diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000815.html')
-rw-r--r-- | zarb-ml/mageia-sysadm/2010-November/000815.html | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000815.html b/zarb-ml/mageia-sysadm/2010-November/000815.html new file mode 100644 index 000000000..ab3d67170 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000815.html @@ -0,0 +1,160 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] progress of the night + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20progress%20of%20the%20night&In-Reply-To=%3C1290485697.2796.87.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000829.html"> + <LINK REL="Next" HREF="000816.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] progress of the night</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20progress%20of%20the%20night&In-Reply-To=%3C1290485697.2796.87.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-sysadm] progress of the night">misc at zarb.org + </A><BR> + <I>Tue Nov 23 05:14:57 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000829.html">[Mageia-sysadm] something to not forget in case of svn import +</A></li> + <LI>Next message: <A HREF="000816.html">[Mageia-sysadm] progress of the night +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#815">[ date ]</a> + <a href="thread.html#815">[ thread ]</a> + <a href="subject.html#815">[ subject ]</a> + <a href="author.html#815">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Hi, + +so, following the meeting of yesterday, here is a new summary : +- svn ldap access is ready to roll, the module pam::access_commiters +should work fine. + +I have finally found the issue after a long journey in the code of +openssh and pam_ldap. just for the record, if someone one day see that a +pam module do not work because openssh give " #010#012#015#177INCORRECT +" as password to your pam module, this is because there is a error +before ( in my case, the shell was not installed and this caused openssh +to overwrite the password to protect from timing attack, see +pam_auth.c ). + +example : +node svn-server { + include pam::commiters_access +} + +this should give access to people from the mga-commiters group, by +forcing the restricted shell on the server that include the class. + +- I have also rewrote the restricted shell module. + +Following the previous example, you cannot connect to the server. +Someone also need to autorise the access, by adding : + +node svn-server { + include pam::commiters_access + include restrictshell::allow_svn +} + +We can for now use git, svn, repsys ( pkgsubmit ), scp, sftp and rsync. +The 3 last one are not tested, and default configuration requires +tweaking for filtering the path. There is also support for cvs, but I do +not think we will use it. + +So basically, we could deploy pam::commiters_access , add the proper +class for svn access, and let people use the svn. We just need to +migrate the local account to ldap, and setup the ssh keys by ourself. + +The next steps are : +1) add support for ssh keys handling to catdap +2) deploy a cronjob to checkout keys from ldap to the fs +this part is half done, but if people have suggestions, do not hesitate +( I am not much in favor of using patchs on openssh like openssh-lpk +since they are not upstream ) + +I would also like that we start to use the class subversion::repository, +as there is lots of goodies included ( and I need to add more ). + + +Regarding the mailling lists deployment, I have started to work on +spamassassin integration, using amavis ( as this is the safest way i +know ). Unfortunately, my knowledge is either out of date ( ie, no more +rules_du_jour ) or already setup ( ie all plugins that I usually used +are loaded by default ). So the only customization I have added is rules +compiling from perl to C. I guess I will also look at enabling pyzor, +and maybe others tweak on postgrey as suggested by Luca. + +I didn't tested anything, so if someone deploy it while I sleep, please +test before :). But as i think the default setup should just work fine, +it should not cause real trouble. ( on the other hand, we may need to do +more test on postfix ). + +next steps will then be : +1) to test and validate the setup +2) to create 1 mailling list for testing and to see how and what we can +tweak it ( ie, a guinea pig ml ) +3) to migrate one by one the current mailling list : + - subscribers + - web archives, if possible by preserving url ( I guess we can do some +magic on zarb side for this ) + - gmane +Mailman can give use archives with mbox, there is ( iirc ) static html +page for web archives, and we have some basic tools to fetch the +configuration. + +There is currently 12 mailling lists. + +( blino also did some work, but I will let him talk of this, like : +- explaining the cooldron idea +- the vhost "repository" ( and that he need to add it to dns /o\ ) + +-- +Michael Scherer + +</PRE> + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000829.html">[Mageia-sysadm] something to not forget in case of svn import +</A></li> + <LI>Next message: <A HREF="000816.html">[Mageia-sysadm] progress of the night +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#815">[ date ]</a> + <a href="thread.html#815">[ thread ]</a> + <a href="subject.html#815">[ subject ]</a> + <a href="author.html#815">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |