Svend/ blog/ tag/ debian
Gnome administration with user password

Because I manually installed Gnome, sudo, and disabled the root password after installing Debian, I was unable to use Gnome's administration applications. When I ran anything under the Administration menu, I would get a prompt: "Enter the administrative password".

The solution was to change the gconf key /apps/gksu/sudo-mode to true. I changed this in my own gconf DB, not the system DB, but either place should work.

According to Debian bug 57070, sudo-mode will be set automatically if Gnome is installed when the Debian installer is run.

Update

The user-setup-apply script in the user-setup package is responsible for setting up gksu. (See bug 481689.) Here are equivalent commands that can be run after the system is already installed.

sudo update-alternatives --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
sudo update-gconf-defaults
Posted Wed 24 Mar 2010 11:34:43 AM PDT Tags: debian
qemu-kvm in Debian unstable

Version 0.11.0 of qemu-kvm is now available in Debian unstable.

Posted Wed 18 Nov 2009 03:24:30 PM PST Tags: debian
Verifying the backports.org GPG key

How to download, verify, and install the backports.org GPG key.

These instructions are adapted from the DebianEdu backports.org instructions.

1. Download backports GPG key

The key ID is on the backports website. We will save it to a temporary keyring.

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --keyserver hkp://subkeys.pgp.net \
      --recv-keys 16BA136C
gpg: keyring `/tmp/backports.gpg' created
gpg: requesting key 16BA136C from hkp server subkeys.pgp.net
gpg: key 16BA136C: public key "Backports.org Archive Key <ftp-master@backports.org>" imported
gpg: public key of ultimately trusted key EF6CC3C1 not found
gpg: public key of ultimately trusted key 78733EF8 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Total number processed: 1
gpg:               imported: 1

2. Check the backports key's signatures

Check the signatures using the Debian developers keyring (part of the debian-keyring package).

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --keyring /usr/share/keyrings/debian-keyring.gpg \
      --check-sigs 16BA136C
pub   1024D/16BA136C 2005-08-21
uid                  Backports.org Archive Key <ftp-master@backports.org>
sig!         7E7B8AC9 2005-11-20  Joerg Jaspert <joerg@debian.org>
sig!3        16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>
sig!3        16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>
sub   2048g/5B82CECE 2005-08-21
sig!         16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>

3 signatures not checked due to missing keys

You can see three self-signatures, and one valid signature by a Debian developer.

3. Add the backports key to apt's keyring

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --export 16BA136C | 
      sudo apt-key add -
OK
Posted Tue 24 Feb 2009 01:01:29 PM PST Tags: debian
lenny-backports ready

lenny-backports is now active. wesnoth is the first package to be uploaded.

Posted Fri 20 Feb 2009 03:44:00 PM PST Tags: debian
Live CD updated to lenny

I have updated Debian Live SC to Debian 5.0 (lenny) from Debian 4.0 (etch).

Posted Fri 20 Feb 2009 11:05:51 AM PST Tags: debian
Live-helper autoconfig

I am now using live-helper's autoconfig with Debian Live SC.

commit 347c832f1bd3c1d54315ab597e7a8e8b6cfc9fd7
Author: Svend Sorensen
Date:   Wed Feb 18 12:25:17 2009 -0800

    Use autoconfig to build config files

 config/binary    |  154 ------------------------------------------------------
 config/bootstrap |   53 -------------------
 config/chroot    |   61 ---------------------
 config/common    |  123 -------------------------------------------
 config/source    |    9 ---
 scripts/config   |    7 +++
 6 files changed, 7 insertions(+), 400 deletions(-)

7 insertions(+), 400 deletions(-). Nice.

There is a good example of a live-helper config using autoconfig here.

Posted Wed 18 Feb 2009 01:42:31 PM PST Tags: debian
Lenny is the new stable

Debian version 5.0 (lenny) was released on Valentine's Day.

Posted Sun 15 Feb 2009 10:57:26 AM PST Tags: debian
Preseeding kernel on etch

I ran into bug 401652 while trying to preseed a bigmem kernel using the Debian etch 4.0r6 installer.

d-i base-installer/kernel/which-kernel select linux-image-2.6-686-bigmem

This was fixed (post etch) in base-installer 1.83. As a workaround, I added the kernel package to pkgsel/include.

d-i pkgsel/include string ilinux-image-2.6-686-bigmem
Posted Wed 04 Feb 2009 09:44:55 AM PST Tags: debian
Configuring Kerberos authentication

I kerberized the SSH, SMTP, and IMAP services on a Debian Etch server. Here are the configuration changes I made to each package to enable Kerberos authentication.

OpenSSH

Edit /etc/ssh/sshd_config, setting GSSAPIAuthentication yes.

Exim4 (SMTP)

The exim4-daemon-light package does not include the cyrus_sasl authentication driver. Install exim4-daemon-heavy.

Add the following to enable GSSAPI authentication in /etc/exim4/exim4.conf.template.

gssapi_sasl_server:
  driver = cyrus_sasl
  public_name = GSSAPI
  server_set_id = $auth1

Rebuild the exim4 configuration.

sudo update-exim4.conf

Point exim4 at the smtp keytab.

echo 'ENV="env -i LANG=C PATH=$PATH KRB5_KTNAME=/etc/smtp.keytab"' |
sudo tee -a /etc/default/exim4

Dovecot (IMAP)

Edit /etc/dovecot/dovecot.conf. Set the location of the imap keytab file:

auth_krb5_keytab = /etc/imap.keytab

Enable GSSAPI authentication:

mechanisms = gssapi
Posted Mon 05 Jan 2009 08:27:04 PM PST Tags: debian