summaryrefslogtreecommitdiffstats
path: root/zarb-ml/mageia-sysadm/2010-November/000815.html
diff options
context:
space:
mode:
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000815.html')
-rw-r--r--zarb-ml/mageia-sysadm/2010-November/000815.html160
1 files changed, 160 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000815.html b/zarb-ml/mageia-sysadm/2010-November/000815.html
new file mode 100644
index 000000000..ab3d67170
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2010-November/000815.html
@@ -0,0 +1,160 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+ <TITLE> [Mageia-sysadm] progress of the night
+ </TITLE>
+ <LINK REL="Index" HREF="index.html" >
+ <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20progress%20of%20the%20night&In-Reply-To=%3C1290485697.2796.87.camel%40akroma.ephaone.org%3E">
+ <META NAME="robots" CONTENT="index,nofollow">
+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+ <LINK REL="Previous" HREF="000829.html">
+ <LINK REL="Next" HREF="000816.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+ <H1>[Mageia-sysadm] progress of the night</H1>
+ <B>Michael Scherer</B>
+ <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20progress%20of%20the%20night&In-Reply-To=%3C1290485697.2796.87.camel%40akroma.ephaone.org%3E"
+ TITLE="[Mageia-sysadm] progress of the night">misc at zarb.org
+ </A><BR>
+ <I>Tue Nov 23 05:14:57 CET 2010</I>
+ <P><UL>
+ <LI>Previous message: <A HREF="000829.html">[Mageia-sysadm] something to not forget in case of svn import
+</A></li>
+ <LI>Next message: <A HREF="000816.html">[Mageia-sysadm] progress of the night
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#815">[ date ]</a>
+ <a href="thread.html#815">[ thread ]</a>
+ <a href="subject.html#815">[ subject ]</a>
+ <a href="author.html#815">[ author ]</a>
+ </LI>
+ </UL>
+ <HR>
+<!--beginarticle-->
+<PRE>Hi,
+
+so, following the meeting of yesterday, here is a new summary :
+- svn ldap access is ready to roll, the module pam::access_commiters
+should work fine.
+
+I have finally found the issue after a long journey in the code of
+openssh and pam_ldap. just for the record, if someone one day see that a
+pam module do not work because openssh give &quot; #010#012#015#177INCORRECT
+&quot; as password to your pam module, this is because there is a error
+before ( in my case, the shell was not installed and this caused openssh
+to overwrite the password to protect from timing attack, see
+pam_auth.c ).
+
+example :
+node svn-server {
+ include pam::commiters_access
+}
+
+this should give access to people from the mga-commiters group, by
+forcing the restricted shell on the server that include the class.
+
+- I have also rewrote the restricted shell module.
+
+Following the previous example, you cannot connect to the server.
+Someone also need to autorise the access, by adding :
+
+node svn-server {
+ include pam::commiters_access
+ include restrictshell::allow_svn
+}
+
+We can for now use git, svn, repsys ( pkgsubmit ), scp, sftp and rsync.
+The 3 last one are not tested, and default configuration requires
+tweaking for filtering the path. There is also support for cvs, but I do
+not think we will use it.
+
+So basically, we could deploy pam::commiters_access , add the proper
+class for svn access, and let people use the svn. We just need to
+migrate the local account to ldap, and setup the ssh keys by ourself.
+
+The next steps are :
+1) add support for ssh keys handling to catdap
+2) deploy a cronjob to checkout keys from ldap to the fs
+this part is half done, but if people have suggestions, do not hesitate
+( I am not much in favor of using patchs on openssh like openssh-lpk
+since they are not upstream )
+
+I would also like that we start to use the class subversion::repository,
+as there is lots of goodies included ( and I need to add more ).
+
+
+Regarding the mailling lists deployment, I have started to work on
+spamassassin integration, using amavis ( as this is the safest way i
+know ). Unfortunately, my knowledge is either out of date ( ie, no more
+rules_du_jour ) or already setup ( ie all plugins that I usually used
+are loaded by default ). So the only customization I have added is rules
+compiling from perl to C. I guess I will also look at enabling pyzor,
+and maybe others tweak on postgrey as suggested by Luca.
+
+I didn't tested anything, so if someone deploy it while I sleep, please
+test before :). But as i think the default setup should just work fine,
+it should not cause real trouble. ( on the other hand, we may need to do
+more test on postfix ).
+
+next steps will then be :
+1) to test and validate the setup
+2) to create 1 mailling list for testing and to see how and what we can
+tweak it ( ie, a guinea pig ml )
+3) to migrate one by one the current mailling list :
+ - subscribers
+ - web archives, if possible by preserving url ( I guess we can do some
+magic on zarb side for this )
+ - gmane
+Mailman can give use archives with mbox, there is ( iirc ) static html
+page for web archives, and we have some basic tools to fetch the
+configuration.
+
+There is currently 12 mailling lists.
+
+( blino also did some work, but I will let him talk of this, like :
+- explaining the cooldron idea
+- the vhost &quot;repository&quot; ( and that he need to add it to dns /o\ )
+
+--
+Michael Scherer
+
+</PRE>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+ <HR>
+ <P><UL>
+ <!--threads-->
+ <LI>Previous message: <A HREF="000829.html">[Mageia-sysadm] something to not forget in case of svn import
+</A></li>
+ <LI>Next message: <A HREF="000816.html">[Mageia-sysadm] progress of the night
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#815">[ date ]</a>
+ <a href="thread.html#815">[ thread ]</a>
+ <a href="subject.html#815">[ subject ]</a>
+ <a href="author.html#815">[ author ]</a>
+ </LI>
+ </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>