LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-13-2015, 02:00 PM   #226
a4z
Senior Member
 
Registered: Feb 2009
Posts: 1,727

Rep: Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741

Quote:
Originally Posted by ReaperX7 View Post
When you update a dependency of software, packages that depend on that package must be rebuilt to use the newer library. This means if you want newer OpenSSH, and you have a newer OpenSSL and newer Linux-PAM, you not only need OpenSSL and Linux-PAM, but now you need shadow, sudo, etc. because they were using the older PAM library and will need these updated as well, and slackpkg does NOT enforce updates to dependencies and packages reliant upon them.
thanks for the FUD, but if a ABI changes of a so this has to happen with each library, not just pam, does this mean all libs with a certain security should follow your do it yourself solution?

(btw, there is at least one tool that can tell you which packages, and even files, depends on a certain library, so to know dependencies is not a problem ;-)


Quote:
Originally Posted by ReaperX7 View Post
Yes, PAM is a good idea, it may be the best damn idea since Colombian Supreme coffee by Juan Valdez, but Slackware does not have any way or means to force updates to software dependencies and packages reliant upon them. PAM is a problem, and it's not a small problem like people think it is.
again, yes, that's why it is not for a do it yourself solution, redundant fore everyone
but I understand, you do not want it because you never needed it.

Quote:
Originally Posted by ReaperX7 View Post
And this is the EXACT reasoning behind dropping it in SBO and letting people decide for themselves.
you got already some statements that optional PAM is not an option in reality but obviously you chose to ignore those posts because you know everything better.
at the end it's a Slackware decision if PAM will be added or not, you do not need to play the last knight for a PAM free Slackware, it is just painful to see how you argue for the sake of arguing, come with FUD nonsense and bringing again and again wrong things that many people, have explained you more than once.
 
2 members found this post helpful.
Old 10-13-2015, 02:09 PM   #227
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,890

Rep: Reputation: Disabled
Its kind of disappointing how many slackware users are not capable or willing to administrate their own systems and demand someone else do their work for them.
 
3 members found this post helpful.
Old 10-13-2015, 02:15 PM   #228
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,449
Blog Entries: 15

Rep: Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023
Quote:
Originally Posted by Smokey_justme View Post
So you know what... If you don't like PAM you should be the one that should keep track of the packages needed to make the system work without it since you have the time, the posibility and take almost no risk by doing this.. It just makes sense.
You make as much sense as the people who wanted Pulseaudio in Ubuntu.
 
Old 10-13-2015, 02:56 PM   #229
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by orbea View Post
Its kind of disappointing how many slackware users are not capable or willing to administrate their own systems and demand someone else do their work for them.
Thinking that you are smarter then the team that creates the distribution, thinking that you have better resources to test your packages and thinking that you alone will have the time to always keep all those packages up-to-date security-wise (because, guess what, that fucking matters) is just idiotic. That's not knowledge, that being moronic (on -- probably -- someone else's dime)..

With the risk of repeating myself.. It's sad to Slackware that it's users are thinking that Slackware is only good at under-the-table home servers...

Last edited by Smokey_justme; 10-13-2015 at 03:01 PM.
 
5 members found this post helpful.
Old 10-13-2015, 03:00 PM   #230
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by ReaperX7 View Post
You make as much sense as the people who wanted Pulseaudio in Ubuntu.
Yes, PAM and Pulseaudio are the same thing. So are Slackware and Ubuntu.. *for fuck-sackes.. trying to convince you you're wrong is like trying to convince sundial to take off his tinfoil hat*
 
Old 10-13-2015, 03:01 PM   #231
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,890

Rep: Reputation: Disabled
I haven't made any of those points, it would be nice if you didn't use strawmans.

The point which Ponce so kindly pointed out was that pam is available for slackware and has been, feel free to use it. If you are not willing to and yet are still demanding for pam to spoon fed to you then there are other distros where you might have an more rewarding experience. If there is something wrong with the implementations of pam in slackware, feel free to change it to your liking or even do so as a group with all the other people who must have pam at the expense of all the other users. Nothing is stopping you from having pam, but yourself.

