Virtual Center 2.0 DB settings

[2006-04-27 11:54:37.236 ‘App’ 1160 error] Failed to intialize VMware VirtualCenter. Shutting down… You need to make the change in your registry in:
HKEY_LOCAL_MACHINE\Software\VMware\VirtualCenter\DB
the third one should be your password in a hash. You can just reset it to and then reset the password to on the SQL server as well to get VC started up. You then go into Admin / System Settings to change your password after that.]]>

Wasabi & Ginger – San Francisco, CA

Wasabi & Ginger
2299 Van Ness Avenue
San Francisco, CA 94109

This is yet another Chinese owned Japanese restaurant. The food isn’t bad.

Spider roll was awesome +10

Nabeyaki Udon was okay +5

Raw fish was okay, but not fresh as I thought it would be according to other reviews -5

Bathroom was typical, but faucet was broken -1

No “irashaimase” (Welcome at the door) -1

Waitress didn’t know what shichimi was (flavor for Udon) -1

Boss was around, so service was good +5

Free ice cream! +5

So overall, I’d say, this place is pretty good. It deserves 4 stars.

How to install VMware Tools in Trustix Secure Linux

How to install VMware Tools

This is taken from: http://www.trustix.net/wiki/index.php/VMwareTools

How to install VMware Tools

This has (so far) only been verified to work on VMware Workstation v5.5 and a TSL 3.0 installation with the following groups installed: “Minimal with SSH”, “Commonly used local utilities” and “Commonly used network utilities”; a typical, almost minimal, TSL system.

Required packages

You need the following packages installed on the system to get VMware Tools to compile the needed modules (other packages may be installed due to dependencies):

make
gcc
glibc-devel
kernel-source

All in one using swup:

swup --install make gcc kernel-source glibc-devel

n.b. –ignore-filter may be required on TSL 2.2 to allow kernel-source to be installed.

Configure kernel-source

VMware tools won’t compile if you have not configured and prepared the kernel-source.

  • The kernel-source installs itself in /usr/src/kernel-source-<version>. You should link this folder to /usr/src/linux:
cd /usr/src
ln -s kernel-source-<version> linux

We also need to copy the kernel config file into our kernel-source:

cp /boot/config-<version> /usr/src/linux/.config
  • Lets prepare the kernel-source for VMware Tools:
cd /usr/src/linux
make oldconfig
make modules_prepare

n.b. With TSL 2.2 use ‘make dep’ in place of ‘make modules_prepare’.

Install VMware Tools

Having your TSL 3.0 installation active, release the lock (CTRL+ALT) and go to the menu and choose:

VM -> Install VMware Tools..

Mount the virtual CD-ROM containing the VMware tools and install the rpm there. Then unmount it.

mount /mnt/cdrom
rpm -Uhv /mnt/cdrom/VMwareTools-<version>-i386.rpm
umount /mnt/cdrom

Compile and configure VMware modules for TSL

To finish the VMware Tools installation we run the VMware tools configure script and it will compile the VMware Tools modules:

vmware-config-tools.pl

Answer yes to all questions and all but the X Windows display driver is configured. See below for X Window driver support.

Optimized network driver – VMXnet

When TSL 3.0 was installed as guest OS it found and installed the pcnet32 driver. You could stick with it, but I would recommend you change it for the optimized vmxnet driver which was just compiled. The following instructions are displayed after vmware-config-tools.pl finish to help you replace the network driver:

service network stop
rmmod pcnet32
rmmod vxnet
vi /etc/modprobe.conf /etc/mkinitrd/modules <-- change vmnics to vmxnet
tsl-fixboot.sh --install <kernel-version>
depmod -a
modprobe vmxnet
service network start

X Window

You need the following packages installed to have the X Window driver compile (other packages may download and install due to dependencies):

xorg-x11
xorg-x11-devel

As always, you may install them all in one using swup:

swup --install xorg-x11 xorg-x11-devel

Now run vmware-config-tools.pl again to compile the svga driver:

vmware-config-tools.pl

NB! You may get a warning about not being able to compile the vmxnet driver. Just ignore that. You already have it installed if you followed the instructions above.

Please note, this will only give you a minimalistic xorg-x11 without gnome or another DE/WM. I would recommend you check out the Desktop Environment section to get a fully working and useful desktop.

If you get the error when compiling the tool: “The kernel defined by this directory of header files does not have the same address space size as your running kernel.”

The way I fixed it was just by using a newer version of VMware-tools. I used the source from ESX 3.0 and you can search on the web and you should be able to find it.

Speed Scrabble® – what an awesome game!

I’ve been a Scrabble fan for a long time. Because I didn’t do well playing it as a kid, I figured, I’m a grown-up now – the same handicap I had back then no longer applies, so I’m going to learn and be the best I could at it. I think a lot of the skills I learned playing Boggle helped me in Scrabble as well.

Anyways, a good friend’s wife, Barbara, just introduced me to a game called Speed Scrabble. Here’s a link to the rules:

http://www.mrkland.com/games/spscrab.htm

We played pretty much that way except that we started with 4 tiles instead of 7.

I was instantly impressed after learning how much faster the game goes and how the flexibility of being able to rearrange tiles on the fly. There’s obviously a different strategy in playing the game and I’m probably going to play this game more often.

Re: The DaVinci Code

uslacker99 wrote:

I wonder how many people they expected to watch the movie without having read the book. I was among one of them. Although I did watch a tv show on it (discovery or history channel), talked to people who read the book, I still didn’t fully understand different parts of the movie. I was lucky to have seen the movie with someone who did read the book so she could explain it to me after. Sorry, thumbs down for the movie. From those who had read the book though, they did say it followed the book pretty well.
Really? ethier book or movie watched :lol:]]>

setup SASL with sendmail

sendmail and SASL. V0.1 of this document show you only how to set up
LOGIN AUTH (several ail client like outlook express, netscape use this
method of authentification. SMTP AUTH are use to permit relaying for
user who where authentified. You must use at least sendmail 8.9.
[wrong, it’s 8.10]
2. Get the needed software 2.1 Download Cyprus SASL You can get the source of cyrus SASL at
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/. Get the latest stable
version.
[1.5.x, no 2.x] 2.2 Download Sendmail You will need to recompile sendmail. Get the source of sendmail
at http://www.sendmail.com if your distribution don’t give you the source.
[http://www.sendmail.org not com!]
For me, i use a slackware, and i have get the source from the cd
source of the slackware. 3. Compile the software 3.1 Compile and install SASL Extract file from the SASL package: gzip -cd cyrus-sasl-1.5.27.tar.gz | tar xvf – Enter the SASL directory, and do a: ./configure –enable-login The –enable-login option will enable login authentification (that
is not enable by default). Check for other option that you will
need (–perfix, …, make a configure –help to show all options).
Next do a make, make install. So sasl is now installed. Depending
to wich prefiw directory you have installed SASL, you will need to
add an entry to /etc/ld.so.conf to add the SASL lib directory. Then
make a “ldconfig”. 3.2 Compile sendmail I will not describe here all the option of sendmail compilation,
but i will show you only how to add the SASL support in sendmail.
In the source directory of sendmail, go to devtools/OS sub directory,
and add to the file that match your plateform: [do NOT do that! Use devtools/Site/site.config.m4
See devtools/Site/README] APPENDDEF(`confENVDEF’, `-DSASL’)
APPENDDEF(`conf_sendmail_LIBS’, `-lsasl’) For me, i add this two line to the devtools/OS/Linux file because
i have a Linux platform. Then recompil and install sendmail. To
be sure that Sendmail have the SASL support, do a: sendmail -d0.1 -bv root | grep SASL You must see something like that: NETUNIX NEWDB QUEUE SASL SCANF SMTP USERDB XDEBUG Make sure SASL appears in the output. Otherwise, recompile sendmail and
make sure you have put the two APPENDDEF line is the correct OS file
for your system. 4. Configure For this example i use only LOGIN method, so only this method will
be described here. LOGIN method will use real user/passwd that are
described by your /etc/passwd. So user in this file are able to do
SMTP AUTH. 4.1 Configure SASL for Login AUTH You must add a file for sendmail configuration of SASL.
Go to the /usr/lib/sasl directory.
Create a file Sendmail.conf with: pwcheck_method: shadow I suppose that your system use the shadow method for user
authentification. If your system uses the (old) password method,
replace shadow by passwd.
4.2 Sendmail configuration.
Edit your sendmail.cf (normally /etc/mail/sendmail.cf).
[Oh, great…. read cf/README] Add this line: # list of authentication mechanisms
C{TrustAuthMech}LOGIN
O AuthMechanisms=LOGIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5]]>

