r979 - in trunk: OLD PREVIOUS_FORMAT

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Sun Aug 7 19:55:32 PDT 2005


Author: tushar
Date: 2005-08-07 20:55:30 -0600 (Sun, 07 Aug 2005)
New Revision: 979

Added:
   trunk/OLD/automount.txt
   trunk/OLD/iproute2.txt
   trunk/OLD/kerberos.txt
   trunk/OLD/lzw_graphics.txt
   trunk/OLD/nfs.txt
   trunk/OLD/pam+shadow+cracklib.txt
   trunk/OLD/ppp-hint.txt
   trunk/OLD/sendmail-2.txt
   trunk/OLD/shadowpasswd_plus.txt
   trunk/OLD/shells.txt
Removed:
   trunk/PREVIOUS_FORMAT/automount.txt
   trunk/PREVIOUS_FORMAT/iproute2.txt
   trunk/PREVIOUS_FORMAT/kerberos.txt
   trunk/PREVIOUS_FORMAT/lzw_graphics.txt
   trunk/PREVIOUS_FORMAT/nfs.txt
   trunk/PREVIOUS_FORMAT/pam+shadow+cracklib.txt
   trunk/PREVIOUS_FORMAT/ppp-hint.txt
   trunk/PREVIOUS_FORMAT/sendmail.txt
   trunk/PREVIOUS_FORMAT/shadowpasswd_plus.txt
   trunk/PREVIOUS_FORMAT/shells.txt
Log:
Move really old hints to OLD

Copied: trunk/OLD/automount.txt (from rev 975, trunk/PREVIOUS_FORMAT/automount.txt)

Copied: trunk/OLD/iproute2.txt (from rev 975, trunk/PREVIOUS_FORMAT/iproute2.txt)

Copied: trunk/OLD/kerberos.txt (from rev 975, trunk/PREVIOUS_FORMAT/kerberos.txt)

Copied: trunk/OLD/lzw_graphics.txt (from rev 975, trunk/PREVIOUS_FORMAT/lzw_graphics.txt)

Copied: trunk/OLD/nfs.txt (from rev 975, trunk/PREVIOUS_FORMAT/nfs.txt)

Copied: trunk/OLD/pam+shadow+cracklib.txt (from rev 975, trunk/PREVIOUS_FORMAT/pam+shadow+cracklib.txt)

Copied: trunk/OLD/ppp-hint.txt (from rev 975, trunk/PREVIOUS_FORMAT/ppp-hint.txt)

Copied: trunk/OLD/sendmail-2.txt (from rev 975, trunk/PREVIOUS_FORMAT/sendmail.txt)

Copied: trunk/OLD/shadowpasswd_plus.txt (from rev 975, trunk/PREVIOUS_FORMAT/shadowpasswd_plus.txt)

Copied: trunk/OLD/shells.txt (from rev 975, trunk/PREVIOUS_FORMAT/shells.txt)

Deleted: trunk/PREVIOUS_FORMAT/automount.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/automount.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/automount.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,219 +0,0 @@
-TITLE:		Setting up Automount
-LFS VERSION:	Any
-AUTHOR:		R. Cort Tompkins <rtompkin at cs.odu.edu>
-SPECIAL THANKS TO:
-	Tan Siong Hua <stsh at pd.jaring.my>
-
-SYNOPSIS:
-	The mounting and unmounting of removable media is a tedious task, 
-especially when it needs to be done by unprivileged users.  Automount is a 
-utility that will automatically unmount specified devices after a given 
-interval, and then remount them automatically upon subsequent access.  This 
-makes the mount/unmount process relatively transparent to the end user.  
-
-HINT:
-To get started you'll need a few things:
-1) Automount support in the kernel.  This is compiled into the kernel by 
-default unless you explicitly removed it during kernel configuration.  If this 
-is the case, reconfigure your kernel (i.e. "make menuconfig" in your kernel 
-source directory) and enable Automount v4 as a built-in feature under the 
-"File Systems" heading.
-
-2) The automount user utilities.  Download the latest version 3 utilities from 
-ftp://ftp.kernel.org/pub/linux/daemons/autofs (autofs-3.1.7.tar.bz2 at the time
-of this writing).  Extract this archive and cd into it.  Before compilation
-and installation, we'll take preemptive action to stop a compile-time error:
-
-	$ cp modules/lookup_program.c modules/lookup_program.c.old
-	$ sed "s/OPEN_MAX/FOPEN_MAX/" modules/lookup_program.c.old > \ 
-	  modules/lookup_program.c
-
-	$ ./configure --prefix=/usr --sbindir=/sbin
-	$ make
-	$ make install
-
-If you look in the sample subdirectory, you'll find rc.autofs, a startup script
-designed to help automate the automounting process.  Use this if you wish, but 
-I will give instructions for creating a slightly simpler script which should 
-help you better understand the workings of automount.
-
-First we'll create the script itself, as root:
-
-$ cat > /etc/rc.d/init.d/auto_mount << "EOF"
-#!/bin/bash
-# Begin /etc/rc.d/init.d/auto_mount
-#
-# Automount script by Cort Tompkins - rtompkin at cs.odu.edu, derived
-# from ethnet script by Gerard Beekmans - gerard at linuxfromscratch.org
-
-source /etc/rc.d/init.d/functions
-
-case "$1" in
-	start)
-
-	for mountspec in $(/bin/ls /etc/sysconfig/automount-config/*.auto)
-	do
-		source $mountspec
-		MOUNT_BASE=${mountspec%.auto}
-		echo "Starting automount for group ${MOUNT_BASE##*/}  ..."
-		/sbin/automount --timeout=${TIMEOUT} $MOUNTPOINT file \
-		$MOUNT_BASE.map
-		evaluate_retval
-	done
-	;;
-	
-	# assume all instances of automount were started by this script
-	stop)
-		echo -n "Stopping automount ..."
-		# Unmount everything mounted by automount
-		/bin/killall -USR1 automount
-		/bin/killall automount
-		evaluate_retval
-		;;
-	restart)
-		$0 stop
-		sleep 1
-		$0 start
-		;;
-	*)
-		echo "Usage: $0 {start|stop|restart}"
-		exit 1
-		;;
-esac
-# End /etc/rc.d/init.d/auto_mount
-EOF
-
-Please resist the temptation to name the startup script "automount."  This
-means that the script will get the same kill signals we send to automount
-proper.
-
-Give the script proper permissions:
-$ chmod 754 /etc/rc.d/init.d/auto_mount
-
-Since I use automount for network shares, I only want it to be running when
-in a networkable state.  On the very rare occasion that you find yourself in
-an unnetworked runlevel, you can always mount your removable devices manually.
-$ cd /etc/rc.d
-$ for rl in $(seq 0 2; echo 6); do
-  > cd rc${rl}.d 
-  > ln -s ../init.d/auto_mount K45auto_mount
-  > cd ..
-  > done
-$ for rl in $(seq 3 5); do
-  > cd rc${rl}.d
-  > ln -s ../init.d/auto_mount S25auto_mount
-  > cd ..
-  > done
-
-Create the sysconfig directory that the script will use:
-$ mkdir /etc/sysconfig/automount-config
-
-Inside /etc/sysconfig/automount-config/, you'll create pairs of files for each 
-group of devices you wish to automount.  The format of the files is as follows:
-
-xxxx.auto:
-MOUNTPOINT=/path/to/mountdir
-TIMEOUT=999
-
-xxxx.map:
-MOUNTNAME	-fstype=FSTYPE[,OPTIONS]	:/path/to/device
-MOUNTNAME	-fstype=FSTYPE[,OPTIONS]	:/path/to/device
-
-DO NOT create the "MOUNTNAME" directory under the "MOUNTPOINT" yourself.
-Automount will create and remove this directory as needed.
-
-The format of the .auto files is arbitrarily determined by the workings of the 
-auto_mount script; more information on the format of the .map files can be 
-found using "man 5 autofs".  The OPTIONS used in the .map file are the same 
-options you would pass to mount with the -o flag.  Note that you can have 
-multiple entries in a .map file, but they will all assume the same mountpoint 
-and timeout specified in the corresponding .auto file of the same prefix.  The 
-auto_mount script can handle any number of .map/.auto pairs (so long as the 
-pairs both have the same prefix).  Here are some examples:
-
---
-cdrom.auto:
-MOUNTPOINT=/mnt
-TIMEOUT=5
-
-cdrom.map:
-cd	-fstype=iso9660,ro	:/dev/cdrom
---
-The above pair will automount /dev/cdrom at /mnt/cd with a timeout of 5 
-seconds.  This means that after five seconds of inactivity the cdrom device will
-be automatically unmounted, allowing you to put in a new CD to be automatically
-remounted upon subsequent access.  You can verify this after initializing
-automount:
-
-$ ls /mnt/cd; mount
-
-You will see that the cdrom is mounted. Wait five seconds.
-
-$ mount
-
-If everything is working properly, automount will have unmounted the cdrom.
-Subsequent access to /mnt/cd will cause it to be remounted.
-
-Most CD drives lock their CD trays while mounted, preventing you from removing 
-the media while the drive is mounted.  Floppy drives, on the other hand, have 
-no such protection; it is best to keep their timeout value as small as possible:
---
-floppy.auto:
-MOUNTPOINT=/mnt
-TIMEOUT=1
-
-floppy.map:
-flop	-fstype=auto	:/dev/fd0
---
-This mounts the floppy drive at /mnt/flop.  Note that a timeout of 0 will 
-disable the automatic unmounting altogether.  
-
-Automount can also be used to mount network shares:
---
-samba.auto:
-MOUNTPOINT=/smb/win2kbox
-TIMEOUT=300
-
-samba.map:
-c -fstype=smbfs,username=samba,password=xxxx	://win2kbox/c
-d -fstype=smbfs,username=samba,password=xxxx	://win2kbox/d
---
-The two samba shares specified will be automounted at /smb/win2kbox/c and 
-/smb/win2kbox/d
-
-One final note of caution (from the autofs man page):
-
-UNSUPPORTED:
-   The  automounter  does  not  support  direct  maps or mount
-   trees (more than one file system to be mounted under a spe-
-   cific automount point)...
-
-This (unfortunately) means that you can't have separate 
-.auto/.map pairs with the same MOUNTPOINT.  Thus, the individual
-floppy and cdrom examples used above cannot be used together!  The
-best alternative in this case is to combine them into one file pair:
-
---
-removables.auto:
-MOUNTPOINT=/mnt
-TIMEOUT=1
-
-removable.map:
-cd	-fstype=iso9660,ro	:/dev/cdrom
-flop	-fstype=auto	:/dev/fd0
---
-
-The more adventurous among you may also consider compiling and 
-installing automount v4 (beta). Its compilation and installation 
-is virtually identical to that outlined above, with the 
-exception of the patching of lookup_module.c (the first block of 
-commands).  Upgrading is as simple as:
-
-	$ tar xvfj autofs-4.0.0pre10.tar.bz2
-	$ cd autofs-4.0.0pre10
-	$ ./configure --prefix=/usr --sbindir=/sbin && make &&
-	  make install
-	$ /etc/rc.d/init.d/auto_mount restart
-
-Feel free to e-mail me with questions or suggestions.
-