Last edited by orbea; 10-13-2015 at 03:06 PM.
 
2 members found this post helpful.
Old 10-13-2015, 03:08 PM   #232
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
I haven't made any of those points, it would be nice if you didn't use strawmans.
You did actually:
Quote:
Originally Posted by orbea View Post
If someone really wants pam, but is not willing to administrate their own system they should probably use another distro anyways.
The fact that you don't realize you did... well.. that's just saying something about the fact that you really don't have a clue of what creating your own PAM packages and maintaining them in your systems would actually mean..

Quote:
The point which Ponce so kindly pointed out was that pam is available for slackware and has been, feel free to use it. If you are not willing to and yet are still demanding for pam to spoon fed to you then there are other distros where you might have an more rewarding experience. If there is something wrong with the implementations of pam in slackware, feel free to change it to your liking or even do so as a group with all the other people who must have pam at the expense of all the other users. Nothing is stopping you from having pam, but yourself.
And I already responded to that post.. And I'm not the only one that did.. Even one package creator to whom he pointed to, did... And we all said the same thing... Do you care to guess what some more or are you willing to actually read all our posts!?

LE: In all fairness to you, orbea, I did ignore the "go for another distribution" in your posts and only responded to the "build it and maintain it yourself" parts of your posts... I do agree that going for another distribution is the way to go for PAM right now.. Nobody is forcing something on any of us and I, for one, am not trying to force PAM in Slackware.. But I think it's important we state our wishes about the progress of the distribution, especially when they make sense...

Last edited by Smokey_justme; 10-13-2015 at 03:35 PM.
 
2 members found this post helpful.
Old 10-13-2015, 04:13 PM   #233
chemfire
Member
 
Registered: Sep 2012
Posts: 253

Rep: Reputation: Disabled
Quote:
Originally Posted by mfoley View Post
Could you elaborate? What about NFS won't work? Could my Samba4 server not export with the AD user's UID:GID?
NFS won't work because, I was never able to get consist rid/gid/uid mapping between two servers. As a consequence the user and group owners would be 'scrambled' when exporting a file system over nfs, because nfs sends the numeric uid/gid values.


Quote:
Originally Posted by mfoley View Post
"Old articles ..." Why old? I would think that "Single sign on" would be well established in the Unix world for decades now, and would be a useful and common implementation for Linux networks.
I did my best find it for you both with Google and digging thru my old book marks. I get a 404 on the article I was thinking of so I guess its gone. man pages it is sorry.

Quote:
Originally Posted by mfoley View Post
Samba4 supposedly has its own Heimdal Kerberos built in. Theoretically, I don't need a separate Kerberos package. Not yet sure if that work with a MIT kerberos on the clients.
Yes but you need the MIT package because it provides a login that is kerberized and some other useful stuff like passwd as well. Those things are looking for /etc/krb5.conf and its associated ticket cache etc. While samba can talk to AD with its built in kerberos those other key things you need (since we don't have pam) have to come from the MIT package and it has to have an live ticket for them to work.

Quote:
Originally Posted by mfoley View Post
I have been following the instructions at https://wiki.samba.org/index.php/Set..._Member_Server but the join doesn't work.


Code:
$ net ads join -U administrator
Enter administrator's password:
Failed to join domain: failed to lookup DC info for domain 'HPRS.LOCAL' over rpc: Undetermined error
This probably isn't the right thread to debug samba issues but I assume you have the domain controller acting as the DNS server in /etc/resolv.conf. If I understand correctly you have Slackware box acting as the DC as well? I only ever tried joining *real* windows domains. With Windows DNS servers, so there might be issues with srv records or something you are fighting here. Just a guess. I would probably try like tcpdump to see if its actually doing any rpc with server should be port 445. My guess is its not even finding the DC.