setup STARTTLS with sendmail and openSSL

STEP 1: Enable STARTTLS in sendmail: 1. Install openSSL (http://www.openssl.org) as described in the openSSL’s INSTALL
file. After installation, be sure that the openSSL program is in your path
(cp /usr/local/ssl/bin/openssl /usr/bin), otherwise the CA.pl program does
not work. 2. Create or edit /usr/src/sendmail-8.12.7/devtools/Site/site.config.m4 and
insert the following lines: APPENDDEF(`confINCDIRS’, `-I/usr/local/ssl/include’)
APPENDDEF(`confLIBDIRS’, `-L/usr/local/ssl/lib’)
APPENDDEF(`conf_sendmail_ENVDEF’, `-DSTARTTLS’)
APPENDDEF(`conf_sendmail_LIBS’, `-lssl -lcrypto’) 3. Rebuild and install sendmail with the -c option (see README in
devtools/Site): cd /usr/src/sendmail-8.12.7
./Build -c
./Build install 4. Check to see if sendmail is compiled with STARTTLS: /usr/sbin/sendmail -d0.1 -bp 5. Edit /usr/src/sendmail-8.12.7/cf/cf/sendmail.mc and insert the following
lines: define(`confCACERT_PATH’, `/etc/mail/certs/’)dnl
define(`confCACERT’, `/etc/mail/certs/cacert.pem’)dnl
define(`confSERVER_CERT’, `/etc/mail/certs/cert.pem’)dnl
define(`confSERVER_KEY’, `/etc/mail/certs/key.pem’)dnl
define(`confCLIENT_CERT’, `/etc/mail/certs/cert.pem’)dnl
define(`confCLIENT_KEY’, `/etc/mail/certs/key.pem’)dnl 6. Backup and regenerate /etc/mail/sendmail.cf: cd /etc/mail
cp sendmail.cf sendmail.cf.bak
cd /usr/src/sendmail-8.12.7/cf/cf
./Build sendmail.cf
./Build install-cf 7. Now you have to create three files: cacert.pem (CA certificate), cert.pem
(x.509 certificate, signed by CA) and key.pem (x.509 private key). This is
how you do this: cd /usr/local/ssl/certs
../misc/CA.pl -newca
../misc/CA.pl -newreq-nodes
../misc/CA.pl -sign
mkdir /etc/mail/certs
cp demoCA/cacert.pem /etc/mail/certs
cp newreq.pem /etc/mail/certs/key.pem
cp newcert.pem /etc/mail/certs/cert.pem
chmod 400 /etc/mail/certs/key.pem When the command ‘CA.pl -newca’ asks for a Common Name, fill in the name of
your organization. When the command ‘CA.pl -newreq-nodes’ asks for a Common
Name, you must enter the hostname of your smtp server and it must be the
same name as your smtp-server field on the mailclient, e.g. smtp.domain.nl. 8. Restart sendmail : kill `head -1 /var/run/sendmail.pid`
/usr/sbin/sendmail -L sm-mta -bd -q30m
telnet localhost 25 9. Check if sendmail supports STARTTLS. Issue a ‘EHLO localhost’ command.
You should see a line 250-STARTTLS: root@server:/# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 server.pc184.nl ESMTP Sendmail 8.12.7/8.12.7; Wed, 19 Feb 2003
10:59:57 +0100
EHLO localhost
250-server.pc184.nl Hello root@localhost [127.0.0.1], pleased to meet
you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP Check your logfiles if you don’t see it (increase LogLevel to 14 in your
sendmail.cf). So far for the server side setup.
STEP 2: Client side setup: The next step is to configure your mailclients for SSL smtp connection and
install the client personal and root certificates on them. If you don’t
install these certificates, the client will complain that it cannot verify
the server certificate. This is normal, because you are using a self signed
servercertificate. You do not have this problem if you are buying a
certificate from a trusted provider. For Outlook Express 6 e.g., you wil see this warning: “The server you are connected to is using a security certificate that could
not be verified. A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.” This is how you create your client certificate: cd /usr/local/ssl/certs
../misc/CA.pl -pkcs12 It will create a file newcert.p12 that you can import in your client. You
will have to fill in a password, that the client have to use when he imports
the newcert.p12 file, so don’t use the same as you have used earlier. — For Outlook Express 6 you can follow these steps: 1. Copy the file newcert.p12 to a directory on your Windows client and
rightclick on it. 2. Choose install PFX and follow instructions. It will install a personal
and a root certificate. That’s great. You can check it in Explorer >
Internet Options. 3. In Outlook, turn on the SSL option for your outgoing mailserver. — For Netscape Messenger 4.7 you can follow these steps: 1. Start Messenger, click on the little lock on the bottom left corner. 2. Choose Certificates > Yours > Import a certificate 3. Import the file newcert.p12. 4. Click on Signers, select your CAcert, and edit it to enable all features. 5. Click on Yours, select your personal cert, and click Verify. You
should get “successfuly verified”. 6. Enable Secure SMTP in Messenger config. Now send a mail to yourself and check the message source. It must contain a
Received header with SSL information. You can also check your sendmail log.
If you see Verify=OK, then the server verified the presented client
certificate as OK. If you see Verify=NO, then the client didn’t present a
certificate and you are probably using Outlook Express. This is what I found
on the Internet: Outlook Express as of Internet Explorer 5 will work, but it
will not present any client certificate. So you can encrypt your email
transfer but you cannot authenticate (and relay) with client certificates
(source:
http://www.aet.tu-cottbus.de/personen/j … /test.html). Post
a follow-up for comments on this. I get Verify=OK with Netscape Messenger 4.7 and Verify=NO with Outlook
Express 6.
STEP 3: Allow relaying based on client certificate: The last step is to allow relaying based on a trusted client certificate.
This is very useful, because your client can then send mail to you
mailserver, independent of his IP. It only works if the server can verify
the client (Verify must be OK). Do the following: 1. Open your sendmail logfile and search for the “cert-issuer” field that
came from your client. 2. Copy the content of this field to your access database file (probably
/etc/mail/access_map, see also http://www.sendmail.org/m4/anti_spam.html)
and insert CERTISSUER: and RELAY, like this:
CERTISSUER:/C=NL/ST=SomeState/L=SomePlace/O=SomeOrg/CN=SomeOrg/emailAddress=
SomeEmail RELAY 3. Create database map: makemap hash access_map because you want to relay. You can use [email protected]. It will bounce your
mail and you can check all headers. Remember that this does this setup only
provide a secure transmission from sender to mailserver. Your mail will
probably go unsecure from there. Now, that’s it. I hope this document is usefull and correct, don’t mail me
for suggestion/corrections but please follow-up to this post. You can find more information on: http://www.sendmail.org
http://www.openssl.org
http://www.sendmail.org/~ca/email/starttls.html
http://www.linuxjournal.com/article.php?sid=4823
http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml]]>

Setup SSL for Solaris LDAP client (certutil and openssl)

http://blogs.sun.com/roller/page/baban? … _ssl_using

Directory server side


The following shows how to setup Sun Directory Server 5.2 and Solaris LDAP
client for SSL. I have tried to give openssl, certutil, PEM, DER examples (and
Directory server console at some places) to achieve the same result.

Assumptions


myhost.test.sun.com == fully qualified hostname of the Directory server. /var/mps/serverroot == serverroot for the Directory server. dc=sun,dc=com == Directory server already setup with this suffix # openssl is delivered in /usr/sfw/bin on Solaris 10 # Please refer to appropriate manpages for description of various command-line
options used below.

DER and PEM


DER: a binary format PEM: base-64 encoded DER format with header and footer certutil: Default is DER. For PEM, use -a openssl: Default is PEM. For DER, use -inform DER and/or -outform DER

Create Test CA


1. openssl # The /usr/sfw/bin/CA.pl script will create a directory structure either under
the current working directory or under /etc/sfw/openssl depending upon the
version of openssl you are using. I suggest checking the value of CATOP
variable in /usr/sfw/bin/CA.pl. If you want to create CA under /CA/cacertdb : mkdir -p /CA/cacertdb; cd /CA/cacertdb Modify CATOP in /usr/sfw/bin/CA.pl to /CA/cacertdb Modify dir under [ CA_default ] in /etc/sfw/openssl/openssl.cnf to
/CA/cacertdb perl /usr/sfw/bin/CA.pl -newca # Default name for CA cert is cacert.pem 2. certutil # Create CA certificate DB mkdir -p /CA/cacertdb certutil -N -d /CA/cacertdb -P ca- # Create a self-signed CA certificate certutil -S -x -n ca-cert -s cn=CA Certificate certutil,ou=TEST,o=Sun
Microsystems Inc.,l=Menlo Park,st=CA,c=US -t CTPu -v 120 -d /CA/cacertdb -P
ca- -5
# when prompted, select (5) SSL CA and ‘y’ for critical extensions # Export the CA cert into an output file in PEM format certutil -L -d /CA/cacertdb -P ca- -n ca-cert -a > cacert.pem

Create NSS DB for Directory server


1. Console Use the Directory server console => Manage Certificates. The DB is created when
trying to use any of the certificate functions for the first time. With the new
DS6.0 directory server, the NSS DB will be created when creating the server
instance so this step won’t be necessary 2. certutil certutil -N -d /var/mps/serverroot/alias -P slapd-myhost- # Remember the password you have given

Generate Certificate Signing Request (CSR) for server cert


1. Console Use the Directory server console => Manage Certificates to generate CSR and save
it to a file 2. certutil certutil -R -s cn=myhost.test.sun.com,ou=TEST,o=Sun Microsystems
Inc.,l=Menlo Park,st=CA,c=US -o DER.csr -d /var/mps/serverroot/alias -P
slapd-myhost-
3. openssl # Generate 2048-bit RSA private key openssl genrsa -out privkey.pem 2048 # OR Generate 2048-bit DSA private key openssl dsaparam -out DSAparam.pem 2048 openssl gendsa -out privkey.pem DSAparam.pem # Generate the certificate request openssl req -new -key privkey.pem -out PEM.csr # Display the content and public key from the certificate request openssl req -in PEM.csr -text -pubkey

Sign CSR using Test CA


1. certutil # Sign DER CSR certutil -C -c ca-cert -i DER.csr -o ./cert.der -v 12 -d /CA/cacertdb -P
ca- -5
# Sign PEM CSR certutil -C -c ca-cert -a -i PEM.csr -o ./cert.pem -v 12 -d /CA/cacertdb -P
ca- -5
2. openssl openssl ca -policy policy_anything -cert cacert.pem -in PEM.csr -out
./cert.pem

Import signed certs into NSS DB


1. Console Use Manage Certificates tab to import pem certificates 2. certutil # Import PEM server cert certutil -A -a -n server-cert -i ./cert.pem -t Pu -d
/var/mps/serverroot/alias -P slapd-myhost-
# Import DER server cert certutil -A -n server-cert -i ./cert.der -t Pu -d /var/mps/serverroot/alias
-P slapd-myhost-
# Import PEM CA cert certutil -A -a -n ca-cert -i cacert.pem -t CT -d /var/mps/serverroot/alias
-P slapd-myhost-
# List the contents certutil -L -d /var/mps/serverroot/alias -P slapd-myhost- # List the contents of a specific cert certutil -L -d /var/mps/serverroot/alias -P slapd-myhost- -n server-cert 3. openssl # Import openssl certificates/keys into NSS DB. Convert cert, key and CA cert
into pkcs12 format openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile cacert.pem
-name MY CERTIFICATE -out mycert.p12
# Import it into NSS DB pk12util -i mycert.p12 -d /var/mps/serverroot/alias -P slapd-myhost- -v

Enable SSL


1. Console. # From Configuration tab, select Encryption. # Select Enable SSL for this server # Select Use this cipher family # Select Certificate # Select Do not allow client authentication OR Allow client authentication
but NOT Require client authentication # Save and Restart the directory server from command line. You will be prompted
for Enter PIN for Internal (Software) Token # For automatic startup of SSL, add NSS DB password to the following file cd /var/mps/serverroot/alias vi slapd-myhost-pin.txt Internal (Software) Token:your-NSSDB-password-here chmod 400 slapd-myhost-pin.txt directoryserver stop directoryserver start

Run idsconfig


/usr/lib/ldap/idsconfig # Assume: Naming Base DN: dc=test,dc=sun,dc=com Domain: test.sun.com
# When prompted for Authentication Methods, choose atleast one that starts with
tls: # Choose appropriate name for the profile (say tls-profile). The default name is
default.

Solaris Native LDAP client side


# Create NSS DB (Don’t enter password. Just hit return) certutil -N -d /var/ldap chmod 444 /var/ldap/* # Download the Test CA certificate on the client machine into a temporary
location. Ex: /var/tmp/cacert.pem # Add CA certificate to the NSS DB certutil -A -n ca-cert -i /var/tmp/cacert.pem -a -t CT -d /var/ldap # Verify that myhost is fully qualified. Else modify /etc/hosts (and if
necessary /etc/nssswitch.conf) getent hosts 11.22.33.44 11.22.33.44 myhost.test.sun.com # Test with ldapsearch ldapsearch -v -h myhost.test.sun.com -p 636 -Z -P /var/ldap/cert8.db -b
dc=sun,dc=com -s base objectclass=*
# Initialize Native LDAP client using profile tls-profile. /usr/sbin/ldapclient init -a profileName=tls-profile -a
domainname=test.sun.com -a
proxyDN=cn=proxyagent,ou=profile,dc=test,dc=sun,dc=com -a proxyPassword=proxy
11.22.33.44
]]>