Dear Managers,
The pop bulletin problem has been previously summarized. I
apologize for the delay with the X terminal problem, but we have been
thwarted by a problem unrelated to DU: the student who requested the
service has a problem with his X server software on his PC. This
leaves me with no way to test the solutions I received. I'll
reproduce them here for the record.
Reponses received:
Spider Boardman <spider_at_Orb.Nashua.NH.US>
Serge MUNHOVEN <munhoven_at_mema.ucl.ac.be>
Spider's response:
Larry> i) A student requested that his PC (with a X emulator) be
Larry> allowed to connect to our network of DEC 3000/300s as an X
Larry> server. We run DU v4.0D PL 2 with C2 security enabled.
Larry> I've done this in the past many times, but because of
Larry> recent changes in our local DNS setup the student's PC is
Larry> no longer in the same domain as our 3000s. I tried adding
Larry> the student's PC (specifying the full address,
Larry> e.g. foo.bar.edu) to the ttys database using edauth. Even
Larry> with the -v switch enabled on edauth, no error message
Larry> appears, but the PC is not added to the database (or at
Larry> least edauth doesn't show it when I list the ttys database
Larry> afterwards).
Larry> Is it sufficient to just insert the hostname and ignore
Larry> the domain? (I can't test this out; my PC is in the same
Larry> subdomain as my 3000s.) If not, how do I handle the
Larry> different domain?
The different domain requires a fully-qualified domain name
(FQDN) in the database, since that's how X will present the
display name to the Enhanced Security subsystem. Anyway, the
most likely problem you're seeing trying to add the entry is that
it's not properly formatted, but that the error is one of the
ones which edauth (as currently distributed) doesn't notice when
trying to set the entry (or entries).
If you need to keep a list of allowed entries, then you'll have
to get the formatting right. If you show me a typescript of a
session in which you try to add the entry, I can try to diagnose
what's going wrong. However, if you already have XDMCP managing
which displays are allowed to connect, then the Enhanced Security
databases are redundant in terms of security management, so you
might just want to add the X-display wildcard entries. That's done
like this (examples work for ksh and sh, modulo the indentation):
# /tcb/bin/edauth -dt -s <<\X
*\:*:t_devname=*\:*:t_login_timeout#0:t_xdisplay:chkent:
X
# /tcb/bin/edauth -dv -s <<\X
*\:*:v_devs=*\:*:v_type=xdisplay:chkent:
X
Once that's done, you'll never need to add another X display again.
Larry> ii) I'm running qpopper v2.53. Last weekend we had a
Larry> failure of the campus DNS server, the secondary servers
Larry> for some reason couldn't be reached, and pop users
Larry> couldn't get their mail. After the problem was fixed
Larry> Monday morning I wanted to put out a bulletin to POP users
Larry> to indicate what the problem was. However, the bulletin
Larry> is not sent out and the following error message keeps
Larry> coming up in the mail.log:
Larry> Nov 10 15:37:52 garfield popper[6950]: Bulletin 00001.DNS_failure does
not start with a valid "From " separator
Larry> I've stared at the bulletin and as far as I can tell I
Larry> have a valid header:
Larry> From root_at_cs.wsc.ma.edu Mon Nov 9 12:49:00 1998
Larry> Any clues as to what is causing the message?
I saw your summary about the " " vs. " " issue. I'm (almost)
shocked. In the old days, the " " (two-space separator) was
REQUIRED by /bin/mail. It sounds like something which should
be reported to Qualcomm to get fixed in qpopper.
Serge's response:
On Wed, Nov 11, 1998 at 03:13:04PM -0500, Larry Griffith wrote:
> Dear Managers,
>
> The X terminal part of the problem remains open, but the pop bulletins
> problem is solved thanks to
>
Just a guess :
Does the PC appear in your local /etc/hosts database ? Perhaps only that one
is trusted when security issues are involved. The name to use would then
probably be the canonical hostname that you've put there.
> i) A student requested that his PC (with a X emulator) be allowed
> to connect to our network of DEC 3000/300s as an X server. We run DU
> v4.0D PL 2 with C2 security enabled. I've done this in the past many
> times, but because of recent changes in our local DNS setup the
> student's PC is no longer in the same domain as our 3000s. I tried
> adding the student's PC (specifying the full address,
> e.g. foo.bar.edu) to the ttys database using edauth. Even with the -v
> switch enabled on edauth, no error message appears, but the PC is not
> added to the database (or at least edauth doesn't show it when I list
> the ttys database afterwards).
>
> Is it sufficient to just insert the hostname and ignore the
> domain? (I can't test this out; my PC is in the same subdomain as my
> 3000s.) If not, how do I handle the different domain?
>
Hope this helps,
- Serge
--
- -
Serge Munhoven Internet: munhoven_at_mema.ucl.ac.be
- -
Original post:
Dear Managers,
Two problems:
i) A student requested that his PC (with a X emulator) be allowed
to connect to our network of DEC 3000/300s as an X server. We run DU
v4.0D PL 2 with C2 security enabled. I've done this in the past many
times, but because of recent changes in our local DNS setup the
student's PC is no longer in the same domain as our 3000s. I tried
adding the student's PC (specifying the full address,
e.g. foo.bar.edu) to the ttys database using edauth. Even with the -v
switch enabled on edauth, no error message appears, but the PC is not
added to the database (or at least edauth doesn't show it when I list
the ttys database afterwards).
Is it sufficient to just insert the hostname and ignore the
domain? (I can't test this out; my PC is in the same subdomain as my
3000s.) If not, how do I handle the different domain?
ii) I'm running qpopper v2.53. Last weekend we had a failure of
the campus DNS server, the secondary servers for some reason couldn't
be reached, and pop users couldn't get their mail. After the problem
was fixed Monday morning I wanted to put out a bulletin to POP users
to indicate what the problem was. However, the bulletin is not sent
out and the following error message keeps coming up in the mail.log:
Nov 10 15:37:52 garfield popper[6950]: Bulletin 00001.DNS_failure does not start with a valid "From " separator
I've stared at the bulletin and as far as I can tell I have a
valid header:
>From root_at_cs.wsc.ma.edu Mon Nov 9 12:49:00 1998
Date: Mon, 9 Nov 1998 12:49:00 -0500 (EST)
From: <root_at_cs.wsc.ma.edu>
Subject: DNS service out
To all UNIX e-mail users,
The Domain Name Service in the Computer Center failed over the
weekend. This caused pop mail service to fail on UNIX. Rich is
checking why the secondary DNS server did not kick in. Sorry for the
inconvenience.
Larry
Any clues as to what is causing the message?
Larry
============================================================================
Larry Griffith Dept. of Computer & Info Science
larry_at_cs.wsc.ma.edu Westfield State College
(413) 572-5294 Westfield, MA 01086 USA
PGP public key available at: http://cs.wsc.ma.edu/dcis/griffith.html
NOTE NEW E-MAIL ADDRESS!!
============================================================================
Received on Mon Nov 30 1998 - 14:05:18 NZDT