Deleted: trunk/PREVIOUS_FORMAT/iproute2.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/iproute2.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/iproute2.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,344 +0,0 @@
-TITLE:		Iproute2 and traffic shaping
-LFS VERSION:	Kernel 2.4.20 and later versions
-AUTHOR:		Marcos Zapata <zeta11 at hotpop.com>
-VERSION:		2003/08/20
-
-SYNOPSIS:
-    How to compile iproute2 and some basic traffic shaping scripts for your LFS.
-
-HINT:
-Most linux distributions are starting to provide the iproute2 package,
-because of the new redesigned network subsystem implemented in kernels 2.2 and
-up. The old comands 'ifconfig' and 'route' are now been deprecated because of
-their faulty and unexpected behaviour under these kernels.
-It was written by Alexey Kuznetsov, who also wrote the routing code of the
-kernels 2.2 and up. This new routing and filtering code provides many advantages
-and features that weren't available before, and ip/tc are the tools to handle
-it. I won't be explaining traffic shaping with CBQ and HTB, just how to get them
-for your LFS. You'll find some links in references.
-
-
-This package requires db. If you don't have it, you can get it at
-www.sleepycat.com. For example: db-4.1.25 (actually, I've been using db-4.0.14
-without any problem), from:
-
-http://www.sleepycat.com/update/snapshot/db-4.1.25.tar.gz
-
-tar -zxvf db-4.1.25.tar.gz
-cd db-4.1.25/dist
-./configure --prefix=/usr --enable-compat185
-make
-make install
-
-now, we can continue with iproute2.
-
-
-Where to download it?
-ftp://ftp.inr.ac.ru/ip-routing/
-
-For the purposites of this hint, I'll be using:
-iproute2-2.4.7-now-ss020116-try.tar.gz and kernel-2.4.20.
-
-Starting with kernel-2.4.20 you can find HTB and CBQ packet schedulers. If you
-plan to use an older kernel (not recommended) you'll need to apply a patch to
-support it. Either way we'll need to get the patch for iproute to handle HTB:
-
-http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
-
-The compiling and instalation of these tools is very strait-forward:
-
-tar -zxvf htb3.6-020525.tgz
-tar -zxvf iproute2-2.4.7-now-ss020116-try.tar.gz
-cd iproute2
-
-#apply the patch
-patch -Np1 < ../htb3.6_tc.diff
-
-#if you want, edit Makefile to change some values like KERNEL_INCLUDE or
-#SBINDIR. You shouldn't need to if you've built LFS.
-
-make
-make install
-
-If you didn't edit Makefile, the tools should be in /sbin, the conf. files in
-/etc/iproute2 and the docs in /usr/doc/iproute2. Sadly, it doesn't include any
-man pages, you'll need latex and sgmltools to read the docs. I advised you to
-read them, to fully understand and use these powerful tools.
-
-Ok, now that we have ip and tc with HTB support we need to recompile the kernel.
-With 'make menuconfig' under 'Networking options', enable netlink and filtering
-support, also tunneling and multicasting. To enable traffic shaping, enable all
-the options in 'Qos and/or fair queueing' as modules. The exact options names
-may vary for the different kernel versions. Compile the bzImage and modules,
-install, and remember to add this new kernel to your lilo or grub conf. to start
-with this new configuration.
-
-If you built LFS 3.1 (I guess it could work with previous versions) you need to
-change the boot scripts: localnet and network in /etc/rc.d/init.d.
-
-localnet:
-
-look  for 'loadproc ifconfig lo 127.0.0.1' in start), replace it with:
-ip addr add 127.0.0.1/8 dev lo
-ip link set lo up
-
-look for 'loadproc ifconfig lo down' in stop), replace it with:
-ip link set lo down
-ip addr del 127.0.0.1 dev lo
-
-look for 'ifconfig lo' in status), replace it with:
-ip addr show lo
-
-network:
-
-look for 'route add default gateway $GATEWAY metric 1 dev $GATEWAY_IF',...:
-ip route add default via $GATEWAY dev $GATEWAY_IF
-
-look for 'route del -net default', replace it with:
-ip route del default
-
-Also, the scripts in /etc/sysconfig/network-devices: ifdown and ifup.
-
-ifdown:
-
-look for 'ifconfig $1 down', replace it with:
-ip addr flush dev $1
-ip link set $1 down
-
-ifup:
-
-look for 'ifconfig $1 $IP netmask $NETMASK broadcast $BROADCAST',....:
-ip link set $1 up
-ip addr add $IP/$NETMASK broadcast $BROADCAST dev $1
-
-As you can see the ip command is very simple to use, and it's very similar to
-ifconfig and route. The only thing that changes is the NETMASK.
-
-You need to change NETMASK in /etc/sysconfig/network-devices/ifconfig.eth* :
-from 255.255.255.255 to 32
- ..  255.255.255.0   to 24
- ..  255.255.0.0     to 16
- ..  255.0.0.0       to 8
-
-so that ifconfig.eth0 (for example) looks something like this:
-ONBOOT=yes
-IP=192.168.100.254
-NETMASK=24
-BROADCAST=192.168.100.255
-
-
-Now, let's start with some traffic shaping scripts: cbq.init and/or htb.init
-and wondershaper.
-Both CBQ and HTB help you to control the use of the outbound bandwidth on a
-given link. Both allow you to use one physical link to simulate several slower
-links and to send different kinds of traffic on different simulated links.
-
-cbq.init:
-You can get it at http://sourceforge.net/projects/cbqinit. From one of the
-mirrors at:
-
-http://heanet.dl.sourceforge.net/sourceforge/cbqinit/cbq.init-v0.7.2
-
-mv cbq.init-v0.7.2 cbq.init
-chmod a+x cbq.init
-cp cbq.init /etc/rc.d/init.d
-mkdir /etc/sysconfig/cbq
-
-Remeber to add the symlinks in /etc/rc.d/rc*.d. All the explanations of this
-tool are in script: how it works, parameters, and a sample.
-
-htb.init:
-It's derived from cbq.init that allows for easy setup of HTB-based traffic
-control on Linux. You can get it at http://sourceforge.net/projects/htbinit. One
-of the mirros:
-
-http://keihanna.dl.sourceforge.net/sourceforge/htbinit/htb.init-v0.8.4
-
-mv htb.init-v0.8.4 htb.init
-chmod a+x htb.init
-cp htb.init /etc/rc.d/init.d
-mkdir /etc/sysconfig/htb
-
-Remember to add the symlinks in /etc/rc.d/rc*.d. Just like cbq, you can find all
-you need inside the script.
-
-You can use either one of them. CBQ is older, but it's still widely used. HTB is
-easier and more accurate.
-
-Wondershaper:
-I have a very crapy dsl conection and it really help me: mantaining low latency
-for interactive traffic and surfing while uploading.
-We can get it at:
-
-http://lartc.org/wondershaper/wondershaper-1.1a.tar.gz
-
-tar -zxvf wondershaper-1.1a.tar.gz
-cd wondershaper-1.1a
-
-There are two versions of the script, for CBQ and HTB. To start, you'll need to
-modify at the beginning: DOWNLINK, UPLINK and DEV. You'll also find a README in
-the same directory, please read it, it will help you understand what it really
-does and how to fine tunning it. Afterwards, to get them ready:
-
-cp wshaper wshaper.htb /usr/sbin
-
-That's it. You can reboot now and start using your LFS with these new tools.
-You shouldn't have much trouble setting it up. Good luck.
-
-
-REFERENCES:
-http://lartc.org/lartc.txt	Linux Advanced Routing & Traffic Control:
-http://luxik.cdi.cz/~devik/qos/htb/	HTB Home page
-
-
-THANKS:
-Daniel Thaler <daniel at dthaler.de>:	db headers, tc (wondershaper)
-lfs at vs.megalink.ru:	db headers
-DJ Lucas <dj_me at swbell.net>:	db headers
-Samual Walters <saltwater at madasafish.com>: db headers
-Diego Saravia <dsa at unsa.edu.ar>
-( Sorry for taking so long to correct the hint. )
-
-
-
-EXTRA: Automatic generation of broadcast addresses with LFS
-I was not sure to include this but here it goes, if it can be of any use...
-I was tired of calculating broadcast addresses, so i decided to modify the ifup
-script from LFS to do just that. It's not very clean and surely not the
-paradigm of programming but it works just fine. You've been warned!
-
-You need bc. Get it at:
-
-ftp://ftp.gnu.org/gnu/bc/bc-1.06.tar.gz
-
-tar -zxvf bc-1.06.tar.gz
-cd bc-1.06
-./configure --prefix=/usr
-make
-make install
-
-and rpncalc at:
-
-http://ftp.debian.org/debian/pool/main/r/rpncalc/rpncalc_1.33.3.tar.gz
-
-tar -zxvf rpncalc_1.33.3.tar.gz
-cd rpncalc-1.33.3
-./configure --prefix=/usr
-make
-make MKINSTALLDIRS=mkinstalldirs install
-
-The script:
-
----/etc/sysconfig/network-devices/ifup---
-
-#!/bin/sh
-
-source /etc/sysconfig/rc
-source $rc_functions
-source $network_devices/ifconfig.$1
-
-if [ -f $network_devices/ifup-$1 ]
-then
-	$network_devices/ifup-$1
-else
-	if [ -z $IP ]
-	then
-		echo "IP variable missing for ifconfig.$1, cannot continue"
-		exit 1
-	fi
-
-	if [ -z $NETMASK ]
-	then
-		echo -n "NETMASK variable missing for ifconfig.$1, "
-		echo "using 255.255.255.0"
-		NETMASK=255.255.255.0
-	fi
-
-        if [ "`echo "$NETMASK" | grep "\."`" ]; then
-	  MASK=0
-	  for i in `seq 1 4`; do
-	    OC=`echo "$NETMASK" | cut -d'.' -f$i`
-	    for j in `seq 0 7`; do
-	      BIN=`echo "256-2^$j" | bc`
-	      if [ $BIN == $OC ]; then
-	        k=`echo "8-$j" | bc`
-		let MASK=MASK+$k
-		break
-	      fi
-	    done
-	  done
-	else
-	  MASK=$NETMASK
-	fi
-
-	if [ -z $BROADCAST ]
-	then
-	    if [ $MASK -lt 24 ]; then
-		# Good luck!
-		NETMASK=""
-		MSK=$MASK
-		DIF=`echo "256-2^(8-$MASK%8)" | bc`
-		for i in `seq 1 4`; do
-	          let MSK=MSK-8
-		  if [ $MSK -gt -1 ]; then
-		    NETMASK=$NETMASK.255
-		  else
-		  if [ $MSK -lt -8 ]; then
-		    NETMASK=$NETMASK.0
-		  else
-		    NETMASK=$NETMASK.$DIF
-		  fi
-		fi
-		done
-		NETMASK=`echo "$NETMASK" | sed -e "s/^.//"`
-
-		BROADCAST=""
-		for i in `seq 1 4`; do
-		    OC=`echo "$IP" | cut -d'.' -f$i`
-		    OC2=`echo "$NETMASK" | cut -d'.' -f$i`
-		    BROADCAST="$BROADCAST.`echo "$OC 255 $OC2 xor or" | rpncalc | cut -d' ' -f3`"
-		done
-		BROADCAST=`echo "$BROADCAST" | sed -e "s/^.//"`
-	    else
-		# Calculo automatico solo para redes C
-		CAN=`echo "2^($MASK-24)" | bc`
-		OCTIP=`echo "$IP" | cut -d'.' -f4`
-		OCT3IP=`echo "$IP" | cut -d'.' -f-3`
-		BROADCAST=""
-
-		for i in `seq 1 $CAN`; do
-		  RED=`echo "256/$CAN*($i-1)" | bc`
-		  BROAD=`echo "$RED+256/$CAN-1" | bc`
-		  if [ $OCTIP -gt $RED -a $BROAD -gt $OCTIP ]; then
-		      BROADCAST="$OCT3IP.$BROAD"
-		      break
-		  fi
-		done  
-	    fi
-	fi
-	if [ -z $BROADCAST ]
-	then
-		echo "Cannot calculate broadcast for ifconfig.$1, something is wrong"
-		echo "Please check your IP=$IP and NETMASK=$MASK variables"
-		exit 1
-	fi
-
-	echo "Bringing up the $1 interface..."
-	ip link set $1 up
-	ip addr add $IP/$MASK broadcast $BROADCAST dev $1
-	evaluate_retval
-fi
-
----/etc/sysconfig/network-devices/ifup---
-
-
-This script will calculate the correct broadcast address from the ip address
-and netmask. It will work with all kinds of classes: A, B and C. Although,
-it will only "check" for a valid broadcast address from /24 to /32 and as you
-can see, you can now use NETMASK in ifconfig.eth* with a full address like
-255.255.255.192 or 26. To use it just comment out BROADCAST in ifconfig.eth*.
-Good luck.
-
-
-
-Zeta

Deleted: trunk/PREVIOUS_FORMAT/kerberos.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/kerberos.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/kerberos.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,373 +0,0 @@
-TITLE:		Kerberos V
-LFS VERSION:	any
-AUTHOR:		Succendo Fornacalis <succendo at atlaswebmail.com>
-
-SYNOPSIS:
-	Installing Kerberos V on clients and the KDC
-
-HINT:
-So, you want to run Kerberos eh? Or just curious what Kerberos is? Well in such
-a case I will give you my explanation of Kerberos. Kerberos is an authentication
-method developed by MIT that is based on tickets. Tickets, as you may know, are
-used in place of the users password, as well as very strong encryption to
-services like telnet. The Tickets are given out by a Key Distribution Center
-(KDC) and then used for authenticating to any other server within it's realm.
-So, in short, users send their password to the KDC, The KDC then gives them a
-Ticket granting Ticket or TGT encrypted using their password as the key. If
-their password is bad, then the TGT will be bogus.  The TGT which expires at a
-given time, permits the client to obtain additional tickets. This gives
-permission to a specific service.  If this hint is acward or just plain bad, let
-me know, or if I just suck at explaining something let me know that too, and
-I’ll make revision. I am, by no means, a writer so I’m sure this could be
-better. And with that, good luck.
-
-
-CONTENTS
-========
-
-  1. Introduction
-  2. Installing Kerberos
-  3. Creating Configs
-  4. Adding Support
-  5. Creating Bootscripts
-
-
-Software used/mentioned/etc in this hint
-========================================
-Kerberos V: http://web.MIT.edu/network/Kerberos-form.html
-Samba 2.2.2: ftp://ftp.samba.org/pub/samba/samba-2.2.2.tar.gz
-OpenSSL: http://www.openssl.org/source/openssl-0.9.6b.tar.gz
-SSH: ftp://ftp.ssh.com/pub/ssh/ssh-3.0.1.tar.gz 
-
-Installing Kerberos V
-=====================
-cd src &&
-/configure --prefix=/usr &&
-make distclean &&
-make &&
-make check &&
-make install
-
-If you want to keep everything after the LFS install seperatate, you can give it
-the prefix /usr/local. Just make sure you change the ./configure lines to
-/usr/local.
-
-This will compile the Kerberos tools, and a telnetd with kerberos support.
-
-Setting up KDC
-==============
-see man krb5.conf and man kdc.conf
-the config files are built much like a windows .ini file.  The realm is usually
-the domain in caps.  Below are commands that I used for my configs, only a few
-changes are needed.
-
-KDC Configuration:
-
-cat > /etc/krb5.conf << "EOF"
-[libdefaults]
-    ticket_lifetime = 600
-    default_realm = NOVASTAR.WOX.ORG
-    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
-    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
-
-[realms]
-    NOVASTAR.WOX.ORG = {
-        kdc = SockPuppet.novastar.wox.org:88
-        admin_server = SockPuppet.novastar.wox.org:749
-        default_domain = novastar.wox.org
-    }
-
-[domain_realm]
-    .novastar.wox.org = NOVASTAR.WOX.ORG
-    novastar.wox.org = NOVASTAR.WOX.ORG
-
-[logging]
-    kdc = FILE:/var/log/krb5kdc.log
-    admin_server = FILE:/var/log/kadmin.log
-    default = FILE:/var/log/krb5lib.log
-EOF
-
-cat > /etc/kdc.conf << "EOF"
-[kdcdefaults]
-    kdc_ports = 88,750
-
-[realms]
-    NOVASTAR.WOX.ORG = {
-        database_name = /usr/var/krb5kdc/principal
-        admin_keytab = /usr/var/krb5kdc/kadm5.keytab
-        acl_file = /usr/var/krb5kdc/kadm5.acl
-        dict_file = /usr/var/krb5kdc/kadm5.dict
-        key_stash_file = /usr/var/krb5kdc/.k5.NOVASTAR.WOX.ORG
-        kadmind_port = 749
-        max_life = 10h 0m 0s
-        max_renewable_life = 7d 0h 0m 0s
-        master_key_type = des3-hmac-sha1
-        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
-    }
-EOF
-
-To add Kerberos V4 support, add des-cbc-crc:v4 to the supported_enctypes line.
-
-add Kerberos to /etc/services with these commandi (note that there daemons can
-be run an any server within the relm):
-
-echo "kerberos      88/udp    kdc    # Kerberos V5 KDC" >>/etc/services
-echo "kerberos      88/tcp    kdc    # Kerberos V5 KDC" >>/etc/services
-echo "klogin        543/tcp          # Kerberos authenticated rlogin"
->>/etc/services
-echo "kshell        544/tcp   cmd    # and remote shell" >>/etc/services
-echo "kerberos-adm  749/tcp          # Kerberos 5 admin/changepw"
->>/etc/services
-echo "kerberos-adm  749/udp          # Kerberos 5 admin/changepw"
->>/etc/services
-echo "krb5_prop     754/tcp          # Kerberos slave propagation"
->>/etc/services
-echo "eklogin       2105/tcp         # Kerberos auth. & encrypted rlogin"
->>/etc/services
-echo "krb524        4444/tcp         # Kerberos 5 to 4 ticket translator"
->>/etc/services
-
-add Kerberos servers to inetd.conf with these commands. This only allows
-authentification through kerberos if you want to allow nono kerberos access to
-telnet (why?) ftp sh etc. have a look at the man pages (make sure you find and
-remove ftp, telnet, shell, login, and exec from you're config)
-
-echo "klogin  stream  tcp  nowait  root  /usr/sbin/klogind klogind -k -c" >>
-/etc/inetd.conf
-echo "eklogin stream  tcp  nowait  root  /usr/sbin/klogind klogind -k -c -e" >>
-/etc/inetd.conf
-echo "kshell  stream  tcp  nowait  root  /usr/sbin/kshd kshd -k -c -A" >>
-/etc/inetd.conf
-echo "ftp     stream  tcp  nowait  root  /usr/sbin/ftpd ftpd -a" >>
-/etc/inetd.conf
-echo "telnet  stream  tcp  nowait  root  /usr/sbin/telnetd telnetd -a valid" >>
-/etc/inetd.conf
-
-
-Creating the database:
-the creation of the password database is more complex than I would like to cover
-in this hint, MIT has a great howto on the entire prosses at
-http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.2/doc/install.html#SEC42 
-
-
-Setting Up Clients
-==================
-cat > /etc/krb5.conf << "EOF"
-[libdefaults]
-    ticket_lifetime = 600
-    default_realm = NOVASTAR.WOX.ORG
-    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
-    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
-
-[realms]
-    NOVASTAR.WOX.ORG = {
-        kdc = SockPuppet.novastar.wox.org:88
-        admin_server = SockPuppet.novastar.wox.org:749
-        default_domain = novastar.wox.org
-    }
-
-[domain_realm]
-    .novastar.wox.org = NOVASTAR.WOX.ORG
-    novastar.wox.org = NOVASTAR.WOX.ORG
-EOF
-
-add Kerberos to /etc/services with these command:
-
-echo "kerberos      88/udp    kdc    # Kerberos V5 KDC" >>/etc/services
-echo "kerberos      88/tcp    kdc    # Kerberos V5 KDC" >>/etc/services
-echo "klogin        543/tcp          # Kerberos authenticated rlogin"
->>/etc/services
-echo "kshell        544/tcp   cmd    # and remote shell" >>/etc/services
-echo "kerberos-adm  749/tcp          # Kerberos 5 admin/changepw"
->>/etc/services
-echo "kerberos-adm  749/udp          # Kerberos 5 admin/changepw"
->>/etc/services
-echo "krb5_prop     754/tcp          # Kerberos slave propagation"
->>/etc/services
-echo "eklogin       2105/tcp         # Kerberos auth. & encrypted rlogin"
->>/etc/services
-echo "krb524        4444/tcp         # Kerberos 5 to 4 ticket translator"
->>/etc/services
-
-Adding Support
-==============
-in this section I assume you have openssl installed, if not, go for it. Samba is
-the only daemon that I have come accross in my search that has kerberos V
-suport, if you know of any others, let me know.
-
-Samba: 
-/configure --with-krb5=/usr --with-ssl &&
-make &&
-make install
-
-SSH: Unfortanatly OpenSSH (as of now) does not support Kerberos V. NOTE: SSH's
-support of Kerberos V is EXPERIMENTAL. I take no responsibility if it goes ape
-and eats you're dog. you have been warned.
-/configure --with-kerberos5=/usr --prefix=/usr &&
-make &&
-make install
-
-
-Creating Bootscripts
-====================
-this is the final step in our great adventure together. Creating the boot
-scripts for all of the daemons.
-
-cat > /etc/init.d/kdc << "EOF"
-#!/bin/sh
-# Begin /etc/init.d/kdc
-
-#
-# Include the functions declared in the /etc/init.d/functions file
-#
-
-source /etc/init.d/functions
-
-case "$1" in
-        start)
-                echo -n "Starting Kerberos KDC ..."
-                loadproc krb5kdc
-                ;;
-
-        stop)
-                echo -n "Stopping Kerberos KDC ..."
-                killproc krb5kdc
-                ;;
-
-        restart)
-                $0 stop
-                /usr/bin/sleep 1
-                $0 start
-                ;;
-
-        status)
-                statusproc krb5kdc
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|restart|status}"
-                exit 1
-                ;;
-
-esac
-
-# End /etc/init.d/kdc
-EOF
-
-cat > /etc/init.d/samba << "EOF"
-#!/bin/sh
-# Begin /etc/init.d/samba
-
-#
-# Include the functions declared in the /etc/init.d/functions file
-#
-
-source /etc/init.d/functions
-
-case "$1" in
-        start)
-                echo -n "Starting Samba ..."
-                loadproc /usr/local/samba/bin/smbd
-                ;;
-
-        stop)
-                echo -n "Stopping Samba ..."
-                killproc smbd
-                ;;
-
-        restart)
-                $0 stop
-                /usr/bin/sleep 1
-                $0 start
-                ;;
-
-        status)
-                statusproc smbd
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|restart|status}"
-                exit 1
-                ;;
-
-esac
-
-# End /etc/init.d/samba
-EOF
-
-cat > /etc/init.d/sshd << "EOF"
-#!/bin/sh
-# Begin /etc/init.d/ssh
-
-#
-# Include the functions declared in the /etc/init.d/functions file
-#
-
-source /etc/init.d/functions
-
-case "$1" in
-        start)
-                echo -n "Starting SSH ..."
-                loadproc sshd
-                ;;
-
-        stop)
-                echo -n "Stopping SSH ..."
-                killproc sshd
-                ;;
-
-        restart)
-                $0 stop
-                /usr/bin/sleep 1
-                $0 start
-                ;;
-
-        status)
-                statusproc sshd 
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|restart|status}"
-                exit 1
-                ;;
-
-esac
-
-# End /etc/init.d/ssh
-EOF
-
-chmod 754 /etc/init.d/kdc &&
-chmod 754 /etc/init.d/samba &&
-chmod 754 /etc/init.d/ssh &&
-ln -sf ../init.d/kdc /etc/rc0.d/K400kdc &&
-ln -sf ../init.d/kdc /etc/rc1.d/K400kdc &&
-ln -sf ../init.d/kdc /etc/rc2.d/K400kdc &&
-ln -sf ../init.d/kdc /etc/rc3.d/S600kdc &&
-ln -sf ../init.d/kdc /etc/rc4.d/S600kdc &&
-ln -sf ../init.d/kdc /etc/rc5.d/S600kdc &&
-ln -sf ../init.d/kdc /etc/rc6.d/K400kdc &&
-ln -sf ../init.d/samba /etc/rc0.d/K401samba &&
-ln -sf ../init.d/samba /etc/rc1.d/K401samba &&
-ln -sf ../init.d/samba /etc/rc2.d/K401samba &&
-ln -sf ../init.d/samba /etc/rc3.d/S601samba &&
-ln -sf ../init.d/samba /etc/rc4.d/S601samba &&
-ln -sf ../init.d/samba /etc/rc5.d/S601samba &&
-ln -sf ../init.d/samba /etc/rc6.d/K400samba &&
-ln -sf ../init.d/ssh /etc/rc0.d/K402ssh &&
-ln -sf ../init.d/ssh /etc/rc1.d/K402ssh &&
-ln -sf ../init.d/ssh /etc/rc2.d/K402ssh &&
-ln -sf ../init.d/ssh /etc/rc3.d/S602ssh &&
-ln -sf ../init.d/ssh /etc/rc4.d/S602ssh &&
-ln -sf ../init.d/ssh /etc/rc5.d/S602ssh &&
-ln -sf ../init.d/ssh /etc/rc6.d/K402ssh 
-
-
-Further Reading
-===========
-
-Apache hint: http://hints.linuxfromscratch.org/hints/apache+php4+sql.hint.txt
-Samba hint: http://hints.linuxfromscratch.org/hints/samba.txt
-MIT's Docs on Kerberos:
-http://web.mit.edu/kerberos/www/krb5-1.2/index.html#documentation
-
-

Deleted: trunk/PREVIOUS_FORMAT/lzw_graphics.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/lzw_graphics.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/lzw_graphics.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,158 +0,0 @@
-Title:		LZW Compression for Graphics Libraries in BLFS
-BLFS VERSION:	1.0
-Author:		Michael A. Peters <mpeters at mac.com>
-
-SYNOPSIS:
-	Adding LZW compression to graphics applications that can utilize it
-
-HINT:
-ver 1.0
-08/05/2003
-
-Contents
---------
-
-	0. Preface
-	1. Why care about LZW
-	2. Legal Issues
-	3. Giflib as replacement for libungif
-		3a. Makefile Issues
-	4. libtiff
-	5. gd library
-
-0. Preface
-----------
-	In the early 1980's a compression algorithm known as LZW emerged that
-	was very good at lossless compression of data. This algorithm was used
-	in a variety of software products, such as the UNIX compress command.
-
-	LZW was chosen as the compression algorithm for the CompuServe GIF image
-	format, as well as the TIFF image format. A free library emerged called
-	Giflib that allowed freeware and shareware authors to write programs for
-	the GIF image format, and as a result, the GIF image format became very
-	popular.
-
-	A company called Unisys existed that owned a patent on this algorithm,
-	but they did not complain until the GIF image format was already in very
-	wide use. At that point in time, they decided they wanted to charge a
-	very expensive licensing fee to use the LZW compression algorithm.
-
-	Since free software is free, this became a problem for the free software
-	industry. The result was that LZW was ripped out of several products.
-
-	This document tells you how to put it back in since many countries do
-	not recognize the Unisys software patent, and the patent is very close
-	to expiring in the U.S. if it has not expired already.
-
-1. Why Care About LZW
----------------------
-	The PNG image format has largely replaced the GIF image in the free
-	software world. However, the evil was not with LZW - but rather, with
-	the software patent that restricted its use without licensing.
-	
-	Since the compression algorithm itself is a very good one, there is no
-	reason not to use it where we can. Also, while PNG can be used as a
-	replacement for GIF, there is not really a suitable replacement for the
-	TIFF image format. Patching LZW support back into libtiff will allow the
-	creation of compressed TIFF images, and the compression makes a big
-	difference in the final file size.
-	
-2. Legal Issues
----------------
-	In some countries it may not be legal to use the LZW algorithm without
-	paying a license fee. To the best of my knowledge the patent expires in
-	June 2003 in the United States. However, I believe the patent does not
-	expire in Japan until June 2004. You are advised to follow your local
-	law with respect to using the LZW compression algorithm and any license
-	fees that you are required to pay to do so. You are also advised to
-	look up the patent expiration date yourself, rather than rely on the
-	information I provide. I am not a patent lawyer.
-	
-3. Giflib as replacement for libungif
--------------------------------------
-	libungif was written as a replacement for Giflib. libungif does not use
-	LZW but instead produces uncompressed GIF images. If you would rather
-	produce compressed GIF images, then build Giflib instead of libungif.
-	
-	Giflib 4.1.0 can be downloaded from:
-	http://ftp.rge.com/pub/multimedia/libungif/giflib-4.1.0.tar.gz
-	
-	Follow the same build instructions for libungif in the BLFS book.
-	
-3a. Makefile Issues
--------------------
-	Most configure scripts will find libgif in your library path and use
-	that if you don't have libungif install. This is not universally true.
-	Some packages, such as emacs, will specifically look for libungif.
-	
-	There are two ways to solve this issue. The first to make the following
-	symlinks in your /usr/lib directory:
-		ln -s libgif.a libungif.a
-		ln -s libgif.la libungif.la
-		ln -s libgif.so libungif.so
-		ln -s libgif.so.4 libungif.so.4
-		ln -s libgif.so.4.1.0 libungif.so.4.1.0
-
-	The second method, which is a little cleaner IMHO, is to modify the
-	configure scripts and Makefiles of the source to the software before
-	building it. For example, with emacs, there are two files that need
-	to be edited: configure and src/Makefile.in
-	
-	In both files you just need to change every reference of lungif to lgif:
-	
-	cp configure configure.orig &&
-	sed -e s?"ungif"?"gif"? < configure.orig > configure &&
-	cd src &&
-	cp Makefile.in Makefile.in.orig &&
-	sed -e s?"ungif"?"gif"? < Makefile.in.orig > Makefile.in &&
-	cd ..
-	
-	Then you can proceed to build as normal and emacs will use libgif.
-	
-4. libtiff
-----------
-	To put LZW compression back into libtiff, all you need to do is apply
-	the LZW Compression Kit to the source before building it.
-	You can download the kit from:
-	ftp://ftp.remotesensing.org/libtiff/libtiff-lzw-compression-kit-1.3.tar.gz
-	
-	The official instructions in the kit say:
-	"Just copy tif_lzw.c over the copy in libtiff and rebuild libtiff."
-	
-	In other words, unpack the libtiff source as you would while following
-	the BLFS instructions. Before you do anything else, also unpack the
-	libtiff-lzw-compression-kit and replace the tif_lzw.c file in the
-	libtiff source directory with the one in the compression kit.
-	
-	Then continue to build libtiff as described in the BLFS book.
-	
-5. gd library
--------------
-	Most applications that offer gif support will use libgif or libungif.
-	However, some applications will look for gif support in the gd library
-	and use gd for gif support if it finds it.
-	
-	The author of the gd library no longer includes any gif support in his
-	library. However, we can patch gif support (with LZW compression) back
-	into gif so that software that wants to use gd for gif support can find
-	it.
-	
-	The gd library can be downloaded from:
-	http://www.boutell.com/gd/http/gd-2.0.12.tar.gz
-	
-	The patch to the gd library can be downloaded from:
-	http://downloads.rhyme.com.au/gd/patch_gd2.0.12_gif_20030401.gz
-	
-	to build:
-	patch -p1 < ../patch_gd2.0.12_gif_20030401 &&
-	./configure --prefix=/usr &&
-	make &&
-	make install &&
-	/sbin/ldconfig
-	
-	It is best to build gd after building zlib, libpng, freetype2, libjpeg,
-	and XFree86 - as gd will use those libraries if configure finds them.
-
-	
-	
-	

