For my own reference, after few hours messing around with shit called mail system.
Tag Archives: debian
PostgreSQL authentication quick start
Connecting to PostgreSQL from command line can be a bit confusing.
For starter, just like MySQL,
psql command defaults to connecting to socket instead of tcp. To make matter confusing, most PostgreSQL installation defaults to
ident (also called
peer)authentication for socket connection: it basically matches current user’s username (ssh login, etc) with PostgreSQL equivalent.
So, instead of using this to login from root to PostgreSQL superuser (usually named postgres or pgsql):
# psql -U postgres
you do this (assuming sudo installed):
# sudo -u postgres psql
The configuration for this is located in
pg_hba.conf of PostgreSQL data (or config in Debian) directory (
/etc/postgresql/$version/main in Debian,
/usr/local/pgsql/data in FreeBSD,
/opt/PostgreSQL/$version/data in EnterpriseDB PostgreSQL).
To switch to password based authentication for all methods just replace
md5 in respective lines and reload/restart the service. Don’t forget to set password for postgres user first before changing this otherwise you won’t be able to connect. You can then connect using
psql to any user using password.
bcrypt in Debian
WARNING: using method below will lock yourself out when using emergency console since whatever crypt it’s using surely doesn’t understand bcrypt (as I experienced myself). Additionally, this solution won’t add bcrypt support to other applications using crypt interface like proftpd unless it’s started by preloading libxcrypt.so first (also from my own experience).
As much as Drepper want to pretend
bcrypt is wrong solution, it actually gives one benefit: ease of switch to Linux. Some systems use
bcrypt by default or configurable to use it. On other case, there might be time where you need system’s (or applications using system’s)
crypt to handle
bcrypt passwords from external system (usually web applications).
It’s quite difficult to enable bcrypt support in RHEL based distro as there is no
pam_unix2 packages available. Thankfully it’s available in Debian (and derivatives) in package
The README.Debian says to modify files in
/etc/pam.d but if I remember it correctly, it confused apt PAM handling system or whatever. Fast forward few weeks, I discovered a better way to use it by creating PAM configuration in
/usr/share/pam-configs. Since it’s mostly equivalent to normal
pam_unix, I just copy and modify the file using this (long-ass) oneliner sed:
sed -e 's/pam_unix.so/pam_unix2.so/g;s/^Name: Unix authentication$/Name: Unix2 authentication/;s/pam_unix2.so obscure sha512/pam_unix2.so obscure blowfish rounds=8/;s/ nullok_secure//' /usr/share/pam-configs/unix > /usr/share/pam-configs/unix2
pam-auth-update, select Unix2 authentication and deselect Unix authentication. Don’t forget to update passwords for all other users as well or they won’t be able to login since
pam_unix2 doesn’t recognize sha based hashes.
Actually, change all other users password to use md5 first before replacing the PAM with
Update 2012-04-01: Removed
nullok_secure since it isn’t supported.
Update 2012-06-09: Added warning.
Compiling PuTTY for Windows
Because of one awesome bug inflicts eye-cancer when using Consolas font and deactivated “Bold text is a different colour”, I had to recompile PuTTY by hand (more like, by
gcc). I initially tried to compile the PuTTYTray one but apparently they successfully mixed C and C++ code and completely broke the build procedure using mingw. Or I missed something obvious.
Anyway, I went back to vanilla PuTTY. As it turns out, compiling using latest mingw’s
gcc isn’t a good idea since it removed
-mno-cygwin option and therefore broken unless you do some magic edit. Thanks to that, I stopped bothering trying to compile it under Windows and used
mingw-gcc for Linux (which is able to produce Windows binary). Here be the steps from beginning. Tested on Debian 6.
apt-get install mingw32 subversion perl svn co svn://svn.tartarus.org/sgt/putty putty cd putty perl mkfiles.pl cd windows make VER="-DSNAPSHOT=$(date '+%Y-%m-%d') -DSVN_REV='$(svnversion)' -DMODIFIED" TOOLPATH=i586-mingw32msvc- -f Makefile.cyg putty.exe
Patch is done before make (duh) and the diff can be found here. If you’re lazy (like me) you can just download the build at my server (link at bottom). Should be virus-free but I guess you can notify me if you encounter one. Built everyday until it breaks.
- exe: the program
- sha512: hash of the program
- zip: both program and its checksum
I kept forgetting them whenever I need one so I’ll put mine here and be happy:
###### Debian Main Repos deb http://http.debian.net/debian squeeze main contrib non-free #deb-src http://http.debian.net/debian squeeze main contrib non-free ###### Debian Security Update Repos deb http://security.debian.org squeeze/updates main contrib non-free #deb-src http://security.debian.org squeeze/updates main contrib non-free ###### Debian General Update Repos deb http://http.debian.net/debian/ squeeze-updates main contrib non-free #deb-src http://http.debian.net/debian/ squeeze-updates main contrib non-free ###### Debian Backports Repos deb http://http.debian.net/debian-backports squeeze-backports main contrib non-free #deb-src http://http.debian.net/debian-backports squeeze-backports main contrib non-free ###### Dotdeb Repo #deb http://packages.dotdeb.org squeeze all #deb-src http://packages.dotdeb.org squeeze all
It should cover mostly used packages and will keep me sane. Also debian-volatile has been replaced with debian-updates (god knows why it’s called like that) since squeeze (6.0) but in case I need to take care a lenny or earlier (derp) machines, this should also be added:
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Oh and Debian/kFreeBSD within a FreeBSD system is quite funny.
Update 2012-12-27: Use improved CDN.