Search Results

Search found 7554 results on 303 pages for 'shared secret'.

Page 88/303 | < Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95  | Next Page >

  • ZFS Storage Appliance ? ldap ??????

    - by user13138569
    ZFS Storage Appliance ? Openldap ????????? ???ldap ?????????????? Solaris 11 ? Openldap ????????????? ??? slapd.conf ??ldif ?????????? user01 ??????? ?????? slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=oracle,dc=com" rootdn "cn=Manager,dc=oracle,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/openldap/openldap-data # Indices to maintain index objectClass eq ?????????ldif???? dn: dc=oracle,dc=com objectClass: dcObject objectClass: organization dc: oracle o: oracle dn: cn=Manager,dc=oracle,dc=com objectClass: organizationalRole cn: Manager dn: ou=People,dc=oracle,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=oracle,dc=com objectClass: organizationalUnit ou: Group dn: uid=user01,ou=People,dc=oracle,dc=com uid: user01 objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: user01 uidNumber: 10001 gidNumber: 10000 homeDirectory: /home/user01 userPassword: secret loginShell: /bin/bash shadowLastChange: 10000 shadowMin: 0 shadowMax: 99999 shadowWarning: 14 shadowInactive: 99999 shadowExpire: -1 ldap?????????????ZFS Storage Appliance??????? Configuration SERVICES LDAP ??Base search DN ?ldap??????????? ???? ldap ????????? user01 ???????????????? ???????????? user ????????? Unknown or invalid user ?????????????????? ????????????????Solaris 11 ???????????? ????????????? ldap ????????getent ??????????????? # svcadm enable svc:/network/nis/domain:default # svcadm enable ldap/client # ldapclient manual -a authenticationMethod=none -a defaultSearchBase=dc=oracle,dc=com -a defaultServerList=192.168.56.201 System successfully configured # getent passwd user01 user01:x:10001:10000::/home/user01:/bin/bash ????????? user01 ?????????????? # mount -F nfs -o vers=3 192.168.56.101:/export/user01 /mnt # su user01 bash-4.1$ cd /mnt bash-4.1$ touch aaa bash-4.1$ ls -l total 1 -rw-r--r-- 1 user01 10000 0 May 31 04:32 aaa ?????? ldap ??????????????????????????!

    Read the article

  • Why won't xattr PECL extension build on 12.10?

    - by Dan Jones
    I was using the xattr pecl extension in 12.04 (in fact, I think since 10.04) without problem. Not surprisingly, I had to reinstall it after upgrading to 12.10 because of the new version of PHP. But now it fails to build, and I can't figure out why. Other PECL extensions have built fine. And I have libattr1 and libattr1-dev installed. Here's the output from the build: downloading xattr-1.1.0.tgz ... Starting to download xattr-1.1.0.tgz (5,204 bytes) .....done: 5,204 bytes 3 source files, building running: phpize Configuring for: PHP Api Version: 20100412 Zend Module Api No: 20100525 Zend Extension Api No: 220100525 libattr library installation dir? [autodetect] : building in /tmp/pear/temp/pear-build-rootdSMx0G/xattr-1.1.0 running: /tmp/pear/temp/xattr/configure --with-xattr checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for a sed that does not truncate output... /bin/sed checking for cc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking how to run the C preprocessor... cc -E checking for icc... no checking for suncc... no checking whether cc understands -c and -o together... yes checking for system library directory... lib checking if compiler supports -R... no checking if compiler supports -Wl,-rpath,... yes checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking for PHP prefix... /usr checking for PHP includes... -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib checking for PHP extension directory... /usr/lib/php5/20100525 checking for PHP installed headers prefix... /usr/include/php5 checking if debug is enabled... no checking if zts is enabled... no checking for re2c... re2c checking for re2c version... 0.13.5 (ok) checking for gawk... gawk checking for xattr support... yes, shared checking for xattr files in default path... found in /usr checking for attr_get in -lattr... yes checking how to print strings... printf checking for a sed that does not truncate output... (cached) /bin/sed checking for fgrep... /bin/grep -F checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking whether the shell understands some XSI constructs... yes checking whether the shell understands "+="... yes checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop checking for /usr/bin/ld option to reload object files... -r checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for ar... ar checking for archiver @FILE support... @ checking for strip... strip checking for ranlib... ranlib checking for gawk... (cached) gawk checking command to parse /usr/bin/nm -B output from cc object... ok checking for sysroot... no checking for mt... mt checking if mt is a manifest tool... no checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir... .libs checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC -DPIC checking if cc PIC flag -fPIC -DPIC works... yes checking if cc static flag -static works... yes checking if cc supports -c -o file.o... yes checking if cc supports -c -o file.o... (cached) yes checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no configure: creating ./config.status config.status: creating config.h config.status: executing libtool commands running: make /bin/bash /tmp/pear/temp/pear-build-rootdSMx0G/xattr-1.1.0/libtool --mode=compile cc -I. -I/tmp/pear/temp/xattr -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootdSMx0G/xattr-1.1.0/include -I/tmp/pear/temp/pear-build-rootdSMx0G/xattr-1.1.0/main -I/tmp/pear/temp/xattr -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/xattr/xattr.c -o xattr.lo libtool: compile: cc -I. -I/tmp/pear/temp/xattr -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootdSMx0G/xattr-1.1.0/include -I/tmp/pear/temp/pear-build-rootdSMx0G/xattr-1.1.0/main -I/tmp/pear/temp/xattr -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/xattr/xattr.c -fPIC -DPIC -o .libs/xattr.o /tmp/pear/temp/xattr/xattr.c:50:1: error: unknown type name 'function_entry' /tmp/pear/temp/xattr/xattr.c:51:2: warning: braces around scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: (near initialization for 'xattr_functions[0]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: initialization makes integer from pointer without a cast [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: (near initialization for 'xattr_functions[0]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: error: initializer element is not computable at load time /tmp/pear/temp/xattr/xattr.c:51:2: error: (near initialization for 'xattr_functions[0]') /tmp/pear/temp/xattr/xattr.c:51:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: (near initialization for 'xattr_functions[0]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: (near initialization for 'xattr_functions[0]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: (near initialization for 'xattr_functions[0]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:51:2: warning: (near initialization for 'xattr_functions[0]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: braces around scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: (near initialization for 'xattr_functions[1]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: initialization makes integer from pointer without a cast [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: (near initialization for 'xattr_functions[1]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: error: initializer element is not computable at load time /tmp/pear/temp/xattr/xattr.c:52:2: error: (near initialization for 'xattr_functions[1]') /tmp/pear/temp/xattr/xattr.c:52:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: (near initialization for 'xattr_functions[1]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: (near initialization for 'xattr_functions[1]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: (near initialization for 'xattr_functions[1]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:52:2: warning: (near initialization for 'xattr_functions[1]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: braces around scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: (near initialization for 'xattr_functions[2]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: initialization makes integer from pointer without a cast [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: (near initialization for 'xattr_functions[2]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: error: initializer element is not computable at load time /tmp/pear/temp/xattr/xattr.c:53:2: error: (near initialization for 'xattr_functions[2]') /tmp/pear/temp/xattr/xattr.c:53:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: (near initialization for 'xattr_functions[2]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: (near initialization for 'xattr_functions[2]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: (near initialization for 'xattr_functions[2]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:53:2: warning: (near initialization for 'xattr_functions[2]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: braces around scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: (near initialization for 'xattr_functions[3]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: initialization makes integer from pointer without a cast [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: (near initialization for 'xattr_functions[3]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: error: initializer element is not computable at load time /tmp/pear/temp/xattr/xattr.c:54:2: error: (near initialization for 'xattr_functions[3]') /tmp/pear/temp/xattr/xattr.c:54:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: (near initialization for 'xattr_functions[3]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: (near initialization for 'xattr_functions[3]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: (near initialization for 'xattr_functions[3]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:54:2: warning: (near initialization for 'xattr_functions[3]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: braces around scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: (near initialization for 'xattr_functions[4]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: initialization makes integer from pointer without a cast [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: (near initialization for 'xattr_functions[4]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: error: initializer element is not computable at load time /tmp/pear/temp/xattr/xattr.c:55:2: error: (near initialization for 'xattr_functions[4]') /tmp/pear/temp/xattr/xattr.c:55:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: (near initialization for 'xattr_functions[4]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: (near initialization for 'xattr_functions[4]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: (near initialization for 'xattr_functions[4]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:55:2: warning: (near initialization for 'xattr_functions[4]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: braces around scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: (near initialization for 'xattr_functions[5]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: initialization makes integer from pointer without a cast [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: (near initialization for 'xattr_functions[5]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: (near initialization for 'xattr_functions[5]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: excess elements in scalar initializer [enabled by default] /tmp/pear/temp/xattr/xattr.c:56:2: warning: (near initialization for 'xattr_functions[5]') [enabled by default] /tmp/pear/temp/xattr/xattr.c:67:2: warning: initialization from incompatible pointer type [enabled by default] /tmp/pear/temp/xattr/xattr.c:67:2: warning: (near initialization for 'xattr_module_entry.functions') [enabled by default] /tmp/pear/temp/xattr/xattr.c: In function 'zif_xattr_set': /tmp/pear/temp/xattr/xattr.c:122:49: error: 'struct _php_core_globals' has no member named 'safe_mode' /tmp/pear/temp/xattr/xattr.c:122:92: error: 'CHECKUID_DISALLOW_FILE_NOT_EXISTS' undeclared (first use in this function) /tmp/pear/temp/xattr/xattr.c:122:92: note: each undeclared identifier is reported only once for each function it appears in /tmp/pear/temp/xattr/xattr.c: In function 'zif_xattr_get': /tmp/pear/temp/xattr/xattr.c:171:49: error: 'struct _php_core_globals' has no member named 'safe_mode' /tmp/pear/temp/xattr/xattr.c:171:92: error: 'CHECKUID_DISALLOW_FILE_NOT_EXISTS' undeclared (first use in this function) /tmp/pear/temp/xattr/xattr.c:187:2: warning: passing argument 4 of 'attr_get' from incompatible pointer type [enabled by default] In file included from /tmp/pear/temp/xattr/xattr.c:37:0: /usr/include/attr/attributes.h:122:12: note: expected 'int *' but argument is of type 'size_t *' /tmp/pear/temp/xattr/xattr.c:198:3: warning: passing argument 4 of 'attr_get' from incompatible pointer type [enabled by default] In file included from /tmp/pear/temp/xattr/xattr.c:37:0: /usr/include/attr/attributes.h:122:12: note: expected 'int *' but argument is of type 'size_t *' /tmp/pear/temp/xattr/xattr.c: In function 'zif_xattr_supported': /tmp/pear/temp/xattr/xattr.c:243:49: error: 'struct _php_core_globals' has no member named 'safe_mode' /tmp/pear/temp/xattr/xattr.c:243:92: error: 'CHECKUID_DISALLOW_FILE_NOT_EXISTS' undeclared (first use in this function) /tmp/pear/temp/xattr/xattr.c: In function 'zif_xattr_remove': /tmp/pear/temp/xattr/xattr.c:288:49: error: 'struct _php_core_globals' has no member named 'safe_mode' /tmp/pear/temp/xattr/xattr.c:288:92: error: 'CHECKUID_DISALLOW_FILE_NOT_EXISTS' undeclared (first use in this function) /tmp/pear/temp/xattr/xattr.c: In function 'zif_xattr_list': /tmp/pear/temp/xattr/xattr.c:337:49: error: 'struct _php_core_globals' has no member named 'safe_mode' /tmp/pear/temp/xattr/xattr.c:337:92: error: 'CHECKUID_DISALLOW_FILE_NOT_EXISTS' undeclared (first use in this function) make: *** [xattr.lo] Error 1 ERROR: `make' failed There seem to be a few errors, but I can't make heads or tails of them. Does this just not work properly in 12.10? That would be a big problem for me.

