Authentication weirdness…

For some reason, some of my servers have been having trouble with AD authentication. The symptoms were: when logging into the console using an AD enabled account (i.e. an account that should be authenticated by AD), despite providing the correct password the system will return password incorrect. Upon providing the username again, the user is immediately granted access without having to provide a password.

I’m not sure about the provide-once-denied-provide-name-authorized behavior, but after some testing I discovered that the reason that it’s not letting the user in the first time is because the lines for pam_unix and pam_kerberos (pam_krb5 to be exact) in /etc/pam.d/system-auth are reversed. It should have pam_unix before pam_kerberos. I have no clue what is causing these lines to be reversed in the configuration file. I’m configuring all of the authentication and security measures using the esxcfg-... commands so it seems weird that starting with the blade servers this behavior has been exhibited.

Anyway, the fix files: one bash, one awk…

Read moreAuthentication weirdness…

Does anyone know the password for this database?

Those that I work with know that my first, and primary, job is as a MySQL DBA. Unfortunately, cause I love MySQL, I haven’t been doing as much with it lately because of all the virtualization work going on.

Today I’m going to post about MySQL. Occasionally you may encounter a MySQL server that has been around for a while, and no one knows who set it up, where it came from, or who owns it. Those wonderfully inaccessible databases are still someone’s responsibility. So, what do you do if you don’t know the root password? Well, it’s actually not all that difficult, assuming you can start and stop the instance a few times.

Read moreDoes anyone know the password for this database?

Fedora 8 Suspension

I’ve previously mentioned that I use Fedora 8 on my laptop at home. It is a Core 2 Duo Dell with a GeForceGo 7300. Originally, it had Vista Home Premium, and I really did give Vista a chance (for almost 8 months!!), but I just like linux more. I do still have to go back to Vista on the (extremely) rare occasion I need bluetooth support. For some reason I can’t get the integrated bluetooth modem to work with Fedora. The GeForce Go has caused me nothing but problems. Nvidia’s normal drivers won’t work with the Go series from Dell, I have to get the drivers directly from Dell…and they are flaky.

Anyway, I recently reloaded my laptop and let it update everything to the newest available. Unfortunately, at some point, suspend stopped working. I’m not sure when it was (it applied ~ 300 updates), but it stopped. Well, it didn’t exactly stop working…it still suspends, once, after which the monitor refuses to work. I can still ssh in, and everything seems to be functioning normally, but the monitor doesn’t work. Which makes a laptop very useless.

So, since I’ve reloaded linux a number of times, and it seems each time I forget what I did to fix it, I’m documenting it for myself, and posterity.

Read moreFedora 8 Suspension

No wireless networks detected…

I use VMware server on my computers at home. Both of my current systems run Fedora 8, kernel 2.6.25.6-27. I say this because on my laptop I couldn’t configure a VM to use bridged network mode when wlan0 was the only active interface.

After a lot of googling, I came across this post. The post is almost entirely in german, however there is an abbreviated version somewhere in the middle in english.

Normally, I wouldn’t go any further than posting a link, however while I was reviewing some links on my del.icio.us account, I clicked the above, and discovered that the site has a tremendous number of errors. This is bad. It usually means that the site is not well maintained and not long for the internet.

Additionally, the patch that’s posted is slightly out of date. So, I’ve created an updated patch, and I’m going to post some instructions in english here.

Read moreNo wireless networks detected…

sudo, let me log you doing something stupid

Allow me to step on my security soap box for a moment. I’ve seen in many places around the internet where bloggers will recommend, and explain how, to enable root to login to the console via ssh. I can not tell you enough how bad this is. An attacker no longer needs to guess two passwords to gain root access to the system, but, rather, only one. It is much, much more secure to disallow root access.

Access to the console operating system of ESX should be limited to the absolute minimum. Only users who absolutely need it, and know what they’re doing, should be able to login. From the console, the user has access to all of the configuration and datafiles for virtual machines. With the built-in tools provided by VMware, administrators can mount vmdk files and gain read/write access to a virtual machine’s hard drive. Additionally, because nearly all aspects of the virtual networking configuration can be changed from the console operating system, anyone with access can gain the ability to see all network traffic traveling to and from virtual machines.

Ok, less words, more action…

Read moresudo, let me log you doing something stupid