Deleted: trunk/PREVIOUS_FORMAT/nfs.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/nfs.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/nfs.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,204 +0,0 @@
-TITLE:		Running an NFS Server on LFS
-LFS VERSION:	any
-AUTHOR:		Ian Chilton <ian at ichilton.co.uk>
-
-SYNOPSIS:
-	A while ago, I wrote an LFS-Hint on setting up an NFS server on an LFS system. There is now a much better way to do it, using the NFS code in the later kernels.
-
-HINT:
-KERNEL VERSION:	2.2.18+ or 2.4.0+
-
-NOTE:
-This is not a complete guide to using NFS...it is only ment as a quick
-introduction to compiling the packages.
-
-** There are some important security issues when using NFS **
-Please read: http://nfs.sourceforge.net/nfs-howto  for more info before
-you start using NFS.
-
-The author holds no responsibility for any loss or damage etc etc..
-
-
-First, we need TCP Wrappers:
-
-Download the following:
-http://files.ichilton.co.uk/nfs/tcp_wrappers_7.6.diff.gz
-http://files.ichilton.co.uk/nfs/tcp_wrappers_7.6.tar.gz
-
-Then do:
-tar xzvf tcp_wrappers_7.6.tar.gz
-cd tcp_wrappers_7.6
-zcat ../tcp_wrappers_7.6.diff.gz | patch -p1
-make REAL_DAEMON_DIR=/usr/sbin linux
-cp libwrap.a /usr/lib
-cp tcpd.h /usr/include
-cp safe_finger /usr/sbin
-cp tcpd /usr/sbin
-cp tcpdchk /usr/sbin
-cp tcpdmatch /usr/sbin
-cp try-from /usr/sbin
-
-
-Next we need the Portmapper:
-
-Download the following:
-http://files.ichilton.co.uk/nfs/portmap_5-1.diff.gz
-http://files.ichilton.co.uk/nfs/portmap_5.orig.tar.gz
-
-tar xzvf portmap_5.orig.tar.gz
-cd portmap_5beta
-zcat ../portmap_5-1.diff.gz | patch -p1
-make
-make install
-
-
-Now we do NFS Utils:
-
-Download:
-http://download.sourceforge.net/nfs/nfs-utils-0.2.1.tar.gz
-
-tar zxvf nfs-utils-0.2.1.tar.gz
-cd nfs-utils-0.2.1
-./configure --prefix=/usr
-make
-make install
-
-
-That's all the software we need. You should do the above on all clients
-and the server. You should also update to the latest util-linux package
-on the clients. This is available from:
-ftp://ftp.win.tue.nl/pub/linux/utils/util-linux/
-
-
-Now, we need to recompile the kernel.
-
-In the Filesystems -> Network Filesystems section on the kernel config,
-you should have the following:
-
-* NFS filesystem support
-   - NFS Version 3 filesystem support
-
-* NFS server support
-   - NFS Version 3 server support
-   - NFS server TCP support
-
-
-For the server, you should enable these:
-
-* NFS filesystem support
-   - NFS Version 3 filesystem support
-
-
-For the clients, you should enable these:
-* NFS server support
-   - NFS Version 3 server support
-
-
-Recompile and boot the new kernel.
-
-
-Then, we need an /etc/exports file.
-
-An example 'share' is:
-
-/home/ian 192.168.0.1(rw)
-
-
-The format is obvious:  /home/ian is the directory to share,
-192.168.0.1 is the client to share to, and rw is read-write mode.
-
-
-Then, on the server, start NFS...this is my startup script:
-
-#!/bin/sh
-# Begin /etc/init.d/nfs
-
-source /etc/init.d/functions
-
-case "$1" in
-        start)
-                echo -n "Starting RPC Portmapper"
-                loadproc /sbin/portmap
-                echo -n "Starting NFS"
-                loadproc /usr/sbin/rpc.mountd
-                loadproc /usr/sbin/rpc.nfsd 8
-                loadproc /usr/sbin/rpc.statd
-                ;;
-
-        stop)
-                echo -n "Stopping NFS"
-                killproc /usr/sbin/rpc.nfsd
-                killproc /usr/sbin/rpc.mountd
-
-                echo -n "Stopping Portmapper"
-                killproc /sbin/portmap
-                ;;
-
-        reload)
-                echo "Reloading NFS"
-                /usr/sbin/exportfs -ra
-                ;;
-
-        restart)
-                $0 stop
-                /usr/bin/sleep 1
-                $0 start
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|reload|restart}"
-                exit 1
-        ;;
-
-esac
-
-# End /etc/init.d/nfs
-
-
-
-On the workstations, you just need this:
-
-#!/bin/sh
-# Begin /etc/init.d/nfsclient
-
-source /etc/init.d/functions
-
-case "$1" in
-        start)
-                echo -n "Starting RPC Portmapper"
-                loadproc /sbin/portmap
-                echo -n "Starting statd for NFS" 
-                loadproc /usr/sbin/rpc.statd
-                ;;
-
-        stop)
-                echo -n "Stopping Portmapper"
-                killproc /sbin/portmap
-                ;;
-
-
-        restart)
-                $0 stop
-                /usr/bin/sleep 1
-                $0 start
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop}"
-                exit 1
-        ;;
-
-esac
-
-# End /etc/init.d/nfsclient
-
-
-Now all that remains is to mount the remote directory on the client:
-
-mount server:/home/ian /mntdir
-(or, I use mount -o rsize=8192,wsize=8192,hard,intr server:/home/ian
-/mntdir)
-
-See the new version of the NFS-HOWTO
-(http://nfs.sourceforge.net/nfs-howto) for more information.
-