    Read the article

  • What's up with OCFS2?

    - by wcoekaer
    On Linux there are many filesystem choices and even from Oracle we provide a number of filesystems, all with their own advantages and use cases. Customers often confuse ACFS with OCFS or OCFS2 which then causes assumptions to be made such as one replacing the other etc... I thought it would be good to write up a summary of how OCFS2 got to where it is, what we're up to still, how it is different from other options and how this really is a cool native Linux cluster filesystem that we worked on for many years and is still widely used. Work on a cluster filesystem at Oracle started many years ago, in the early 2000's when the Oracle Database Cluster development team wrote a cluster filesystem for Windows that was primarily focused on providing an alternative to raw disk devices and help customers with the deployment of Oracle Real Application Cluster (RAC). Oracle RAC is a cluster technology that lets us make a cluster of Oracle Database servers look like one big database. The RDBMS runs on many nodes and they all work on the same data. It's a Shared Disk database design. There are many advantages doing this but I will not go into detail as that is not the purpose of my write up. Suffice it to say that Oracle RAC expects all the database data to be visible in a consistent, coherent way, across all the nodes in the cluster. To do that, there were/are a few options : 1) use raw disk devices that are shared, through SCSI, FC, or iSCSI 2) use a network filesystem (NFS) 3) use a cluster filesystem(CFS) which basically gives you a filesystem that's coherent across all nodes using shared disks. It is sort of (but not quite) combining option 1 and 2 except that you don't do network access to the files, the files are effectively locally visible as if it was a local filesystem. So OCFS (Oracle Cluster FileSystem) on Windows was born. Since Linux was becoming a very important and popular platform, we decided that we would also make this available on Linux and thus the porting of OCFS/Windows started. The first version of OCFS was really primarily focused on replacing the use of Raw devices with a simple filesystem that lets you create files and provide direct IO to these files to get basically native raw disk performance. The filesystem was not designed to be fully POSIX compliant and it did not have any where near good/decent performance for regular file create/delete/access operations. Cache coherency was easy since it was basically always direct IO down to the disk device and this ensured that any time one issues a write() command it would go directly down to the disk, and not return until the write() was completed. Same for read() any sort of read from a datafile would be a read() operation that went all the way to disk and return. We did not cache any data when it came down to Oracle data files. So while OCFS worked well for that, since it did not have much of a normal filesystem feel, it was not something that could be submitted to the kernel mail list for inclusion into Linux as another native linux filesystem (setting aside the Windows porting code ...) it did its job well, it was very easy to configure, node membership was simple, locking was disk based (so very slow but it existed), you could create regular files and do regular filesystem operations to a certain extend but anything that was not database data file related was just not very useful in general. Logfiles ok, standard filesystem use, not so much. Up to this point, all the work was done, at Oracle, by Oracle developers. Once OCFS (1) was out for a while and there was a lot of use in the database RAC world, many customers wanted to do more and were asking for features that you'd expect in a normal native filesystem, a real "general purposes cluster filesystem". So the team sat down and basically started from scratch to implement what's now known as OCFS2 (Oracle Cluster FileSystem release 2). Some basic criteria were : Design it with a real Distributed Lock Manager and use the network for lock negotiation instead of the disk Make it a Linux native filesystem instead of a native shim layer and a portable core Support standard Posix compliancy and be fully cache coherent with all operations Support all the filesystem features Linux offers (ACL, extended Attributes, quotas, sparse files,...) Be modern, support large files, 32/64bit, journaling, data ordered journaling, endian neutral, we can mount on both endian /cross architecture,.. Needless to say, this was a huge development effort that took many years to complete. A few big milestones happened along the way... OCFS2 was development in the open, we did not have a private tree that we worked on without external code review from the Linux Filesystem maintainers, great folks like Christopher Hellwig reviewed the code regularly to make sure we were not doing anything out of line, we submitted the code for review on lkml a number of times to see if we were getting close for it to be included into the mainline kernel. Using this development model is standard practice for anyone that wants to write code that goes into the kernel and having any chance of doing so without a complete rewrite or.. shall I say flamefest when submitted. It saved us a tremendous amount of time by not having to re-fit code for it to be in a Linus acceptable state. Some other filesystems that were trying to get into the kernel that didn't follow an open development model had a lot harder time and a lot harsher criticism. March 2006, when Linus released 2.6.16, OCFS2 officially became part of the mainline kernel, it was accepted a little earlier in the release candidates but in 2.6.16. OCFS2 became officially part of the mainline Linux kernel tree as one of the many filesystems. It was the first cluster filesystem to make it into the kernel tree. Our hope was that it would then end up getting picked up by the distribution vendors to make it easy for everyone to have access to a CFS. Today the source code for OCFS2 is approximately 85000 lines of code. We made OCFS2 production with full support for customers that ran Oracle database on Linux, no extra or separate support contract needed. OCFS2 1.0.0 started being built for RHEL4 for x86, x86-64, ppc, s390x and ia64. For RHEL5 starting with OCFS2 1.2. SuSE was very interested in high availability and clustering and decided to build and include OCFS2 with SLES9 for their customers and was, next to Oracle, the main contributor to the filesystem for both new features and bug fixes. Source code was always available even prior to inclusion into mainline and as of 2.6.16, source code was just part of a Linux kernel download from kernel.org, which it still is, today. So the latest OCFS2 code is always the upstream mainline Linux kernel. OCFS2 is the cluster filesystem used in Oracle VM 2 and Oracle VM 3 as the virtual disk repository filesystem. Since the filesystem is in the Linux kernel it's released under the GPL v2 The release model has always been that new feature development happened in the mainline kernel and we then built consistent, well tested, snapshots that had versions, 1.2, 1.4, 1.6, 1.8. But these releases were effectively just snapshots in time that were tested for stability and release quality. OCFS2 is very easy to use, there's a simple text file that contains the node information (hostname, node number, cluster name) and a file that contains the cluster heartbeat timeouts. It is very small, and very efficient. As Sunil Mushran wrote in the manual : OCFS2 is an efficient, easily configured, quickly installed, fully integrated and compatible, feature-rich, architecture and endian neutral, cache coherent, ordered data journaling, POSIX-compliant, shared disk cluster file system. Here is a list of some of the important features that are included : Variable Block and Cluster sizes Supports block sizes ranging from 512 bytes to 4 KB and cluster sizes ranging from 4 KB to 1 MB (increments in power of 2). Extent-based Allocations Tracks the allocated space in ranges of clusters making it especially efficient for storing very large files. Optimized Allocations Supports sparse files, inline-data, unwritten extents, hole punching and allocation reservation for higher performance and efficient storage. File Cloning/snapshots REFLINK is a feature which introduces copy-on-write clones of files in a cluster coherent way. Indexed Directories Allows efficient access to millions of objects in a directory. Metadata Checksums Detects silent corruption in inodes and directories. Extended Attributes Supports attaching an unlimited number of name:value pairs to the file system objects like regular files, directories, symbolic links, etc. Advanced Security Supports POSIX ACLs and SELinux in addition to the traditional file access permission model. Quotas Supports user and group quotas. Journaling Supports both ordered and writeback data journaling modes to provide file system consistency in the event of power failure or system crash. Endian and Architecture neutral Supports a cluster of nodes with mixed architectures. Allows concurrent mounts on nodes running 32-bit and 64-bit, little-endian (x86, x86_64, ia64) and big-endian (ppc64) architectures. In-built Cluster-stack with DLM Includes an easy to configure, in-kernel cluster-stack with a distributed lock manager. Buffered, Direct, Asynchronous, Splice and Memory Mapped I/Os Supports all modes of I/Os for maximum flexibility and performance. Comprehensive Tools Support Provides a familiar EXT3-style tool-set that uses similar parameters for ease-of-use. The filesystem was distributed for Linux distributions in separate RPM form and this had to be built for every single kernel errata release or every updated kernel provided by the vendor. We provided builds from Oracle for Oracle Linux and all kernels released by Oracle and for Red Hat Enterprise Linux. SuSE provided the modules directly for every kernel they shipped. With the introduction of the Unbreakable Enterprise Kernel for Oracle Linux and our interest in reducing the overhead of building filesystem modules for every minor release, we decide to make OCFS2 available as part of UEK. There was no more need for separate kernel modules, everything was built-in and a kernel upgrade automatically updated the filesystem, as it should. UEK allowed us to not having to backport new upstream filesystem code into an older kernel version, backporting features into older versions introduces risk and requires extra testing because the code is basically partially rewritten. The UEK model works really well for continuing to provide OCFS2 without that extra overhead. Because the RHEL kernel did not contain OCFS2 as a kernel module (it is in the source tree but it is not built by the vendor in kernel module form) we stopped adding the extra packages to Oracle Linux and its RHEL compatible kernel and for RHEL. Oracle Linux customers/users obviously get OCFS2 included as part of the Unbreakable Enterprise Kernel, SuSE customers get it by SuSE distributed with SLES and Red Hat can decide to distribute OCFS2 to their customers if they chose to as it's just a matter of compiling the module and making it available. OCFS2 today, in the mainline kernel is pretty much feature complete in terms of integration with every filesystem feature Linux offers and it is still actively maintained with Joel Becker being the primary maintainer. Since we use OCFS2 as part of Oracle VM, we continue to look at interesting new functionality to add, REFLINK was a good example, and as such we continue to enhance the filesystem where it makes sense. Bugfixes and any sort of code that goes into the mainline Linux kernel that affects filesystems, automatically also modifies OCFS2 so it's in kernel, actively maintained but not a lot of new development happening at this time. We continue to fully support OCFS2 as part of Oracle Linux and the Unbreakable Enterprise Kernel and other vendors make their own decisions on support as it's really a Linux cluster filesystem now more than something that we provide to customers. It really just is part of Linux like EXT3 or BTRFS etc, the OS distribution vendors decide. Do not confuse OCFS2 with ACFS (ASM cluster Filesystem) also known as Oracle Cloud Filesystem. ACFS is a filesystem that's provided by Oracle on various OS platforms and really integrates into Oracle ASM (Automatic Storage Management). It's a very powerful Cluster Filesystem but it's not distributed as part of the Operating System, it's distributed with the Oracle Database product and installs with and lives inside Oracle ASM. ACFS obviously is fully supported on Linux (Oracle Linux, Red Hat Enterprise Linux) but OCFS2 independently as a native Linux filesystem is also, and continues to also be supported. ACFS is very much tied into the Oracle RDBMS, OCFS2 is just a standard native Linux filesystem with no ties into Oracle products. Customers running the Oracle database and ASM really should consider using ACFS as it also provides storage/clustered volume management. Customers wanting to use a simple, easy to use generic Linux cluster filesystem should consider using OCFS2. To learn more about OCFS2 in detail, you can find good documentation on http://oss.oracle.com/projects/ocfs2 in the Documentation area, or get the latest mainline kernel from http://kernel.org and read the source. One final, unrelated note - since I am not always able to publicly answer or respond to comments, I do not want to selectively publish comments from readers. Sometimes I forget to publish comments, sometime I publish them and sometimes I would publish them but if for some reason I cannot publicly comment on them, it becomes a very one-sided stream. So for now I am going to not publish comments from anyone, to be fair to all sides. You are always welcome to email me and I will do my best to respond to technical questions, questions about strategy or direction are sometimes not possible to answer for obvious reasons.

