\documentclass[a4paper,12pt]{article} \usepackage[margin=15mm]{geometry} \begin{document} Codecon at central coast. Gosford exit, Peats Ridge Road. Software freedom day. Enlightenment 17 very nice. Trademark: Everything Linux hassled about it. Mad Dog spending much on protecting trademark. \$200--\$300. If not protect it, lose it. little R---acknowledge Linus owns the trademark. Jeremy wrote the letter as would to any other company. Looks like spam! Jeremy is a Debian developer, is legal council for Linux Australia. There is a lot of contention about the name Linux. Much of Mad Dog's money went into rescuing the trade mark. Cache time for gpg documentation tells you how to disable it. Saturday 10 September is software freedom day. SLUG a room at UTS: 500 CDs, balloons, tatoos, other cool stuff. version 3.0. Open CD. Need IDE 15GB disks for Mad Dog's computer. \section{XFCE} \label{sec:xfce} Lindsay Holmwood: muso, wireless modular, GTK2, C, standards compliant (free desktop) kiok mode, python, C++ bindings, core libraries in C. \item Lots of translations (40) \item Late 1996, based on CDE \item XForms Common Environment \item XForms was one of the original x toolkits \item jan 2005: 4.2 \item March 1999: 3, using GTK1.2 \item Mouse: small and fast \item Graphics Chuck Mead LPI \item libxfce4util, 2 other libs \item xfce-mcs-plugins: lightweight: backend config in XML \item runs in background \item graphical dialogs to manage config \item xfce4-session manager: controls starting, stopping aplications. \item saves applications when log back in. Not in former running state, just starts them up. \item xfcem4 window manager \item winsow placement, keyboard shortcuts \item xfce4-panel: \begin{itemize} \item like MAC OS X doc, but very extensible. \item can make it look however. \item suports transparency. \item autohide \item mail checker \item CAN I PUT IN THE CORNER? \end{itemize} \item xfcedesktop: \begin{itemize} \item desktop manager \item root menu, workspace menu, Xinerama, no icons on desktop: but support in development version. \item gradings, saturation \item Could run nautilus instead of xfcedesktop \item icons in unstable: plu in with file manager, as expect \end{itemize} \item xfce4-utils \begin{itemize} \item taskbar \item about \item scripts: startxfce4, xfhelpt, xflock4, xfmount... \item users guide \item Can start gnome-terminal or xterm (xfterm4) \item lock wrapper if want lock screen \end{itemize} \item xffm \begin{itemize} \item fast file manager \item mount, unmount \end{itemize} \item xfprint4/xfprint-manager \begin{itemize} \item print job manager \item pirnter configurator \item cups, BSD, LPRng \end{itemize} \item xfce4-mixer \item xfce4-systray \item xfce4-toys \begin{itemize} \item utilities: xeyes, fortune \end{itemize} \item Can mix and match: e.g., from term, killall xfcedesktop, start up nautilus, and from then on it will work \item terminal on desktop 1, browser on terminal 2, \ldots \item config in XML. \item CONIFG: \item GLOBAL: \$sysconfigdir/xdg/xfce4 \item USER ~/.config/xfce4 \item xfcalendar in config \subsection{Kiosk mode} \begin{itemize} \item lock individual components \item xfce4-panel, xfce4-session, xfdesktop restrictable \end{itemize} OTHER PROJECTS \begin{itemize} \item Xfmedia \item Terminal: packaged in Debian as Terminal \item Mousepad: lightwieght leafpad \item Thunar \end{itemize} LANGUAGE BINDINGS \begin{itemize} \item pyxfce: python \item Xfce Foundation Classes \item C++ bindings \end{itemize} DEVELOPMENT \begin{itemize} \item bug tracker \item subversion since 4 months ago \item Now you can do: \begin{itemize} \item documentation \item language translations \item artwork \item panel lugins \item develop using pyxfce and Xfc! \item Thunar \end{itemize} DOCS \begin{itemize} \item xfhelp4 \item FAQ \item #xfce4 on freenode \item Xfce Wiki, forum, DevBlog: wordpress blog. \end{itemize} FUTURE: \begin{itemize} \item code cleanups \item icons on desktop \item panel rewrite \item integration with Gnome applets \item Thunar file manager. \begin{itemize} \item Aims to me minimal, but contains many options. \item Many use rox file manager. \end{itemize} \item applications written in higher level languages \item an Xfce distro? \end{itemize} WHERE? \begin{itemize} \item Oc-cillation \item Xfld --- not nice \end{itemize} Q & Ahat \begin{itemize} \item small fonts: \begin{itemize} \item user interface \item Could be low level X \item \end{itemize} \item Get panel in the corner? \begin{itemize} \item \end{itemize} \item Size \begin{itemize} \item small memory footprint: small cf Gnome. 5--6MB or even smaller. Gnome is bigger. \end{itemize} \item Ubuntu works nicely with XFCE. \item If use Gnome stuff, lose the size advantage? \item HP thin clients use XFCE in cafes. \item 500 desktops in company \item Terminal in red \end{itemize} \section{OpenLDAP security made simple} \begin{itemize} \item Used OpenLDAP for 10 months \item using openssl and cyrus \item ACAY Network computing \item Fujitsu: selling Cisco, NCR: Papua New Guinea \item http://toshiba.example.com.au/horde/export/slug \item Account management a problem \item OpenLDAP a solution \item 1988 at Uni of Michigan. Version 2 in 1995, released to the public \item 1997 version 3 completed. \item Security supported using SLL and SASL. \item LDAP cf relational database: \begin{itemize} \item enter once, read very often \item relational database, modify often. \item entries in directory descriptive; in rdbms quantitative \item Account balance, calculate in rdbms \item data in rows, in rdbms \item replication in LDAP --- increase capacity \item FC3 SLAPD, KrbSkdc (Kerberos 5) \item Bluetooth wireless running TCP/IP connection \item Bind: \begin{itemize} \item anonymous bind: not using a dn (registered user name) \item \texttt{ldapwhoami -x} \item response: anonymous \item protected anonymous bind \begin{itemize} \item no DN and encrypted data \item ldapwhoami -x -Z response: anonymous \item \begin{verbatim} ldapwhoami -x -H ldaps://tecra8100.example.com.au/ \end{verbatim} \item PHP LDAP admin: a useful tool \end{itemize} \end{itemize} \end{itemize} \item security not mandated by RFC 2251 \item simple bind: \begin{itemize} \item DN + data + secret key. \item ldapwhoami -x -D "uid=oscarp,ou=people,dc=example,dc=com" -w password \item can add this to the above: -H ldap://tecra8100.example.com.au \item \end{itemize} \item SASL plain bind: using cyrus SASL: \begin{itemize} \item \begin{verbatim} $ ldapwhoami -Y plain -Z -U oscarp -w password SASL/plain authentication started SASL username: oscarp SASL SSF: 0 \end{verbatim} \item Cannot connect plain unless encypt (need -Z) \item SASL: authentication and authorisation: -X \begin{verbatim} $ ldapwhoami -Y login -Z -X oscarp -w password SASL/LOGIN authentication started SASL username: oscarp SASL SSF: 0 dn:uid=oscarp,ou=people,dc=example,dc=com,dc=au \end{verbatim} \item For old applications \item Same as plain \item For old applications, e.g, MS Outlook 4 \item Hijacking --- possible without encryption? \item authorisation: \end{itemize} \item Problem: secret key travels through network. \item SASL cram-md5 DN + sasl + encrypted data + shared secret \item server challenges client: give me your secret encrypted key \item Session does not expire \item sasl digest-md5 bind = DN + sasl + encrypted data + shared secret + session-key \item SASL gssapi bind = ticket-getting-ticket + sasl + encrypted data \begin{itemize} \item Need a trusted third party Kerberos server \item Ned get a ticket before use gssapi: \begin{verbatim} kinit root Password for root@EXAMPLE>COM>AU: # klist TIcket cache: FILE:/tmp/krb.. ldapwhoami -Y gssapi kinit oscarp \end{verbatim} \end{itemize} \item SASL NTLM: Bind with SASL for MS systems. \end{itemize} \subsection{Organisation within LDAP} \begin{itemize} \item Entry corresponds to a record \item Entry is globally unique \item Objectclass is a grouping of fields in an entry \item attribute is a single data item, i.e., a field \item The ``IETF way'': using domain name components (RFC 2247) \item \end{itemize} \subsection{Cyrus SASL setup} \begin{itemize} \begin{verbatim} sasl-host tecra8100.example.com.au sasl_realm EXAMPLE.COM>AU password-has {CLEARTEXT} sasl-regexp "uid=(.*),cd=ntlm,cd=auth" "ldap://ou=People,dc=example,dc=com,dc=au \end{verbatim} \item sasl-host \item Testing validity of certificates: \end{itemize} \end{document}