Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

OK, So Authentication Was Easier Than Expected...

…but SSL is not so easy. I found a workaround for using Stunnel; in order for INN to not think it’s another news server feeding it information and instead treat it like a reader, I had to alias another IP address and bind Stunnel on that IP address. It works, but it’s not my ideal solution.

(Read more...)

Authentication and SSL Easier Than Expected

My work with INN 2.3.5 as an internal news server is progressing, and I must admit that the configuration of authentication and SSL is going well. Authentication works like a champ, leveraging PAM and therefore automatically leveraging the Kerberos/LDAP integration with Active Directory I implemented a short while ago. The SSL stuff is just a bit trickier; I initially tried the old faithful Stunnel, but found that INN thought the connection was coming from itself and not a reader. That caused INN to respond differently. I’ll start looking at native SSL support within INN next, but that can wait until tomorrow.

(Read more...)

Internal News Server Up and Running

I finally managed to get an internal news server running INN 2.3.5 up and running, and transferring data from the proprietary platform that is currently hosting some internal newsgroups. I decided to use my first real installation of CentOS for the internal news server, and so far it has worked out well.

(Read more...)

Brief Impressions of CentOS 4.1

As I mentioned in an earlier entry, I’m trying out the CentOS distribution, a “clone” of Red Hat Enterprise Linux. So far, I’ve been pretty impressed with it. Granted, I was coming from Red Hat Linux 9.0 (RH9), a (now) old distribution using the 2.4 kernel. So, many of the changes I’m seeing with CentOS 4.1 may be more due to the fact that it is running the 2.6.x kernel, has SELinux installed, etc., rather than anything else. It seems to boot more slowly than RH9, but is otherwise reasonably equivalent with regards to performance and memory utilization. I’m already using a mix of RH9 and Fedora Core packages on the existing servers, so there isn’t that much new (with regards to packages) with CentOS 4.1 that I don’t already use.

(Read more...)

First Windows Vista viruses unleashed

Among many other online appearances, the article First Windows Vista viruses unleashed from ComputerWorld describes the first family of viruses (virii?) that appear to be targeted specifically at the new Windows Vista operating system.

(Read more...)

'Car Whisperer' puts hackers in the driver's seat

I was thinking about getting a car with built-in Bluetooth at some point in the future (like when I win the lottery), but now I’m not so sure. Here’s why: ‘Car Whisperer’ puts hackers in the driver’s seat.

(Read more...)

IPSec, Mac OS X, and Windows Server 2003

For quite some time now, a minor task I’ve been experimenting with is establishing transport mode IPSec security associations between Mac OS X and Windows Server 2003. I’ve been using a freeware IPSec client called IPSecuritas. Up until just a few days ago, I could never get anything to work. After working on getting a PPTP-based VPN working from my PowerBook, I realized that just as I had to modify my ipfw rules (using BrickHouse) to allow the PPTP traffic, I’d have to modify the rules to allow IPSec traffic as well. Duh!

(Read more...)

Very Handy Add-On

I just found a very handy add-on for Mac OS X. It’s called RDC Menu and it is a tool that provides an easy way of launching multiple instances of Microsoft’s Remote Desktop Connection application for the Mac. If you manage Windows-based networks, you already know how useful Remote Desktop Connection (RDC) is, but the one key flaw in RDC was that you couldn’t launch multiple instances and thus couldn’t be connected to more than one Windows computer at a time. With RDC Menu, all that changes. Working as either a Dock item or as a Menu Extra, it allows you to easily launch multiple instances of RDC to connect to multiple Windows-based systems. I run RDC Menu as a Dock item (I don’t like too many Menu Extras).

(Read more...)

Novell to Broaden SuSE's Reach

I’ve always heard good things about SuSE, but have never had the opportunity to work with it in greater depth. Now, Novell has detailed its plans to open SuSE to community development in a manner similar to the approach used by Red Hat with its Fedora Project.

(Read more...)

Squid-PIX Integration

I have been searching for the last few days on some techniques to integrate a Squid web cache with a PIX firewall in a transparent fashion. Most of the information I am finding involves using the Squid web cache as the default gateway along with an iptables firewall that transparently redirects outbound TCP port 80 traffic to port 3128 (the Squid web cache port). The web cache then talks to the PIX, which takes it from there. Certainly, this works, but it is not what I was hoping to find. I’d really like a way to have the PIX redirect the traffic, but it appears that the PIX OS does not support that functionality. How can this be? The pf firewall in OpenBSD supports redirection, if I’m not mistaken. The iptables firewall in Linux supports redirection. But not Cisco’s PIX OS? Is it just me, or does anyone else see a problem with this?

(Read more...)