Best of Technical Support

Our experts answer your technical questions.
Authentication Failure

When I use Netscape from a Windows 95 PC to access my Linux 5.0 mail server, I get a prompt (as I should) for my login and password. However, when I type my password (or login) wrong, authentication fails and the server won't let me read mail, but it will let me send mail. That mail is sent with my name and address on it, which makes it easy for people to use my account and send mail using my name. Since I am also the administrator of that mail server, should I shut down imap and pop3? I don't want my users to have this problem too.

I have checked out PAM configuration, and imap uses the same library (pampwdb.so) as login and other critical services to authenticate users. So, what can I do to solve this problem and provide imap and pop3 service? —Diego A. Puertas Fernández, Red Hat 5.0

There is nothing you can do about it. What actually happens is that Netscape uses SMTP to send mail, and SMTP doesn't require any kind of session or login. Netscape (or any other mail client, for that matter) connects to the sendmail running on your server, gives it your piece of e-mail, and your server relays it to the Internet. Anyone can send mail as anyone else (especially on a Windows machine, since it doesn't provide the ident service and doesn't return a result that can be trusted). If you look in e-mail headers, most of the information (outside of the Received lines) can easily be spoofed. —Marc Merlin, marc.merlin@magic.metawire.com

Keyboard Troubles

I run a small web-hosting service in San Juan, Puerto Rico. The keyboard of one of my servers has stopped responding to Linux boots and I can access it only through TELNET. The server there has no response from the keyboard. My guess is that it was hacked as security in my network is just starting to be updated. Can you please help?

I've been told that by closing the unused ports I can have a more secure environment—how is that done? —Frank Nazario, Red Hat 5.0

The keyboard not working sounds like a hardware problem. Will the keyboard let you go into the BIOS setup?

As far as security goes, first of all edit /etc/inetd.conf and comment out anything you aren't sure you need, then restart inetd (with killall -HUP inetd). If it turns out you need something you commented out, just go back in to /etc/inetd.conf and uncomment it, then restart inetd again.

Then you'll want to kill any daemons you don't need. Be a little more careful here—make sure you don't kill off things like atd and crond. On the average server, you can (and should) kill off things like lpd, nfs, portmap and smb. Run /usr/sbin/ntsysv (a very handy utility included with Red Hat 5.x) and uncheck things that shouldn't be started. Then reboot or do:

for file in /etc/rc.d/rc3.d/K* ;
do $file stop ;
done

to make sure the things that shouldn't be running aren't.

The other important thing you want to do is keep up with updates from Red Hat. There have been some pretty major security holes announced recently, so you'll want to get all the updates on a regular basis. —Steven Pritchard, steve@silug.org

Rebel CD-ROM

My ATAPI CD-ROM won't eject or unmount in X—I get an error message saying the drive is busy. I tried closing everything but one X term and made sure the current directory wasn't in the CD, but it still says it's busy. Quitting X solves this problem. —John Vestrum, Red Hat 5.0

In my experience, this problem has been caused by a CD player running in a menu/button bar (such as AfterStep's “wharf” button bar) or a player that did not exit correctly after being used. Make sure there are absolutely no audio CD players running anywhere—if necessary, disable CD players you may have in a “wharf” type button bar—and see if that helps. —Erik Ratcliffe, erik@caldera.com

Modem Questions

I am about to install Red Hat 5.0, but would like to know if I need a new modem first so I don't lose WWW access. My current modem is a “Windows only” US Robotics Winmodem—yeah, I know—but it was cheap.

Do I need a new modem, or is there a driver available that enables use of this Winmodem under Red Hat 5.0? —Bill Brower, Red Hat 5.0

Sorry, but unfortunately you need a “real” modem. By “real”, I mean one that simply presents a serial interface to the hardware or plugs directly into a serial port. The problem with the “Winmodem” is that it does all the signal processing using the CPU of the host computer instead of having its own CPU to do the grunt work. I don't want to debate the relative merits of that process here, but suffice it to say that I will never buy a Winmodem nor will anyone I know. —Donnie Barnes, redhat@redhat.com

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState