, virt-viewer had the most changes.

Snapshot 20160805 brought more package changes and one major uninstall. LXDM was dropped from openSUSE Tumbleweed and uninstalled in this snapshot. LightDM is being used in the environment instead and is auto-installed with a change configuration for those who are using LXDM. This snapshot provided several repository updates, and NetworkManager-gnome, Libreoffice 5.2.0.4 and WireShark 2.0.5 were a few of the many changes found is 20160805.

The most recent snapshot, 20160806, updated Inkscape, which provides more extensions. Wayland-protocols updated to a new upstream release of 1.5 and btrfsprogs has new options to run in the background with version 4.7.

Tumbleweed users will likely get Plasma 5.72 in the next snapshot, which should be released soon.

openSUSE Leap

In two weeks is the submission deadline to get packages in the next version of openSUSE Leap 42.2. The Beta 1 is scheduled for release at the end of this month, according to the roadmap.

The current development version, Alpha 3, needs more people to test the version and file bugs. Download Alpha 3 and test it out at software.opensuse.org.


face

Dovolujeme si Vás pozvat na letošní ročník konference LibreOffice, která se koná v Brně ve dnech 7.-9. září 2016.


Tuesday
09 August, 2016


face

¿Quieres conocer las noticias y eventos de la Fundación de Software Libre? Entonces sigue leyendo

FSF_logo

La Fundación para el Software Libre o Free Software Foundation (FSF) es una organización creada en Octubre de 1985 por Richard Stallman y otros entusiastas del software libre con el propósito de difundir este movimiento.

La Fundación para el software libre (FSF) se dedica a eliminar las restricciones sobre la copia, redistribución, entendimiento, y modificación de programas de computadoras. Con este objeto, promociona el desarrollo y uso del software libre en todas las áreas de la computación, pero muy particularmente, ayudando a desarrollar el sistema operativo GNU.

Además de tratar de difundir la filosofía del software libre, y de crear licencias que permitan la difusión de obras y conservando los derechos de autorías, también llevan a cabo diversas campañas de concienciación y para proteger derechos de los usuarios frentes a aquellos que quieren poner restricciones abusivas en cuestiones tecnológicas.

Mensualmente publican un boletín (supporter) con noticias relacionadas con sus campañas, o eventos. Una forma de difundir sus proyectos, para que la gente conozca los hechos, se haga su propia opinión, y tomen partido si creen que la reivindicación es justa!!

no_privacy_without_free_software

Puedes ver todos los números publicados en este enlace: http://www.fsf.org/free-software-supporter/free-software-supporter

Aqui te traigo un extracto de algunas de las noticias que ha destacado la FSF este mes de agosto de 2016, pero puedes leer el boletín completo en español en este enlace:

.- Microsoft Egde y Netflix – ¿Probando nuevas restricciones bloqueando a los navegadores de la competencia?

Del 15 de julio

Microsoft apareció en las noticias la semana pasada cuando anunció que su navegador de internet, Edge, podía brindar una experiencia aún mejo en cuanto a las transmisiones de Netflix que cualquiera de los tres navegadores más populares.

Pero esta aseveración no parece ser del todo cierta. Parece que para lograr esto Netflix hizo uso de su DRM (siglas en inglés de gestión digital de restricciones) al brindarle a Microsoft un permiso criptográfico exclusivo, bloqueando a los otros navegadores.

Parece que Microsoft y Netflix están, deliberadamente, limitando la interoperabilidad a través de su DRM y ambos hacen uso de las EME (siglas en inglés de extensiones de medios cifrados ) para facilitar este control.

Apoya a los disidentes en la W3C firmando nuestra petición en contra de las EME o agregando una foto de protesta en nuestra galería, cada vez más grande. Puedes realizar una declaración aún más fuerte solicitando, respetuosamente, una reunión con uno de los contactos regionales y expresándole tus preocupaciones en persona.