    Read the article

  • AIX Checklist for stable obiee deployment

    - by user554629
    Common AIX configuration issues     ( last updated 27 Aug 2012 ) OBIEE is a complicated system with many moving parts and connection points.The purpose of this article is to provide a checklist to discuss OBIEE deployment with your systems administrators. The information in this article is time sensitive, and updated as I discover new  issues or details. What makes OBIEE different? When Tech Support suggests AIX component upgrades to a stable, locked-down production AIX environment, it is common to get "push back".  "Why is this necessary?  We aren't we seeing issues with other software?"It's a fair question that I have often struggled to answer; here are the talking points: OBIEE is memory intensive.  It is the entire purpose of the software to trade memory for repetitive, more expensive database requests across a network. OBIEE is implemented in C++ and is very dependent on the C++ runtime to behave correctly. OBIEE is aggressively thread efficient;  if atomic operations on a particular architecture do not work correctly, the software crashes. OBIEE dynamically loads third-party database client libraries directly into the nqsserver process.  If the library is not thread-safe, or corrupts process memory the OBIEE crash happens in an unrelated part of the code.  These are extremely difficult bugs to find. OBIEE software uses 99% common source across multiple platforms:  Windows, Linux, AIX, Solaris and HPUX.  If a crash happens on only one platform, we begin to suspect other factors.  load intensity, system differences, configuration choices, hardware failures.  It is rare to have a single product require so many diverse technical skills.   My role in support is to understand system configurations, performance issues, and crashes.   An analyst trained in Business Analytics can't be expected to know AIX internals in the depth required to make configuration choices.  Here are some guidelines. AIX C++ Runtime must be at  version 11.1.0.4$ lslpp -L | grep xlC.aixobiee software will crash if xlC.aix.rte is downlevel;  this is not a "try it" suggestion.Nov 2011 11.1.0.4 version  is appropriate for all AIX versions ( 5, 6, 7 )Download from here:https://www-304.ibm.com/support/docview.wss?uid=swg24031426 No reboot is necessary to install, it can even be installed while applications are using the current version.Restart the apps, and they will pick up the latest version. AIX 5.3 Technology Level 12 is required when running on Power5,6,7 processorsAIX 6.1 was introduced with the newer Power chips, and we have seen no issues with 6.1 or 7.1 versions.Customers with an unstable deployment, dozens of unexplained crashes, became stable after the upgrade.If your AIX system is 5.3, the minimum TL level should be at or higher than this:$ oslevel -s  5300-12-03-1107IBM typically supports only the two latest versions of AIX ( 6.1 and 7.1, for example).  AIX 5.3 is still supported and popular running in an LPAR. obiee userid limits$ ulimit -Ha  ( hard limits )$ ulimit -a   ( default limits )core file size (blocks)     unlimiteddata seg size (kbytes)      unlimitedfile size (blocks)          unlimitedmax memory size (kbytes)    unlimitedopen files                  10240 cpu time (seconds)          unlimitedvirtual memory (kbytes)     unlimitedIt is best to establish the values in /etc/security/limitsroot user is needed to observe and modify this file.If you modify a limit, you will need to relog in to change it again.  For example,$ ulimit -c 0$ ulimit -c 2097151cannot modify limit: Operation not permitted$ ulimit -c unlimited$ ulimit -c0There are only two meaningful values for ulimit -c ; zero or unlimited.Anything else is likely to produce a truncated core file that cannot be analyzed. Deploy 32-bit or 64-bit ?Early versions of OBIEE offered 32-bit or 64-bit choice to AIX customers.The 32-bit choice was needed if a database vendor did not supply a 64-bit client library.That's no longer an issue and beginning with OBIEE 11, 32-bit code is no longer shipped.A common error that leads to "out of memory" conditions to to accept the 32-bit memory configuration choices on 64-bit deployments.  The significant configuration choices are: Maximum process data (heap) size is in an AIX environment variableLDR_CNTRL=IGNOREUNLOAD@LOADPUBLIC@PREREAD_SHLIB@MAXDATA=0x... Two thread stack sizes are made in obiee NQSConfig.INI[ SERVER ]SERVER_THREAD_STACK_SIZE = 0;DB_GATEWAY_THREAD_STACK_SIZE = 0; Sort memory in NQSConfig.INI[ GENERAL ]SORT_MEMORY_SIZE = 4 MB ;SORT_BUFFER_INCREMENT_SIZE = 256 KB ; Choosing a value for MAXDATA:0x080000000  2GB Default maximum 32-bit heap size ( 8 with 7 zeros )0x100000000  4GB 64-bit breaking even with 32-bit ( 1 with 8 zeros )0x200000000  8GB 64-bit double 32-bit max0x400000000 16GB 64-bit safetyUsing 2GB heap size for a 64-bit process will almost certainly lead to an out-of-memory situation.Registers are twice as big ... consume twice as much memory in the heap.Upgrading to a 4GB heap for a 64-bit process is just "breaking even" with 32-bit.A 32-bit process is constrained by the 32-bit virtual addressing limits.  Heap memory is used for dynamic requirements of obiee software, thread stacks for each of the configured threads, and sometimes for shared libraries. 64-bit processes are not constrained in this way;  extra heap space can be configured for safety against a query that might create a sudden requirement for excessive storage.  If the storage is not available, this query might crash the whole server and disrupt existing users.There is no performance penalty on AIX for configuring more memory than required;  extra memory can be configured for safety.  If there are no other considerations, start with 8GB.Choosing a value for Thread Stack size:zero is the value documented to select an appropriate default for thread stack size.  My preference is to change this to an absolute value, even if you intend to use the documented default;  it provides better documentation and removes the "surprise" factor.There are two thread types that can be configured. GATEWAY is used by a thread pool to call a database client library to establish a DB connection.The default size is 256KB;  many customers raise this to 512KB ( no performance penalty for over-configuring ). This value must be set to 1 MB if Teradata connections are used. SERVER threads are used to run queries.  OBIEE uses recursive algorithms during the analysis of query structures which can consume significant thread stack storage.  It's difficult to provide guidance on a value that depends on data and complexity.  The general notion is to provide more space than you think you need,  "double down" and increase the value if you run out, otherwise inspect the query to understand why it is too complex for the thread stack.  There are protections built into the software to abort a single user query that is too complex, but the algorithms don't cover all situations.256 KB  The default 32-bit stack size.  Many customers increased this to 512KB on 32-bit.  A 64-bit server is very likely to crash with this value;  the stack contains mostly register values, which are twice as big.512 KB  The documented 64-bit default.  Some early releases of obiee didn't set this correctly, resulting in 256KB stacks.1 MB  The recommended 64-bit setting.  If your system only ever uses 512KB of stack space, there is no performance penalty for using 1MB stack size.2 MB  Many large customers use this value for safety.  No performance penalty.nqscheduler does not use the NQSConfig.INI file to set thread stack size.If this process crashes because the thread stack is too small, use this to set 2MB:export OBI_BACKGROUND_STACK_SIZE=2048 Shared libraries are not (shared) When application libraries are loaded at run-time, AIX makes a decision on whether to load the libraries in a "public" memory segment.  If the filesystem library permissions do not have the "Read-Other" permission bit, AIX loads the library into private process memory with two significant side-effects:* The libraries reduce the heap storage available.      Might be significant in 32-bit processes;  irrelevant in 64-bit processes.* Library code is loaded into multiple real pages for execution;  one copy for each process.Multiple execution images is a significant issue for both 32- and 64-bit processes.The "real memory pages" saved by using public memory segments is a minor concern.  Today's machines typically have plenty of real memory.The real problem with private copies of libraries is that they consume processor cache blocks, which are limited.   The same library instructions executing in different real pages will cause memory delays as the i-cache ( instruction cache 128KB blocks) are refreshed from real memory.   Performance loss because instructions are delayed is something that is difficult to measure without access to low-level cache fault data.   The machine just appears to be running slowly for no observable reason.This is an easy problem to detect, and an easy problem to correct.Detection:  "genld -l" AIX command produces a list of the libraries used by each process and the AIX memory address where they are loaded.32-bit public segment is 13 ( "dxxxxxxx" ).   private segments are 2-a.64-bit public segment is 9 ( "9xxxxxxxxxxxxxxx") ; private segment is 8.genld -l | grep -v ' d| 9' | sort +2provides a list of privately loaded libraries. Repair: chmod o+r <libname>AIX shared libraries will have a suffix of ".so" or ".a".Another technique is to change all libraries in a selected directory to repair those that might not be currently loaded.   The usual directories that need repair are obiee code, httpd code and plugins, database client libraries and java.chmod o+r /shr/dir/*.a /shr/dir/*.so Configure your system for diagnosticsProduction systems shouldn't crash, and yet bad things happen to good software.If obiee software crashes and produces a core, you should configure your system for reliable transfer of the failing conditions to Oracle Tech Support.  Here's what we need to be able to diagnose a core file from your system.* fullcore enabled. chdev -lsys0 -a fullcore=true* core naming enabled. chcore -n on -d* ulimit must not truncate core. see item 3.* pstack.sh is used to capture core documentation.* obidoc is used to capture current AIX configuration.* snapcore  AIX utility captures core and libraries. Use the proper syntax. $ snapcore -r corename executable-fullpath   /tmp/snapcore will contain the .pax.Z output file.  It is compressed.* If cores are directed to a common directory, ensure obiee userid can write to the directory.  ( chcore -p /cores -d ; chmod 777 /cores )The filesystem must have sufficient space to hold a crashing obiee application.Use:  df -k  Check the "Free" column ( not "% Used" )  8388608 is 8GB. Disable Oracle Client Library signal handlingThe Oracle DB Client Library is frequently distributed with the sqlplus development kit.By default, the library enables a signal handler, which will document a call stack if the application crashes.   The signal handler is not needed, and definitely disruptive to obiee diagnostics.   It needs to be disabled.   sqlnet.ora is typically located at:   $ORACLE_HOME/network/admin/sqlnet.oraAdd this line at the top of the file:   DIAG_SIGHANDLER_ENABLED=FALSE Disable async query in the RPD connection pool.This might be an obiee 10.1.3.4 issue only ( still checking  )."async query" must be disabled in the connection pools.It was designed to enable query cancellation to a database, and turned out to have too many edge conditions in normal communication that produced random corruption of data and crashes.  Please ensure it is turned off in the RPD. Check AIX error report (errpt).Errors external to obiee applications can trigger crashes.  $ /bin/errpt -aHardware errors ( firmware, adapters, disks ) should be reported to IBM support.All application core files are recorded by AIX;  the most recent ones are listed first. Reserved for something important to say.