Quote:
Originally Posted by mfoley View Post
I believe I've just solved that issue yesterday.
Do you have large number of users have you tested what happens when they are the first to establish rid mappings in different orders on more than one Slackware member server? I don't doubt you but you might need to do a fair bit of testing to be sure. This isn't so much a problem as long as you use CIFFS as the main interface between servers, it will map correctly in that case. What I found was: user bob might hit Slackware server darkstar and get assigned uid 5001. Next Ted would hit darkstar and get 5002, then Ted would hit lightstar and get 5001, bob would then hit lightstar and get 5002. Internally within one server it all stays consist but between them stuff gets confused. Again this is okay as long as files are copied between them via CIFFS. smbd will act as the correct uid on that server when doing file operations.

Quote:
Originally Posted by mfoley View Post
What's a VC?
Virtual console [alt]-[F$X]

This is important because you make the login program login.krb, which you have to do if you want to be able to logon to the console with your AD password, should the KDC not be reachable login.krb won't be able to authenticate you. It will fall back to the local files, but it takes like 60 seconds or so. So its best to leave at least one console with regular like VC7 or something so you can logon locally as quickly if the machine is having problems.

Its really the SSH server that you need to recompile but Slackware ssh package includes both sshd and ssh so I just used to re-roll the package. SSH needs check passwords against kerberos.

I am really sorry I wish I could be of more help I really do. I am not with the same organization anymore where I built this stuff. I don't have access to any of those machines and all the step by step documentation I did at the time is on their internal wiki.
 
Old 10-13-2015, 04:30 PM   #234
chemfire
Member
 
Registered: Sep 2012
Posts: 253

Rep: Reputation: Disabled
Quote:
Originally Posted by orbea View Post
Its kind of disappointing how many slackware users are not capable or willing to administrate their own systems and demand someone else do their work for them.
There is a difference between administration of your own system and essentially maintaining your own down stream distribution. Its been well established in this thread that just maintaining outside set of PAM packages isn't really something that is going to be safe for a production system. Even on of the people who maintains a set of such packages agreed to that statement more or less. Almost everyone who is asking for PAM wants it because they want to participate in Active Directory or something similar, which for the most part means they want to use it for something that impacts others and therefore needs to work and work securely.

I have said before I think this thread is good as long as its showing the devs how many people want PAM and why. Its bad when we start acting as if community members are 'disappointments' and yes its bad when people start demanding things. I did not see anyone doing that in the recent posts. They were just expressing their frustration with 'one' aspect of a platform they otherwise love and trying to explain to others why its really a problem for them and not just inconvenient or born of laziness.
 
4 members found this post helpful.
Old 10-13-2015, 05:56 PM   #235
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,449
Blog Entries: 15

Rep: Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023
What makes anyone think any administrator with years of experience would just use an off the shelf Linux distribution without some level of research and reworking on their end? Slackware doesn't even have half the patches used to secure most applications and packages, much less use SELinux and other hardening agents in the system. You guys think PAM is going to be some magic panacea to cure every problem you have? You're out of your head if you believe that nonsense.

Slackware is NOT a corporate level OS out of the box on any level, but if you invest time and PATIENCE, which is something running low these days, you can have a very stable secure, and corporate standardized edition of Slackware in-house. Why do you think Patrick offers /sources with easy to use build scripts? To just look pretty and be all showy as to what a package in Slackware is composed of? No, it's real software that can be used to customize your system, to fit your needs.

My God, one of the first things we learned in my Microsoft Windows Server 2012 R2 class is you don't just use Windows Update recklessly, but you test each update as you go, getting only what applies to you. You don't think that doesn't apply to GNU/Linux or *BSD as well?

Slackware is a foundation you can use to build a reliable corporate, home, or business level operating system, but if you want this, that, and the other, you're going to have to get your hands dirty and stop pulling a John Boehner (a person who doesn't want to get their hands dirty out of fear or laziness that someone else will fix their problem, or it will resolve itself).

As for LFS, yes, LFS isn't a production ready system, but like any system, if you invest into it, it could be. Just don't be lazy about it and think someone else will do your work for you.

Not to be blunt, but administering a system is like good sex, by fair comparison of "if you want it good and right, you gotta work for it and earn it".

Last edited by ReaperX7; 10-13-2015 at 06:01 PM.
 
1 members found this post helpful.
Old 10-13-2015, 06:02 PM   #236
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 9,379

Rep: Reputation: Disabled
Just a question, dear James: how many servers and users did you administrate at most at the same time so far?
 
Old 10-13-2015, 06:38 PM   #237
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
@Reaper: Ok... You're right.. Happy now!? Can you shut up?
 
Old 10-13-2015, 08:02 PM   #238
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,449
Blog Entries: 15

Rep: Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023
Quote:
Originally Posted by Didier Spaier View Post
Just a question, dear James: how many servers and users did you administrate at most at the same time so far?
I administrate my own systems, 1 server and 1 laptop, and I have my own packages I use on my system that are different from the defaults used by Slackware. What I publish on SlackWorks is a derivative of my work I make public. As far as users I have four. Myself, my wife, and my nephew and niece. Everything I use in SlackWorks was either derived from the original scripts and reworked to suit my purposes and packages, or was crafted from script templates to become my own. I HAD to learn to do for myself. It was not easy, but it had to be done.

It doesn't matter how many users, services, resources, and systems I, you, or Sam in Timbuktu administrates, it's doing things the right way that makes a system work, expands your knowledge, and let's you be self-reliant and not some know-nothing tag-along. If you can't learn and do for yourself, what use and good are you as any level of administrator, much less, why are you even near GNU/Linux to begin with?

When people understand GNU/Linux is not Windows, well then, maybe they'll start to figure it out, otherwise, you're just a trend following hipster posing as a GNU/Linux administrator who has no business messing with GNU/Linux in the first place, and people need to learn one thing... do not start or follow trends. I could go on with a rant on that subject and rightfully so, but best to save it for another day.

Last edited by ReaperX7; 10-13-2015 at 08:06 PM.
 
Old 10-13-2015, 08:08 PM   #239
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866Reputation: 4866
Quote:
Originally Posted by ReaperX7 View Post
I administrate my own systems, 1 server and 1 laptop, and I have my own packages I use on my system that are different from the defaults used by Slackware. What I publish on SlackWorks is a derivative of my work I make public. As far as users I have four. Myself, my wife, and my nephew and niece. Everything I use in SlackWorks was either derived from the original scripts and reworked to suit my purposes and packages, or was crafted from script templates to become my own. I HAD to learn to do for myself. It was not easy, but it had to be done.

It doesn't matter how many users, services, resources, and systems I, you, or Sam in Timbuktu administrates, it's doing things the right way that makes a system work, expands your knowledge, and let's you be self-reliant and not some know-nothing tag-along. If you can't learn and do for yourself, what use and good are you as any level of administrator, much less, why are you even near GNU/Linux to begin with?

When people understand GNU/Linux is not Windows, well then, maybe they'll start to figure it out.
There is a difference between knowing how to do something and not having the time to do something and therefore suggesting that something (that is incorporated in any other distro) possibly may be incorporated into Slackware. This does not say anything about the knowledge, laziness or competence of an administrator.
 
Old 10-13-2015, 10:06 PM   #240
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,449
Blog Entries: 15

Rep: Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023Reputation: 2023
Not having time? Sorry, but that's nothing more than an excuse if you ask me. If you don't have time, you make time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PAM and Slackware 10.2 darkarcon2015 Slackware 15 10-20-2007 02:32 PM
PAM Available For Slackware 10.0 eric.r.turner Slackware 14 09-22-2006 12:08 PM
PAM for my Slackware rmg Linux - Newbie 3 04-06-2006 01:10 PM
does slackware 10 support PAM? joroxx Slackware - Installation 2 11-16-2004 12:06 AM
pam mount in slackware 10 qwijibow Linux - Software 1 08-06-2004 08:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration