current-users: snapshot reports (Was: Re: Help! )

Subject: snapshot reports (Was: Re: Help! )
To: Alistair G. Crooks <agc@uts.amdahl.com>
From: Simon J. Gerraty <sjg@zen.void.oz.au>
List: current-users
Date: 06/09/1995 09:53:47
> I used to do a weekly snapshot report on the tar_files, along with
> whatever happened to take my fancy along the way.  I didn't realise
> anyone read it, let alone found it vaguely useful.

I for one found your reports extremely useful.

I'd appreciate them again, but don't do it on my account...

I now have a machine at one of my work sites which sup's nightly and
when I see a new feature or whatever that seems worth the effort, I
import the sup'd source into my cvs tree and compile. [thanks for the
import tips chris].

I make a tape of the sup'd tree at that point too.

If the build succeeds on hobbit (a sparc), and seems to work ok, I
take the tape home and import the sources into my cvs tree here and
may even upgrade zen (i486). 

I have a makefile (posted to current users a while ago) that simply
automates your posted build sequence so the process consumes lots of
CPU but not much of my time.

Using cvs makes it much simpler to keep my local hacks (such as
removing the silly ``posix'' symlink behaviour) merged with the
official sources.

BTW other hacks which folk may be interested in:

options		NO_LINKDIR_INO		# no stupid symlink behaviour
options		IP_NO_SRCROUTE		# no LSRR or SSRR
options		IP_IFADDR_ONLY		# only accept IP packets to correct address

plus changes to:

telnetd/Makefile	define -DSecurID to pass -s

login		-s means force use of skey, 
		-S means require skey if user is set up
		login also supports _imediate_ password expiry. If
		skey is not being used (no -s,-S or s/key not given as
		password) requires password change or exits.

su		if login used it then use skey too.
		this is weak, in that a env variable controls it.

sgetty		this is just getty that passes -S to login.

inetd		-a addr1[,addr2]
		inetd binds ports to nominated addresses only.
		This requires the IP_IFADDR_ONLY kernel option (or a
		filtering router in front of your box) to make it
		guaranteed to do what you want.

My ip-up/down scripts run by pppd run inetd bound to the ppp interface
with a restricted inetd.conf that uses my secure telnet rather than
the normal one etc.  It all makes me feel much more warm and fuzzy :-)

I'm also thinking of making login and su RADIUS clients if that's of
interest to anyone.  [RADIUS is on IETF standards track - its a
network wide authentication protocol]

--sjg