Deleted: trunk/PREVIOUS_FORMAT/pam+shadow+cracklib.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/pam+shadow+cracklib.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/pam+shadow+cracklib.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,484 +0,0 @@
-TITLE:		Linux-PAM + CrackLib + Shadow
-LFS VERSION:	3.2+
-AUTHOR:		Ted Riley <reesonline at messages.to>
-
-SYNOPSIS:
-	How to configure cracklib, Linux-PAM and the Shadow suite
-
-HINT:
-
-CONTENTS
-========
-	 1. Introduction
-	 2. Changelog
-	 3. Resources
-	 4. CrackLib
-	 5. Linux-PAM
-	 6. Shadow
-	 7. PAM Configuration
-	 8. Trouble
-	 9. Other Programs
-	10. Closing
-
-
-INTRODUCTION
-============
-We're going to install cracklib, Linux-PAM and the shadow package, in
-that order.  (Shadow requires the PAM libraries, which require the
-cracklib libraries.)  This hint can be used if you already have an LFS
-installation in place or if you are installing LFS for the first time.
-Once the binaries are in place, we will create and/or modify the
-necessary configuration files to get everything up and running smoothly.
-Please note:  Do not log out until all the configuration files have been
-created, since you will not be able to log back in.  In fact, the safest
-thing to do is test your configurations in a separate virtual terminal
-before ending your session.
-
-
-CHANGELOG
-=========
-Current Version
-1.2 - 2002.06.10
-	Modified hint to work "in-line" with LFS installation
-	Replaced shadow patch with make flags
-	Replaced cracklib 'sed' command with make flags
-
-1.1 - 2002.05.31
-	Corrected directories in shadow patch
-	Added troubleshooting section
-	Added other programs section
-	Added /usr/share/dict/words symbolic link and explained
-
-1.0 - 2002.05.07
-	Updated explanation of shadow/PAM incompatibility
-	Cosmetic/grammatical changes
-
-0.9 - 2002.04.28
-	Original draft
-
-
-RESOURCES
-=========
-You will need the following packages:
-
-cracklib (2.7 as of this hint):
-   http://www.users.dircon.co.uk/~crypto/download/cracklib,2.7.tgz
-NOTE: That is not a typo; that is a comma.
-
-a dictionary:
-   http://www.cotse.com/wordlists/allwords
-NOTE: This website also has a dictionary called 'cracklib' but it is
-15.6MB compared to 'allwords' which is 467KB.  I have had cracklib
-seg fault with the larger dictionary, but not with the smaller.  I know
-others (with better systems than mine) who have used the 'cracklib'
-dictionary successfully.  Your mileage may vary.
-
-Linux-PAM (0.75 as of this hint):
-   http://wwww.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.75.tar.gz
-NOTE: There is a cracklib-files.tgz here.  DO NOT USE IT.  This version
-of cracklib appears to be 2.5.1, which has a known vulnerability
-(see http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib)
-
-Shadow (4.0.3 as of this hint):
-   ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.3.tar.gz
-NOTE: There is no note for this one; insert humor attempt here.
-
-
-CRACKLIB
-========
-The following assumes that you downloaded the 'allwords' dictionary.
-If you chose a different one, you will have to change the commands
-below to match.
-
-From the directory where you downloaded the dictionary:
-	
-cp allwords /usr/share/dict/ &&
-cd /usr/share/dict &&
-ln -s allwords words
-
-One note about the above commands:  Traditionally, the /usr/share/dict
-directory had only one file: words.  The FHS standard does not prohibit
-other files from being here as long as they are wordlists as well.  I
-like to remember what dictionary I used, which is why I do not simply
-rename 'allwords' to 'words.'  Creating the link to 'words' helps other
-programs which might look in the standard location for a dictionary
-(that is, the '/usr/share/dict/words' file).
-
-Next, in the cracklib directory, we need to create a couple files:
-	
-cat >> crack.h << "EOF"
-#ifndef CRACKLIB_H
-#define CRACKLIB_H
-/* Pass this function a password (pw) and a path to the
- * dictionaries (/usr/lib/cracklib_dict should be specified)
- * and it will either return a NULL string, meaning that the
- * password is good, or a pointer to a string that explains the
- * problem with the password.
- * You must link with -lcrack
- */
-extern char *FascistCheck(char *pw, char *dictpath);
-#endif
-EOF
-
-cat >> util/create_cracklib_dict << "EOF"
-#!/bin/sh
-if [ -z "$*" ]; then
-	echo "Usage:"
-	echo "  $0 wordlist ..."
-	echo
-	echo "This script takes one or more word list files as arguments"
-	echo "and converts them into cracklib dictionaries for use"
-	echo "by password checking programs. The results are placed in"
-	echo "/usr/lib/cracklib_dict.*"
-	echo
-	echo "Example:"
-	echo "$0 /usr/share/dict/words"
-else
-	/usr/sbin/mkdict $* | /usr/sbin/packer /usr/lib/cracklib_dict
-fi
-EOF
-
-And finally we compile cracklib from the source directory:
-
-make DICTPATH=/usr/lib/cracklib_dict SRCDICTS=/usr/share/dict/words install &&
-cp cracklib/libcrack.a /usr/lib &&
-cp crack.h /usr/include &&
-cp util/{mkdict,packer,create_cracklib_dict} /usr/sbin
-
-Command Explanations:
-
-cat >> crack.h ... : These commands create a header file for programs
-	to use when compiling with the crack library.
-cat >> util/create_cracklib_dict ... : These commands create a script
-	which takes a wordlist as an argument and creates a new cracklib
-	dictionary.
-make ... install : Makes the cracklib libraries with the correct
-	dictionary locations
-cp cracklib.a /usr/lib : The make install command does not install the
-	static cracklib library, so we do it here.
-cp crack.h /usr/include : This command copies the header file we created.
-cp util/mkdict util/packer util/create_cracklib_dict : This command
-	copies the scripts and binaries needed to create new cracklib
-	dictionaries.
-
-Please note:  The crack.h and create_cracklib_dict scripts were based
-on those found in the cracklib.tgz archive.  Credit goes to the authors
-of the originals, although they were unlisted (unless the author was
-Alec Muffett, who wrote the cracklib library, in which case credit goes
-to him). 
-
-
-LINUX-PAM
-=========
-Now we will compile PAM:
-
-./configure --enable-static-libpam --with-mailspool=/var/mail \
-	--enable-suplementedir=/usr/lib &&
-make &&
-make install &&
-cd /lib &&
-for name in libpam libpamc libpam_misc; do
-	ln -s ${name}.so.0.75 ${name}.so.0
-	done
-
-Command Explanations:
-
-./configure --enable-static-libpam : This builds static PAM libraries as
-	well as the dynamic libraries
---with-mailspool=/var/mail : This flag makes the mailspool directory
-	FHS-compliant
---with-suplementedir=/usr/lib : This flag installs the unix_chkpwd
-	binary in an FHS-compliant location
-for name in libpam libpamc libpam_misc; do : The installer creates
-	broken symlinks.  These commands correct the library links.
-
-If you don't have sgml tools on your computer, you will receive an error
-message after the install.  To install the docs manually, run the
-following commands from the Linux-PAM source directory:
-
-cd doc
-tar zxf Linux-PAM-0.75-docs.tar.gz
-cp -a html /usr/share/doc/Linux-PAM/
-cd /usr/share/doc
-chown -R root:root Linux-PAM
-touch Linux-PAM
-cd Linux-PAM
-touch *
-
-(The final three commands aren't necessary unless you use a time-stamp
-sensitive install manager like install-log.)
-
-
-SHADOW
-======
-There is an incompatibility between the current versions of Shadow and
-the latest versions of Linux-PAM.  For the record, the maintainer of the
-shadow package believes the incompatibility lies in the PAM libraries,
-not in shadow.  Therefore, he advises using a different version of PAM.
-(available from ftp://ftp.pld.org.pl/software/pam/).  However, I prefer
-to use the latest versions of both packages; the compiler flags below
-will accomplish this.
-
-LDFLAGS="-lpam -lpam_misc" ./configure --prefix=/usr --enable-shared \
-	--with-libpam --without-libcrack &&
-make &&
-make install &&
-cd /usr/sbin &&
-ln -sf vipw vigr &&
-rm /bin/vipw &&
-mv /bin/sg /usr/bin &&
-mv /lib/{libmisc.*a,libshadow.*a} /usr/lib &&
-cd /usr/lib &&
-ln -sf ../../lib/libshadow.so
-sed 's%/var/spool/mail%/var/mail%' etc/login.defs.linux > /etc/login.defs
-cp debian/securetty /etc/securetty
-
-Command Explanations:
-LDFLAGS="..." ./configure : The compiler flags allow the shadow package
-	to link correctly against the PAM libraries; they must be
-	entered on the same line as the configure command.
---enable-shared : Shadow no longer creates shared libraries by default,
-	so this flag is used.
---with-libpam : This flag compiles with PAM support.
---without-libcrack : Cracklib will be called through PAM, so we do not
-	need it here.
-ln -sf vipw vigr ... ln -s ../../lib/libshadow.so : These commands fix
-	broken links and un-installed libraries.  They are also useful for
-	refreshing the time-stamps on the files if you use a time-stamp
-	sensitive installer (like install-log).
-sed ... login.defs : This will create the /etc/login.defs file (if you
-	don't already have one) and will make the mail directory
-	FHS-compliant.
-cp debian/securetty /etc/securetty : This will create the securetty file
-	which prevents root logons from all but listed terminals.
-
-Please note:  We no longer need the 'limits' and 'login.access' files in
-/etc since PAM will handle these functions.  You may safely delete these
-files if you had previously created them.
-
-
-PAM CONFIGURATION
-=================
-We are almost done.  Now we will customize our setup.  Please note that
-the PAM configuration files below are necessary for PAM to function.
-Without these files, you will not be able to log in.
-
-You can comment out the following entries in login.defs since PAM is now
-handling them.  In the right column are the PAM modules which replace
-the entries:
-
-DIALUPS_CHECK_ENAB	(not sure - anyone know?)
-LASTLOG_ENAB		(pam_lastlog.so)
-MAIL_CHECK_ENAB		(pam_mail.so)
-OBSCURE_CHECKS_ENAB	(pam_cracklib.so)
-PORTTIME_CHECKS_ENAB	(pam_time.so)
-CONSOLE			(pam_securetty.so)
-MOTD_FILE		(pam_motd.so)
-NOLOGINS_FILE		(pam_nologin.so)
-PASS_MIN_LEN		(pam_cracklib.so)
-SU_WHEEL_ONLY		(pam_wheel.so)
-CRACKLIB_DICTPATH	(pam_cracklib.so)
-PASS_CHANGE_TRIES	(pam_cracklib.so)
-PASS_ALWAYS_WARN	(pam_cracklib.so)
-MD5_CRYPT_ENAB		(pam_unix.so with md5 flag)
-CONSOLE_GROUPS		(pam_groups.so)
-ENVIRON_FILE		(pam_env.so)
-
-Several people have noticed a small problem with pam_issue.so.
-Specifically, if you enter the correct password the first time, the login
-fails, even if pam_issue is set to optional.  However, if the wrong password
-is entered at least once, the correct password will work for any further
-attempts. I think this is because the first issue file is displayed by agetty,
-not login.  All the other issue messages are displayed by login.  So, if you
-succeed the first time, pam_issue is not called.  I'm not sure how to get
-around this problem (since even the optional setting doesn't work), so I
-have left the issue command in /etc/login.defs and taken it out of PAM. If
-anyone knows how to fix this, please let me know.
-
-If you want to use the access or limits modules (among others), you can edit
-the configuration files in /etc/security/.  Currently, my files are still
-fully commented out (the default), so I'm not much help for suggestions
-on those.  If anyone is using these files, I would love to hear from
-them, though.
-
-Below are my pam.d files.  I prefer separate files under pam.d as
-opposed to one file (/etc/pam.conf), but use whichever you prefer.
-In fact, if you want to, you can use both by specifying the
---enable-both-confs flag when compiling Linux-PAM.
-
-/etc/pam.d/login:
-# Begin /etc/pam.d/login
-auth	requisite	pam_securetty.so
-auth	requisite	pam_nologin.so
-auth	required	pam_env.so
-auth	required	pam_unix.so
-account	required	pam_access.so
-account	required	pam_unix.so
-session	required	pam_motd.so
-session	required	pam_limits.so
-session	optional	pam_mail.so	dir=/var/mail standard
-session	optional	pam_lastlog.so
-session	required	pam_unix.so
-# End /etc/pam.d/login
-
-/etc/pam.d/other:
-# Begin /etc/pam.d/other
-auth		required	pam_deny.so
-auth		required	pam_warn.so
-account		required	pam_deny.so
-session		required	pam_deny.so
-password	required	pam_deny.so
-password	required	pam_warn.so
-# End /etc/pam.d/other
-
-/etc/pam.d/passwd:
-# Begin /etc/pam.d/passwd
-password	required	pam_cracklib.so	\
-    retry=3 difok=8 minlen=15 dcredit=3 ocredit=3 ucredit=2 lcredit=2
-password	required	pam_unix.so	md5 shadow use_authtok
-# End /etc/pam.d/passwd
-
-/etc/pam.d/shadow:
-# Begin /etc/pam.d/shadow
-auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
-account		required	pam_unix.so
-session		required	pam_unix.so
-password	required	pam_permit.so
-# End /etc/pam.d/shadow
-
-/etc/pam.d/su:
-# Begin /etc/pam.d/su
-auth	sufficient	pam_rootok.so
-auth	required	pam_unix.so
-account	required	pam_unix.so
-session	required	pam_unix.so
-# End /etc/pam.d/su
-
-/etc/pam.d/useradd:
-# Begin /etc/pam.d/useradd
-auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
-account		required	pam_unix.so
-session		required	pam_unix.so
-password	required	pam_permit.so
-# End /etc/pam.d/useradd
-
-One final note:  The shadow file (and useradd, for that matter) require
-a password field, or else they will return a 'PAM chauthtok failed'
-error.  Also, the shadow file affects many of the other programs in the
-shadow suite (chfn, chage, groupdel, userdel, etc.).  These programs
-interface with PAM as 'shadow' instead of their own program name.
-
-
-TROUBLE
-=======
-Here are a couple problems that crept up while I was installing the above
-programs myself.  Just in case you run in these problems yourself, here
-are some tips to help you resolve them.  Of course, you will not need
-these because everything will work great the first time. ;-)
-
-Cracklib Seg Fault:
-With a large dictionary file, cracklib gave a segmentation fault the
-second time I tried to change a password.  (The first time worked.)
-To fix this, I ran the script create_cracklib_dict, as listed below (I
-was using the 'cracklib' dictionary at the time):
-
-create_cracklib_dict /usr/share/dict/cracklib
-
-This command rebuilt the cracklib dictionary files and cracklib worked
-fine the next time I changed a password.  Then it crashed again the
-following time.  However, when I ran the above command with the 
-'allwords' dictionary listed above, cracklib worked and has worked since. 
-
-As noted above, this error may be a result of my computer's limited RAM
-and swap space.  Other people have stated that the cracklib dictionary
-has worked fine for them.
-
-Incorrect Root Password:
-Later, due to a misconfiguration, I found myself unable to log in as root.
-To fix this, I used a boot disk (the Slackware boot disk, to be exact)
-which allowed me to log in as root without a password.  Once I was
-logged in, I mounted my LFS system.  Then, I renamed the pam.d directory
-and created a new pam.d directory with only the 'other' file.  This
-temporary file is listed below:
-
-# Begin temporary /etc/pam.d/other
-auth		required	pam_unix.so	nullok
-account		required	pam_unix.so
-session		required	pam_unix.so
-password	required	pam.unix.so	nullok
-# End temporary /etc/pam.d/other
-
-I also edited my /etc/passwd file (after making a backup, of course) and
-removed the password field for root.  After rebooting, I was able to log
-in as root without a password.  Then, I copied my original pam.d directory
-back in place and changed the root password, testing the configuration
-in another virtual terminal.
-
-
-OTHER PROGRAMS
-==============
-
-The main reason to install PAM (at least for me) was so that different
-programs could use it.  Below are a few programs that utilize PAM, as
-well as instructions how to compile PAM support into them.
-
-SSH:
-OpenSSH (from http://www.openssh.com/) has a compile option for PAM.
-Simply specify the --with-pam flag when you run the configure script.
-The PAM configuration file I use for ssh is almost identical to the one
-used for login, with one exception: the securetty line is removed (so we
-can log in through ssh from anywhere).  For simplicity's sake, the file
-is listed below:
-
-/etc/pam.d/sshd:
-# Begin /etc/pam.d/sshd
-auth	requisite	pam_nologin.so
-auth	required	pam_env.so
-auth	required	pam_unix.so
-account	required	pam_access.so
-account	required	pam_unix.so
-session	required	pam_motd.so
-session	required	pam_limits.so
-session	optional	pam_mail.so	dir=/var/mail standard
-session	optional	pam_lastlog.so
-session	required	pam_unix.so
-# End /etc/pam.d/sshd
-
-PPPD:
-Another program that is useful if you use a modem (including DSL) is
-the pppd program (available from http://www.samba.org/ppp/).  To enable
-PAM in pppd, simple add the USE_PAM=y flag after the make command. 
-My configuration file for ppp is sparce compared to sshd and login,
-simply because I do not use ppp except to dial out.  The configuration
-file for pppd is listed below:
-
-/etc/pam.d/ppp:
-# Begin /etc/pam.d/ppp
-auth	requisite	pam_nologon.so
-auth	required	pam_unix.so
-account	required	pam_unix.so
-session	required	pam_unix.so
-# End /etc/pam.d/ppp
-
-Please note that the file is called ppp, not pppd.  This is because the
-ppp daemon uses "ppp" to interface with PAM instead of "pppd."
-
-
-CLOSING
-=======
-Many thanks to Yannick Tousignant for writing the previous pam hint and
-helping me get my foot in the door.  And of course, thanks to Gerard
-Beekmans and the rest of the LFS crew.  
-
-Also, thanks to the following individuals for their contributions:
-Thien Vu
-Adrian Woffenden
-
-If you need additional help, be sure to check out the Linux-PAM manuals
-at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/
-Also, help may be available on the Shadow mailing list at
-http://lists.pld.org.pl/archive/index.htm?10
-
-Enjoy.

Deleted: trunk/PREVIOUS_FORMAT/ppp-hint.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/ppp-hint.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/ppp-hint.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,267 +0,0 @@
-TITLE:		How to QUICKLY install PPP 2.4.1 over a modem
-		(serial line) on LFS
-
-UPDATED:	28-8-02
-
-LFS VERSION:	3.3
-
-AUTHOR:		Sebastien Millet <sebastien.millet2 at libertysurf.fr>
-
-SYNOPSIS:
-
-When you manage to install a simple PPP access over a
-modem (a SERIAL modem, connected to a regular RTC
-phone line), in order to get connected to your ISP,
-you need to know where is the latest PPP package
-available and how to install and configure it.
-
-This hint will indicate you how to do this WITHOUT
-downloading huge packages like wvdial, linuxconf
-or other high level configuration tools. You'll
-only need to download the PPP source
-(ppp-2.4.1.tar.gz at the time of this writing).
-
-Also, this hint includes an option to make connection
-be automatic (on demand).
-
-HINT:
-
-
-1. Where to get PPP ?
-
-PPP project Homepage
-	http://www.samba.org/ppp
-Alternative freshmeat URL
-	http://freshmeat.net/projects/pppd
-
-
-2. Get PPP installed
-
-Once you've downloaded ppp source, extract it from
-the gzipped tarball by running
-	tar -zxvf ppp-2.4.1.tar.gz
-
-Then CD to ppp-2.4.1 directory and run the usual triptic
-	./configure
-	make
-	make install
-
-As usually "make install" must be run as root.
-
-
-3. Configure PPP
-
-It is assumed here that you compiled your kernel with
-support for PPP. To make PPP available in your kernel,
-CD into /usr/src/linux, execute
-	make config
-and answer Y (or M when possible, if you manage
-to make PPP be available as a module) to the questions
-
-	Networking support
-...
-	TCP/IP networking
-...
-	PPP (point-to-point protocol) support
-...
-	PPP support for async serial ports
-	PPP support for sync tty ports
-	PPP Deflate compression
-	PPP SD_Compress compression
-
-Also you have to enable the "dummy network driver", so to
-have PPP manage an "empty" network device when the PPP
-link is down.
-
-Starting from this point, it is assumed that you're root.
-
-Execute the following to create the file ppp-on-dialer:
-
-cat > /etc/ppp/ppp-on-dialer << "EOF"
-#!/bin/sh
-
-/usr/sbin/chat -v \
-	TIMEOUT	3 \
-	ABORT	'\nBUSY\r' \
-	ABORT	'\nNO ANSWER\r' \
-	ABORT	'\nRINGING\r\n\r\nRINGING\r' \
-	''	\rATM0 \
-	'OK-+++\c-OK'	ATH0 \
-	TIMEOUT	30 \
-	OK	ATDT$TELEPHONE \
-	CONNECT	'' \
-	ogin:--ogin:	$ACCOUNT \
-	assword:	$PASSWORD
-EOF
-chmod a+x /etc/ppp/ppp-on-dialer
-
-Note that \rATM0 is used to turn modem speaker off.
-If you want your modem speaker on or if ATM0 command
-fails on your modem, simply write \rAT (original
-string, given by the PPP-HOWTO) instead of \rATM0.
-
-Now create ppp-on script:
-
-cat > /etc/ppp/ppp-on << "EOF"
-#!/bin/sh
-
-# Beginning of /etc/ppp/ppp-on
-
-TELEPHONE=my-phone-number
-ACCOUNT=-my-account-name
-PASSWORD=my-password
-LOCAL_IP=0.0.0.0
-REMOTE_IP=0.0.0.0
-
-export TELEPHONE ACCOUNT PASSWORD
-
-DIALER_SCRIPT=/etc/ppp/ppp-on-dialer
-
-exec /usr/sbin/pppd /dev/ttyS0 115200 $LOCAL_IP:$REMOTE_IP \
-	connect $DIALER_SCRIPT disconnect "chat -v -- \d+++\d\c OK ATH0 OK"
-
-# End of /etc/ppp/ppp-on
-EOF
-chmod a+x /etc/ppp/ppp-on
-
-You have to replace my-phone-number, my-account-name and
-my-password with your values. Also, in the "exec ..."
-line, replace /dev/ttyS0 with the correct serial port
-on which your modem is installed. Consider that
-	/dev/ttyS0 corresponds to COM1:
-	/dev/ttyS1 corresponds to COM2:
-	...
-
-Now ADD an option to the options file, by executing:
-
-cat >> /etc/ppp/options << "EOF"
-debug
-defaultroute
-EOF
-
-If you want you can also specify the option
-	idle	<n>
-in /etc/ppp/options, where <n> is the hang-up timeout in seconds
-(for example   idle 60   to get a one minute idle timeout).
-
-Now create the file ppp-off:
-
-cat > /etc/ppp/ppp-off << "EOF"
-#!/bin/sh
-
-# Beginning of /etc/ppp/ppp-off
-
-if [ "$1" = "" ]; then
-	DEVICE=ppp0
-else
-	DEVICE=$1
-fi
-
-if [ -r /var/run/$DEVICE.pid ]; then
-	kill -INT `cat /var/run/$DEVICE.pid`
-
-	if [ ! "$?" = "0" ]; then
-		rm -f /var/run/$DEVICE.pid
-		echo "ERROR: Removed staled pid file"
-		exit 1
-	fi
-
-	echo "PPP link to $DEVICE terminated."
-	exit 0
-fi
-
-echo "ERROR: PPP link is not active on $DEVICE"
-exit 1
-
-# End of /etc/ppp/ppp-off
-EOF
-chmod a+x /etc/ppp/ppp-off
-
-Now you can connect to your ISP by running
-	/etc/ppp/ppp-on
-and disconnect by running
-	/etc/ppp/ppp-off
-
-To analyze what's going on in case of failure,
-switch to a terminal that you'll dedicate
-to display system messages (or open a xterm if
-you're working under X), execute
-	tail -f /var/log/sys.log
-and you'll see chat and pppd logs on the fly.
-When you're OK you can remove the debug option
-from pppd options file (/etc/ppp/options). You can
-also consider removing -v option of chat invocation
-(in the /etc/ppp/ppp-on-dialer file), though this
-logging is useful and often left.
-
-
-4. Configure name resolution
-
-Configure name resolution by executing the following:
-
-cat > /etc/host.conf << "EOF"
-# /etc/host.conf
-
-order hosts,bind
-multi on
-EOF
-
-cat > /etc/resolv.conf << "EOF"
-# /etc/resolv.conf
-
-domain my-isp-domain-name
-nameserver first-dns-ip-address
-nameserver second-dns-ip-address
-EOF
-
-In the file /etc/resolv.conf, replace my-isp-domain-name,
-first-dns-ip-address and second-dns-ip-address
-with the correct values.
-
-
-5. Configure on-demand connection (optional)
-
-Execute the following:
-
-cat > /etc/sysconfig/network-devices/ifconfig.ppp0 << "EOF"
-ONBOOT=yes
-EOF
-
-cat > /etc/sysconfig/network-devices/ifup-ppp0 << "EOF"
-#!/bin/sh
-
-/etc/ppp/ppp-on
-
-exit 0
-EOF
-
-cat > /etc/sysconfig/network-scripts/ifdown-ppp0 << "EOF"
-#!/bin/sh
-
-/etc/ppp/ppp-off
-ifconfig ppp0 down
-
-exit 0
-EOF
-
-cat >> /etc/ppp/options << "EOF"
-ktune
-demand
-idle 60
-EOF
-
-Note that you may have already supplied the idle option.
-Tune the idle option to a value that fits your wishes.
-
-
-6. How to get detailed informations about PPP
-
-Online HOWTO
-	http://www.tldp.org/HOWTO/PPP-HOWTO/index.html
-The same HOWTO as above, but in a single HTML file
-	http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/PPP-HOWTO.html
-
-The Linux PPP FAQ
-	ftp://sunsite.unc.edu/pub/Linux/docs/faqs/PPP-FAQ/PPP-FAQ
-
-