    Read the article

  • $facebook->getSession() returns null in the example code. is that ok?

    - by Toto
    Running the example code for the Facebook API I get a null session object, and I should get a non-null object giving the comment in the code. What am I doing wrong? In other words, in my index.php this fragment from the example code shows "no session" when I go to http://apps.facebook.com/my_app in my browser: <?php require './facebook.php'; // Create our Application instance. $facebook = new Facebook(array( 'appId' => '...', // actual value replaced by '...' for this post 'secret' => '...', // actual value replaced by '...' for the post 'cookie' => true, )); // We may or may not have this data based on a $_GET or $_COOKIE based session. // // If we get a session here, it means we found a correctly signed session using // the Application Secret only Facebook and the Application know. We dont know // if it is still valid until we make an API call using the session. A session // can become invalid if it has already expired (should not be getting the // session back in this case) or if the user logged out of Facebook. $session = $facebook->getSession(); if ($session) { echo "session ok"; } else { echo "no session"; } ?> Note: in my server index.php and facebook.php are in the same folder.

    Read the article

  • Howto use FB Graph to post a message on a feed (wall)

    - by qualbeen
    I have created an app, and now i want to post a message on one of my friends wall with use of the new Graph API. Is this do-able? I am already using oAuth and the Graph-api to get a list of all my friends. The API at http://developers.facebook.com/docs/api tells me to cURL https://graph.facebook.com/[userid]/feed to read the feed, but it also tells me howto post a message: curl -F 'access_token=[...]' -F 'message=Hello, Arjun. I like this new API.' https://graph.facebook.com/arjun/feed Ofcourse this doesn't work! And I can't find out why.. Here are my PHP-code: require_once 'facebook.php'; // PHP-SDK downloaded from http://github.com/facebook/php-sdk $facebook = new Facebook(array(appId=>123, secret=>'secret')); $result = $facebook->api( '/me/feed/', array('access_token' => $this->access_token, 'message' => 'Playing around with FB Graph..') ); This code does not throws any error, and I know my access_token are correct (otherwise i could't run $facebook-api('/me?access_token='.$this-access_token); to get my userobject. Have anyone out there sucsessfully posted a message using Graph-api? Then i need your help! :-)

    Read the article

  • Asterisk Manager API SIPPeers - Permission Denied

    - by Matt H
    I'm wanting to use the asterisk manager api to show the status of all my SIP lines in a PHP web interface. I thought I'd start simple and use telnet to see it working. So I created a user in /etc/asterisk/manager.conf [portal] secret = password read = all,system,call,log,verbose,command,agent,user Then telnet to localhost on port 5038 This is what I get. asterisk ~ # telnet localhost 5038 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Asterisk Call Manager/1.0 Action: login Username: portal Secret: 8u9sdgk Events: off Response: Success Message: Authentication accepted Action: SIPPeers Response: Error Message: Permission denied Why am I getting permission denied? I thought the user has basically full access? Do I need to restart asterisk to make this work? I didn't restart it. On the other hand, I was able to log in which makes me think that the manager.conf has been reloaded as the portal user didn't exist before. Any ideas?

