I was looking for a good overview article that explained the process of password hashing and I found Password Encryption, Hashing, Salting Explained which was a pretty good run down.
On a related note I reread the Wikipedia page on HMAC.
I was writing a shell script and I wanted to change directory. But before I changed directory I wanted to get the absolute path to a file relative to the current directory so that I could access the file again later. I learned that you can do this in Bash with the readlink facility, passing in the -f command line switch, i.e.:
$ readlink -f ./some/path
Found a list of MySQL Encryption and Compression Functions today. Handy.
I’m half-way through setting up my web-server for client certificate authentication. Have to get a few other things done first so I’m going to come back to this. Here are my notes so far.
I’m reading OpenSSL and Certificates over on Ubuntu help, and that seems to be a fairly good guide for setting up the server side of things.
I read this article on Email Certificates but that wasn’t that useful for what I’m doing.
I learned a little bit about the update-ca-certificates command that is part of the ca-certificates package, and maybe that will be useful down the track.
In my travels I discovered NSS and SSL Error Codes, but that’s probably not too useful either.
The OpenSSL FAQ was a really useful read. I’ll probably be referring back to that.
I learned about cacert.org which is interesting but probably something I won’t be using.
There’s an SSL Certificates HOWTO over on TLDP and if I can find the time I’d like to read that whole thing, although from what I’ve read so far it’s not complete.
The mod_ssl project has a really handy Reference for all the Apache configuration options, worth a read of.
And that’s it for now. I’ll pick this up again in a day or two.
Reading the OpenSSL FAQ I learned that you can issue the following command to get a list of the acceptable client certificate CA names from a server:
openssl s_client -connect test.jj5.net:443 -prexit
Obviously you replace ‘test.jj5.net’ with whatever server you’re interested in.
I have a hosts file that defines IP addresses on the LAN for all of my virtual hosts. The good thing about using the LAN IP addresses for inter-host communication is that it’s free bandwidth. I had a problem with Postfix though, because Postfix does a reverse lookup on IP addresses to get the corresponding hostname, and the IP address Postfix has for local addresses is the LAN IP address, not the public IP address. The public IP addresses are configured with proper reverse DNS PTR records, but the local addresses weren’t. So I decided to fix that.
Basically I installed bind and configured it with PTR records for the 10.0.0.0/8 network. Now when Postfix asks for the RDNS of a LAN IP address it should get the corresponding hostname. I didn’t need to configure bind with zones for the local IP addresses, because those are all specified in my /etc/hosts file. At least I hope I don’t have to configure DNS zones for my local IP addresses in bind, because that’d just be a pain in the arse.
I’ve been getting this error from time to time on my Ubuntu server:
INFO: task dpkg:27497 blocked for more than 120 seconds.
I did some research and it turns out this is related to a bug in the dpkg system, and apparently it’s been fixed already (but not rolled out as part of Ubuntu yet).
Look forward to the fixed being rolled out, because the implication of the bug at the moment is that my system can hang for long periods of time while I’m installing software with apt-get.
Am interested in getting procmail to work with my Postfix/Courier setup. Am using virtual domains/aliases/mailboxes stored in a MySQL database and a Maildir file system. Have only just begun my investigations. So far I’ve found:
Read about the security considerations for find. Find is a *nix tool for searching though directories for files and filtering them to build lists or run commands.
While I’m here I might as well show you my latest find command, I think it’s a beauty. :)
sudo find . \
\( \( \( \! -user jj5 \) -or \( \! -group jj5 \) \) \
-execdir chown jj5:jj5 '{}' \+ \) , \
\( \( -type d \( \! -perm -u+rwx \) \) \
-execdir chmod u+rwx '{}' \+ \) , \
\( \( -type f \( \! -perm -u+rw \) \) \
-execdir chmod u+rw '{}' \+ \)