.- Cuidado con el “apoyo” contradictorio

Del


face

openSUSE.Asia Summit is a 2 day event hosted every year in different regions of Asia to promote openSUSE and open source.  Hosting a variety of  workshops, talks and a hackathon, openSUSE Asia summit is expecting over 400 participants. Attendees will learn how to use openSUSE and incorporate it in their personal as well as professional lives. They will also understand the dynamics of the openSUSE project and meet the openSUSE contributors and board.

In addition, we have chance to learn free and open technologies, to share experiences with each other, and most of all, have fun at the Summit, and, in beautiful tropical scene of Yogyakarta region (a travel guide for you coming soon). In previous years openSUSE.Asia Summit has been held in Beijing, China in 2014 and National Taipei University of Education,Taipei / Taiwan, Republic Of China 2015.

Full schedule can be found at  https://events.opensuse.org/conference/summitasia16/

Dates 1st & 2nd October, 2016
Address: Convention Hall UIN Sunan Kalijaga, Yogyakarta
Jl. Laksda Adisucipto Yogyakarta 55281
Price
IDR 50K – for students
IDR 100K – for professionals

Facilities

  • Goodie bag
  • T-Shirt
  • Merchandise
  • Certificate
  • Lunch and Snack

How to pay for the ticket

Account holder’s name: Yan Arief Purwanto
Bank Central Asia (SWIFT Code: CENAIDJA)
Account number: 445 088 9143

Please send the confirmation email along with the ticket and transfer receipt in the attachment to:
yan@yanrf.com


Monday
08 August, 2016


face

¿Quieres saber la distancia entre dos puntos de una ruta? Marble con OpenStreetMap es una alternativa a otras opciones como Google Earth.

irreductibles_hackers

Quizás este verano tienes pensado hacer alguna ruta a pie. O quizás vas a visitar una ciudad y quieres saber cual es la distancia entre ciertos puntos de tu visita. Gracias a OpenStreetMap y Marble, tendrás una manera de conocer esos datos sin necesidad de utilizar los omnipresentes servicios de la gran G como Google Earth.

Primero presentemos los ingredientes:

  • OpenStreetMap: Es la wikipedia de los mapas. Un sitio en el que usuarios de todo el mundo editan mapas y los llenan con información local de sus lugares. Un sitio abierto que utiliza datos públicos y estándares abiertos.
  • Marble: Es un programa del proyecto KDE que te ofrece un globo terráqueo en tu equipo, con información completa, y un atlas de todo el mundo con información útil. Es software libre multiplataforma, y también hay una versión Beta para Android.

Planteamiento

Estoy de vacaciones, y aprovecho para andar un rato y desentumecer mis extremidades a la vez que me oxigeno, hago ejercicio y trato de mantener a raya mi incipiente “barriguita”. Siempre hago la misma ruta por las afueras de mi ciudad, donde se confunde con el aspecto de un pueblo.

El recorrido lo hago en base al tiempo invertido, es decir, ando sobre 40 minutos de ida, y llegado ese tiempo doy la vuelta. Más o menos siempre llego hasta el mismo punto. Pero siempre tenía la duda de saber aproximadamente cuantos kilómetros eran los que andaba.

Mirando por la red una de las opciones más recurrentes era descargar Google Earth y con ese software de la gran G medir la distancia, ya que lo permite. Pero me resistía a ello, o por lo menos quise saber si existía otra manera.

Y aquí fue cuando encontré la manera mediante Marble en mi escritorio Plasma y su integración con los mapas de OpenStreetMap, ya que esta mezcla también permite la medida de distancias entre puntos.

Nudo

Así que me puse a ello. Para el ejemplo voy a suponer que estoy en Madrid la capital de España, y quiero hacer una excursión de la Plaza de España hasta Atocha donde tengo que coger el tren. En mi ejemplo voy a añadir un punto intermedio para forzar a la ruta a ir por la Gran Vía madrileña, ya que quiero pasar por allí.