    Read the article

  • Node.js + express.js + passport.js : stay authenticated between server restart

    - by Arnaud Rinquin
    I use passport.js to handle auth on my nodejs + express.js application. I setup a LocalStrategy to take users from mongodb My problems is that users have to re-authenticate when I restart my node server. This is a problem as I am actively developing it and don't wan't to login at every restart... (+ I use node supervisor) Here is my app setup : app.configure(function(){ app.use('/static', express.static(__dirname + '/static')); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.cookieParser()); app.use(express.session({secret:'something'})); app.use(passport.initialize()); app.use(passport.session()); app.use(app.router); }); And session serializing setup : passport.serializeUser(function(user, done) { done(null, user.email); }); passport.deserializeUser(function(email, done) { User.findOne({email:email}, function(err, user) { done(err, user); }); }); I tried the solution given on this blog using connect-mongodb without success app.use(express.session({ secret:'something else', cookie: {maxAge: 60000 * 60 * 24 * 30}, // 30 days store: MongoDBStore({ db: mongoose.connection.db }) }));

    Read the article

  • Encrypt/Decrypt ECB/PKS5/Blowfish between AS3Crypto & Javax.Crypto fails with padding error

    - by BlueDude
    I have a secret key that was sent to me as a file so I can encrypt some xml data using Blowfish. How do I access the key so that I can use it with AS3Crypto? I assume I need to Embed it using the [Embed] meta tag. It's mimeType="application/octet-stream" but I'm not sure if thats right. How do I embed, then reference this file as the secret key? The xmls that I'm encrypting cannot be decrypted on the Java side. Each attempt fails with this exception: javax.crypto.BadPaddingException: Given final block not properly padded. As a bonus, if anyone has experience using the lib to work with the Java implementation and knows the ideal mode/padding/IV to use that would be awesome. Thanks! //keyFile is an embedded asset. I was given a file to use as the key var kdata:ByteArray = new keyFile() as ByteArray; //Convert orderXML to Base64 var orderData:ByteArray = Base64.decodeToByteArray(String(orderXML)); //Cipher name var cname:String = "simple-blowfish-ecb"; var pad:IPad = new PKCS5; var mode:ICipher = Crypto.getCipher(cname, kdata, pad); //not sure if this is necessary. seems to be also set in mode pad.setBlockSize(mode.getBlockSize()); mode.encrypt(orderData); var transmitXML:String = Base64.encodeByteArray(orderData); //DEBUG: Output to TextArea storePanel.statusBox.text += "\n--TRANSMIT--\n"+transmitXML;

    Read the article

  • How to exploit Diffie-hellman to perform a man in the middle attack

    - by jfisk
    Im doing a project where Alice and Bob send each other messages using the Diffie-Hellman key-exchange. What is throwing me for a loop is how to incorporate the certificate they are using in this so i can obtain their secret messages. From what I understand about MIM attakcs, the MIM acts as an imposter as seen on this diagram: Below are the details for my project. I understand that they both have g and p agreed upon before communicating, but how would I be able to implement this with they both having a certificate to verify their signatures? Alice prepares ?signA(NA, Bob), pkA, certA? where signA is the digital signature algorithm used by Alice, “Bob” is Bob’s name, pkA is the public-key of Alice which equals gx mod p encoded according to X.509 for a fixed g, p as specified in the Diffie-Hellman key- exchange and certA is the certificate of Alice that contains Alice’s public-key that verifies the signature; Finally, NA is a nonce (random string) that is 8 bytes long. Bob checks Alice's signature, and response with ?signB{NA,NB,Alice},pkB,certB?. Alice gets the message she checks her nonce NA and calculates the joint key based on pkA, pkB according to the Diffie-Hellman key exchange. Then Alice submits the message ?signA{NA,NB,Bob},EK(MA),certA? to Bob and Bobrespondswith?SignB{NA,NB,Alice},EK(MB),certB?. where MA and MB are their corresponding secret messages.

    Read the article

  • Vimeo Desktop App OAuth

    - by Barry
    Hi Guys, I'm currently having massive trouble with Vimeo's Oauth implementation and my desktop app. My program does the following correctly. 1- Requests a Unauthorized Request Token with my key and secret and returns - a Token and a Token secret. 2- Generates a URL for the user to go to using the token which then shows our application's name and allows the user to Authorize us to use his/her account. It then shows a verifier which the user returns and puts into our app. The problem is the third step and actually exchanging the tokens for the access tokens. Basically every time we try and get them we get a "Invalid / expired token - The oauth_token passed was either not valid or has expired" I looked at the documentation and there's supposed to be a callback to a server when deployed like that which gives the user an "authorized token" but as im developing a desktop app we can't do this. So I assume the token retrieved in 1 is valid for this step. (actually it seems it is: http://vimeo.com/forums/topic:22605) So I'm wondering now am I missing something here on my actual vimeo application account now? is it treating it as a web hosted app with callbacks? all the elements are there for this to work and I've used this same component to create a twitter Oauth login in exactly the same way and it was fine. Thanks in advance, Barry

    Read the article

  • Java to JavaScript (Encryption related)

    - by balexandre
    Hi guys, I'm having difficulties to get the same string in Javascript and I'm thinking that I'm doing something wrong... Java code: import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.GregorianCalendar; import sun.misc.BASE64Encoder; private static String getBase64Code(String input) throws UnsupportedEncodingException, NoSuchAlgorithmException { String base64 = ""; byte[] txt = input.getBytes("UTF8"); byte[] text = new byte[txt.length+3]; text[0] = (byte)239; text[1] = (byte)187; text[2] = (byte)191; for(int i=0; i<txt.length; i++) text[i+3] = txt[i]; MessageDigest md = MessageDigest.getInstance("MD5"); md.update(text); byte digest[] = md.digest(); BASE64Encoder encoder = new BASE64Encoder(); base64 = encoder.encode(digest); return base64; } I'm trying this using Paj's MD5 script as well Farhadi Base 64 Encode script but my tests fail completely :( my code: function CalculateCredentialsSecret(type, user, pwd) { var days = days_between(new Date(), new Date(2000, 1, 1)); var str = type.toUpperCase() + user.toUpperCase() + pwd.toUpperCase() + days; var md5 = hex_md5(str); var b64 = base64Encode(md5); return encodeURIComponent(b64); } Does anyone know how can I convert this Java method into a Javascript one? Thank you Tests (for today, 3740 days after January 1st, 2000 var secret = CalculateCredentialsSecret('AAA', 'BBB', 'CCC'); // secret SHOULD be: S3GYAfGWlmrhuoNsIJF94w==

    Read the article

  • Implementing parts of rfc4226 (HOTP) in mysql

    - by Moose Morals
    Like the title says, I'm trying to implement the programmatic parts of RFC4226 "HOTP: An HMAC-Based One-Time Password Algorithm" in SQL. I think I've got a version that works (in that for a small test sample, it produces the same result as the Java version in the code), but it contains a nested pair of hex(unhex()) calls, which I feel can be done better. I am constrained by a) needing to do this algorithm, and b) needing to do it in mysql, otherwise I'm happy to look at other ways of doing this. What I've got so far: -- From the inside out... -- Concatinate the users secret, and the number of time its been used -- find the SHA1 hash of that string -- Turn a 40 byte hex encoding into a 20 byte binary string -- keep the first 4 bytes -- turn those back into a hex represnetation -- convert that into an integer -- Throw away the most-significant bit (solves signed/unsigned problems) -- Truncate to 6 digits -- store into otp -- from the otpsecrets table select (conv(hex(substr(unhex(sha1(concat(secret, uses))), 1, 4)), 16, 10) & 0x7fffffff) % 1000000 into otp from otpsecrets; Is there a better (more efficient) way of doing this?

    Read the article

  • how can I convert String to SecretKey

    - by Alaa
    I want to convert String to secretKey public void generateCode(String keyStr){ KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128); // 192 and 256 bits may not be available // Generate the secret key specs. secretKey skey=keyStr; //How can I make the casting here //SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); } I try to use BASE64Decoder instead of secretKey, but I face a porblem which is I cannot specify key length. EDIT: I want to call this function from another place static public String encrypt(String message , String key , int keyLength) throws Exception { // Get the KeyGenerator KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(keyLength); // 192 and 256 bits may not be available // Generate the secret key specs. //decode the BASE64 coded message SecretKey skey = key; //here is the error raw = skey.getEncoded(); SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); // Instantiate the cipher Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); System.out.println("msg is" + message + "\n raw is" + raw); byte[] encrypted = cipher.doFinal(message.getBytes()); String cryptedValue = new String(encrypted); System.out.println("encrypted string: " + cryptedValue); return cryptedValue; } Any one can help, i'll be very thankful.

    Read the article

  • How to make Facebook Authentication from Silverlight secure?

    - by SondreB
    I have the following scenario I want to complete: Website running some HTTP(S) services that returns data for a user. Same website is additionally hosting a Silverlight 4 app which calls these services. The Silverlight app is integrating with Facebook using the Facebook Developer Toolkit (http://facebooktoolkit.codeplex.com/). I have not fully decided whether I want Facebook-integration to be a "opt-in" option such as Spotify, or if I want to "lock" down my service with Facebook-only authentication. That's another discussion. How do I protect my API Key and Secret that I receive from Facebook in a Silverlight app? To me it's obvious that this is impossible as the code is running on the client, but is there a way I can make it harder or should I just live with the fact that third parties could potentially "act" as my own app? Using the Facebook Developer Toolkit, there is a following C# method in Silverlight that is executed from the JavaScript when the user has fully authenticated with Facebook using the Facebook Connect APIs. [ScriptableMember] public void LoggedIn(string sessionKey, string secret, int expires, long userId) { this.SessionKey = sessionKey; this.UserId = userId; Obvious the problem here is the fact that JavaScript is injection the userId, which is nothing but a simple number. This means anyone could potentially inject a different userId in JavaScript and have my app think it's someone else. This means someone could hijack the data within the services running on my website. The alternative that comes to mind is authenticating the users on my website, this way I'm never exposing any secrets and I can return an auth-cookie to the users after the initial authentication. Though this scenario doesn't work very well in an out-of-browser scenario where the user is running the Silverlight app locally and not from my website.

    Read the article

  • a facebook app question

    - by Robert
    I have written a small app and put it on facebook. I got an application ID and secret. Then I wrote the following script to access my app (just as told on the facebook page). <?php require './src/facebook.php'; $facebook = new Facebook(array( 'appId' => 'xxxx', 'secret' => 'xxxx', 'cookie' => true, // enable optional cookie support )); try { $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } if ($facebook->getSession()) { echo '<a href="' . $facebook->getLogoutUrl() . '">Logout</a>'; } else { echo '<a href="' . $facebook->getLoginUrl() . '">Login</a>'; } ?> Then I started running this script. It prompted me with the login link, then took me to the facebook login page. However, after I enter my facebook login details, I get this error page: Error. API Error Code: 100 API Error Description: Invalid parameter Error Message: next is not owned by the application. Could anyone help me a little bit please, I am really confused here about what's going on.

    Read the article

  • java Properties - to expose or not to expose?

    - by ring bearer
    This might be an age old problem and I am sure everyone has their own ways. Suppose I have some properties defined such as secret.user.id=user secret.password=password website.url=http://stackoverflow.com Suppose I have 100 different classes and places where I need to use these properties. Which one is good (1) I create a Util class that will load all properties and serve them using a key constant Such as : Util is a singleton that loads all properties and keeps up on getInstance() call. Util myUtil = Util.getInstance(); String user = myUtil.getConfigByKey(Constants.SECRET_USER_ID); String password = myUtil.getConfigByKey(Constants.SECRET_PASSWORD); .. //getConfigByKey() - inturns invokes properties.get(..) doSomething(user, password) So wherever I need these properties, I can do steps above. (2) I create a meaningful Class to represent these properties; say, ApplicationConfig and provide getters to get specific properties. So above code may look like: ApplicationConfig config = ApplicationConfig.getInstance(); doSomething(config.getSecretUserId(), config.getPassword()); //ApplicationConfig would have instance variables that are initialized during // getInstance() after loading from properties file. Note: The properties file as such will have only minor changes in the future. My personal choice is (2) - let me hear some comments?

    Read the article

  • Ruby-on-rails: routing problem: controller action looks for show when it should look for finalize

    - by cbrulak
    background: trying to use the twitter gem for ruby-on-rails. in routes: map.resources :twitter_sessions map.finalize_twitter_sessions 'twitter_sessions/finalize', :controller => 'twitter_sessions', :action => 'finalize' (twitter_sessions is the controller for the twitter sessions in my app). The view has one file new.html.erb and is very simple: <% form_tag(twitter_sessions_path) do |f| %> <p><%= submit_tag "twitter!" %></p> <% end %> and the twitter_sessions_controller.rb: def new end def create oauth.set_callback_url(finalize_twitter_sessions_url) session['rtoken'] = oauth.request_token.token session['rsecret'] = oauth.request_token.secret redirect_to oauth.request_token.authorize_url end def destroy reset_session redirect_to new_session_path end def finalize oauth.authorize_from_request(session['rtoken'], session['rsecret'], params[:oauth_verifier]) profile = Twitter::Base.new(oauth).verify_credentials session['rtoken'] = session['rsecret'] = nil session[:atoken] = oauth.access_token.token session[:asecret] = oauth.access_token.secret sign_in(profile) redirect_back_or root_path end However, after I click the "twitter" button, I get this error: 401 Unauthorized .../gems/oauth-0.3.6/lib/oauth/consumer.rb:200:in `token_request' .../gems/oauth-0.3.6/lib/oauth/consumer.rb:128:in `get_request_token' .../gems/twitter-0.9.2/lib/twitter/oauth.rb:32:in `request_token' .../gems/twitter-0.9.2/lib/twitter/oauth.rb:25:in `set_callback_url' app/controllers/twitter_sessions_controller.rb:7:in `create' If I go to the finalize url, http://localhost:3000/twitter_sessions/finalize, directly, I get this error: Unknown action No action responded to show. Actions: create, destroy, finalize, isLoggedInToBeta, login_required, and new Any ideas? Thanks

    Read the article

  • parameter error in my Facebook app

    - by Robert
    I have written a small app and put it on facebook. I got an application ID and secret. Then I wrote the following script to access my app (just as told on the facebook page). <?php require './src/facebook.php'; $facebook = new Facebook(array( 'appId' => 'xxxx', 'secret' => 'xxxx', 'cookie' => true, // enable optional cookie support )); try { $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } if ($facebook->getSession()) { echo '<a href="' . $facebook->getLogoutUrl() . '">Logout</a>'; } else { echo '<a href="' . $facebook->getLoginUrl() . '">Login</a>'; } ?> Then I started running this script. It prompted me with the login link, then took me to the facebook login page. However, after I enter my facebook login details, I get this error page: Error. API Error Code: 100 API Error Description: Invalid parameter Error Message: next is not owned by the application. Could anyone help me a little bit please, I am really confused here about what's going on.