Abro Marble y de todas las opciones para visualizar (en la parte inferior izquierda) escojo la de OpenStreetMap. En la parte de la izquierda selecciono la pestaña de “Routing”. Quizás en tu sistema este completamente traducido, y ponga “Ruta” o algo similar.

Voy a escoger el primer punto de la ruta, pincho sobre A y selecciono la opción “+ from map” el cursor cambia a una diana y selecciono un punto


Uzair Shamim: What is PAM?

01:26 UTC

face

The last post I did was the start of the Comprehensive Guide To AppArmor which took a look at the basics an administrator or developer needs to know to start creating and deploying AppArmor profiles for a program. In the post I also left a question for the reader regarding AppArmor being used to replace the traditional DAC permissions (but never should!) and how you could use it to remove access to a file from a specific user (rather than a program). However this requires usage of the pam_apparmor module for PAM and due to this, before going into depth with using pam_apparmor, you should make sure you have a grasp of the basics of PAM and its configuration files.

Seriously What Is PAM?

PAM stands for Pluggable Authentication Modules and is used to perform various types of tasks involving authenticaction, authorization and some modification (for example password change). It allows the system administrator to separate the details of authentication tasks from the applications themselves. This allows the policy to not only be generic, it means that the programs do not need to be modified in order to update the policy! An example of PAM usage is controlling login attempts to a shell/GUI interface so that only successful authentication and authorized events are allowed. You could also use PAM to control who can use the su binary to switch identities or control who can use the passwd utility to change passwords.

Overview

When a developer wishes to interact with PAM to let it handle events, they must include libpam which allows communication via the API provided by the library. When PAM sees a new event that it must process, it will look at the relevant configuration files found in /etc/pam.d and determine which modules must be used at certain stages.

Source: http://www.tuxradar.com/content/how-pam-works

PAM is capable of using context to determine what it needs to do, for example the pam_unix.so module has capabilities for the auth and account stack. In the auth stack it checks a username and password combo while in the account stack it will check a users aging and expiration info. This versatility is one of the reasons PAM has been so popular in the UNIX world, it allows for solutions that can be combined to create a generic library to deal with certain type of request.

How Do I Tell A Program Supports PAM?

This is usually pretty easy, you can use ldd to check if libpam is in use:

comp:/home # ldd /usr/sbin/sshd | grep pam
libpam.so.0 => /lib64/libpam.so.0 (0x02209ddace0105400)
comp:/home # ldd /bin/su | grep pam
libpam.so.0 => /lib64/libpam.so.0 (0x02999ddace0105400)
libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x12211ddace1105400)

Configuration

As I already mentioned, PAM configuration files are stored in /etc/pam.d for all valid programs. A line in a configuration file will look something like this:

auth sufficient pam_rootok.so

There are three parts to this


Friday
05 August, 2016


Michael Meeks: 2016-08-05 Friday.

21:00 UTCmember

face
  • Up early, bid 'bye to J. and the larger babes - let the smaller ones get going on Lego Mindstorms EV3 to have a first play with it clear of larger person interest.

face
Openstreetmap has a problem... and a rather fundamental one. Saving all data in WGS-84 is nice and simple... but continents actually move. And that's why different countries use different coordinate systems. Australia moves a lot... cnet.com/.../australia-has-moved-1-5m Good thing is that we could map ships with that support. I guess there are other fundamental issues: world is 3D, and that is actually problem for multi-floor buildings. Plus, attributes for attributes would be useful. As in source:surface=survey...

face

So I configured scroll-lock & pause to select volume up/down. Works well so far. I also remapped workplace switching to F1-F12 (without alt). Works well so far, as I switch workplaces a lot, and nothing really uses F1-F10.

Ouch, and for czech readers... UCW keyboard lives. Mate (== gnome2), in layouts add Czech Czech (UCW layout...), a v optionech "switching to another layout" capslock (while pressed)".

<- Current blog entries