    Read the article

  • PHP (CodeIgniter) Pass Object Through Session

    - by FranticPedantic
    I am using PHP5 and CodeIgniter and I am trying to implement a single-sign on feature with facebook (although I don't think that facebook is relevant to the question). I am somewhat of a novice with PHP and definitely one with CodeIgniter, so if you think my approach is just completely off telling me that would be helpful too. So here is in short what I am doing: //Controller 1 $this->load->plugin("facebook"); $facebook = new Facebook(array ( 'appId' => $fbconfig['appid'], 'secret' => $fbconfig['secret'], 'cookie' => true, ) ); $fbsession = $facebook->getSession(); //works fine $this->session->set_userdata('facebook', serialize($facebook); Now I would like to grab that facebook object in a different controller. //Controller 2 $facebook = unserialize($this->session->userdata('facebook')); $fbsession = $facebook->getSession(); Produces the error: Call to undefined method getSession. So I look up more about serialization and think that maybe it just doesn't know what the facebook object's attributes are. So I add in a $this->load->plugin('facebook'); To controller 2 as well and I get a "Cannot redeclare class facebook." I am strongly suspecting that I am misunderstanding sessions here. Do I have to somehow tell PHP what kind of object it is? Thanks for the help.

    Read the article

  • ZipArchive on the iPhone unzips files but they are empty

    - by user345131
    I'm trying to use ZipArchive on the iPhone to unzip a simple text file. It returns with no error but the file is empty. I would love to know why this doesn't work. I am using the following methods: -(void)alert:(NSString*)message { UIAlertView *myAlert = [[UIAlertView alloc] initWithTitle:@"" message:message delegate:self cancelButtonTitle:@"Ok" otherButtonTitles:nil, nil]; [myAlert show]; [myAlert release]; } -(void)unzip { NSString *sourcepath = [[NSBundle mainBundle] pathForResource:@"secret" ofType:@"zip"]; NSString*filename = @"secret.txt"; NSArray *docPaths =NSSearchPathForDirectoriesInDomains(NSDocumentDirectory,NSUserDomainMask, YES); NSString *destinationpath = [docPaths objectAtIndex: 0]; if (filename != nil ) destinationpath = [destinationpath stringByAppendingPathComponent: filename]; ZipArchive* za = [[ZipArchive alloc] init]; if( [za UnzipOpenFile:sourcepath Password:@""] ) { BOOL ret = [za UnzipFileTo:destinationpath overWrite:YES]; if( NO==ret ) [self alert:@"Problem"]; else [self alert:@"Success"]; [za UnzipCloseFile]; } [za release]; NSString *test = [[NSString alloc] initWithContentsOfFile:destinationpath encoding:NSASCIIStringEncoding error:nil]; [self alert:test]; }

    Read the article

  • Facebook graph API post to user's wall

    - by Lance
    I'm using the FB graph api to post content to the user's wall. I orginally tried using this method: $wall_post = array(array('message' => 'predicted the', 'name' => 'predicted the'), array('message' => $winning_team, 'name' => $winning_team, 'link' => 'http://www.sportannica.com/teams.php?team='.$winning_team.'&amp;year=2012'), array('message' => 'to beat the', 'name' => 'to beat the',), array('message' => $losing_team, 'name' => $losing_team, 'link' => 'http://www.sportannica.com/teams.php?team='.$losing_team.'&amp;year=2012'), array('message' => 'on '.$game_date.'', 'name' => 'on '.$game_date.''), array('picture' => 'http://www.sportannica.com/img/team_icons/current_season_logos/large/'.$winning_team.'.png')); $res = $facebook->api('/me/feed/', 'post', '$wall_post'); But, much to my surprise, you can't post multiple links to a users wall. So, now I'm using the graph api to post content to a user's wall much like the way spotify does. So, now I've figured out that I need to create custom actions and objects with the open graph dashboard. So, I've created the "predict" action and gave it permission to edit the object "game." So, now I have the code: $facebook = new Facebook(array( 'appId' => 'appID', 'secret' => 'SECRET', 'cookie' => true )); $access_token = $facebook->getAccessToken(); $user = $facebook->getUser(); if($user != 0) { curl -F 'access_token='$.access_token.'' \ -F 'away_team=New York Yankees' \ -F 'home_team=New York Mets' \ -F 'match=http://samples.ogp.me/413385652011237' \ 'https://graph.facebook.com/me/predict-edit-add:predict' } I keep getting an error reading: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING Any ideas?

    Read the article

  • Password hashing, salt and storage of hashed values

    - by Jonathan Leffler
    Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

    Read the article

  • oauth problem( app engine)

    - by portoalet
    hi i am trying to pull user's documents data from google docs using oauth, but i cannot understand how to do it - what's the purpose of oauth_verifier - how to get the access token secret? - if i try to use DocsService below, then i have a "server error" - is there a clear tutorial for this? i cannot find any atm.. String oauth_verifier = req.getParameter("oauth_verifier"); String oauth_token = req.getParameter("oauth_token"); String oauthtokensecret = req.getParameter("oauth_token_secret"); GoogleOAuthParameters oauthparam = new GoogleOAuthParameters(); oauthparam.setOAuthConsumerKey("consumer key"); oauthparam.setOAuthConsumerSecret("secret"); oauthparam.setOAuthToken(oauth_token); oauthparam.setOAuthTokenSecret(oauthtokensecret); oauthparam.setOAuthVerifier(oauth_verifier); OAuthHmacSha1Signer signer = new OAuthHmacSha1Signer(); GoogleOAuthHelper oauthhelper = new GoogleOAuthHelper(signer); String accesstoken = ""; String accesstokensecret = ""; try { oauthhelper.getUnauthorizedRequestToken(oauthparam); accesstoken = oauthhelper.getAccessToken(oauthparam); accesstokensecret = oauthparam.getOAuthTokenSecret(); // DocsService client = new DocsService("yourCompany-YourAppName-v1"); ...

    Read the article

  • How do you test a command object in a grails controller integration test?

    - by egervari
    I'm new to grails. How do I test a form command object to make sure that it's working? Here's some setup code in a test. When I try to do it, I get the following exceptions: Error occurred creating command object. org.codehaus.groovy.grails.web.servlet.mvc.exceptions.ControllerExecutionException: Error occurred creating command object. at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) .... Caused by: groovy.lang.MissingPropertyException: No such property: password for class: project.user.RegistrationForm Possible solutions: password Here is my test case. As you can see, I set "password" on the params map... void testSaveWhenDataIsCorrect() { controller.params.emailAddress = "[email protected]" controller.params.password = "secret" controller.params.confirmPassword = "secret" controller.save() assertEquals "success", redirectArgs.view ... } Here's the controller action, that adds the command object as a closure parameter: def save = { RegistrationForm form -> if(form.hasErrors()) { render view: "create", model: [form: form] } else { def user = new User(form.properties) user.password = form.encryptedPassword if(user.save()) { redirect(action: "success") } else { render view: "create", model: [form: form] } } } Here's the command object itself... and note that it DOES have a "password" field... class RegistrationForm { def springSecurityService String emailAddress String password String confirmPassword String getEncryptedPassword() { springSecurityService.encodePassword(password) } static constraints = { emailAddress(blank: false, email: true) password(blank: false, size:4..10) confirmPassword(blank: false, validator: { password != confirmPassword }) } } I'm totally lost in the non-intuitive way to do controllers... Please help.

    Read the article

< Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95  | Next Page >