Deleted: trunk/PREVIOUS_FORMAT/sendmail.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/sendmail.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/sendmail.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,461 +0,0 @@
-GENERAL OUTLINE
-===============
-
-TITLE:		Sendmail
-LFS VERSION:	3.1+
-AUTHOR:		Sam Halliday <fommil AT yahoo DOT ie>
-
-SYNOPSIS:
-	This hint covers the building and configuring of a Sendmail/Procmail
-mail handling system, with Sendmail not running as root. Some mail clients
-are recommended.
-
-ACKNOWLEDGEMENTS:
-Based on the sendmail hint by J. Jones
-
-CHANGELOG:
-0.1	first release with a changelog, added spam support and better 'cf'
-	support
-0.1.1	fixed typo in the 'mc' file
-0.1.2   added extra spam support
-0.1.3   fix a file locking security bug
-0.1.4   fix the fix i didnt really fix ;)
-0.1.5   fix permissions, restructure and upgrade to LFS-3.1 initscripts
-        (this was almost a total rewrite)
-0.1.6   a few more permission fixes, update sendmail version
-0.1.7   note about opts in procmail, changed parts of the pine install,
-        updated procmail version as the latest development is now 'stable',
-        fixed 80 character wrapping, and edited some version tags in mc files.
-0.1.8   fixed aliases.db problem, removed default antispam support, but added
-        more detail and a test to check that it works. Removed default DECNET
-        support, but mentioned how to add it again. Fixed a silly line in the
-        permissions section. Made a workaround to the .forward problem. Please
-        somebody help me with the real fix!
-0.1.9   fix a permission problem... sheesh! well, I can send mail now, hope
-        everyone else can (everything from 0.1.5 to here was done without a
-        network available to me, so please forgive all the silly errors)
-0.1.10  add a patch for a security vulnerability in sendmail 8.12.6, and change
-        the download location to reflect sendmail's new stance against the
-        recent trojan
-0.1.11  fix the formatting problem in the man pages
-0.1.12  fix the firewall command line, added note about signature checking
-        removed old maintainer email address as it doesn't exist anyway.
-0.1.13  edit the initscript to process the failed messages in the clientmqueue.
-0.1.14  thanks to Duncan Webb <duncan AT dwebb.ch> for a fix to the submit.mc
-0.1.15  notes on berkeleydb and added ssl support
-0.1.16  upgraded db, sendmail and removed group 'mail' setup
-0.1.17  upgrade sendmail. 8.12.7 has a serious security bug.
-0.1.18  upgrade sendmail. 8.12.8 has a serious security bug (its like deja vu,
-        all over again)
-
-HINT:
-
-Software you need
-=================
-
-Sendmail:  http://www.sendmail.org
-	Handles sending and receiving of mail by the SMTP protocol
-	Latest stable version at time of writing is 8.12.9.
-
-Procmail:  http://www.procmail.org
-	Our local delivery agent (makes sure mail goes to the correct boxes)
-	Latest stable version at time of writing is 3.22
-
-Berkeley DB:  http://www.sleepycat.com/download.html
-	Sendmail uses this library to store much of it's configuration.
-	Latest stable version at time of writing is 4.1.25 although
-	requires a patch found at the same location.
-
-Make sure you run md5sum and check the signatures of the packages!
-The recent sendmail trojan was a lesson to us all!
-
-Optional
-========
-
-Mail Clients
-
-Pine:  http://www.washington.edu/pine/
-	Console based mail client (for for ssh'ing in and reading mail)
-
-Sylpheed Claws:  http://sourceforge.net/projects/sylpheed-claws
-	GTK+ based email client (when you are at your machine with X running)
-
-
-Why you might need this hint
-============================
-
-Sendmail is a mail server for sending and receiving mail. If you do not have
-a static IP or domain name attached to your machine, you should think again
-before installing sendmail, read the BLFS book for alternatives. If however
-you do need a mail server for receiving mail, this is the LFS hint you need.
-However, if you just wish to send mail locally, don't let this put you off
-installing sendmail as it is an incredibly powerful package which you may
-one day wish to use! Sendmail is not a POP3 or IMAP server by itself.
-
-
-Building the required packages
-==============================
-
-Berkeley Database:
-You may want to build the database with back-wards compatibility, so that you
-can use this functionality with older and unmaintained packages
-(--enable-compat185). Try passing (--help) to see other API's you may build,
-such as java, c++ and tcl. Be warned that if you build Openoffice you may have
-conflicts as it requires an older version of Berkeley-DB. This package takes
-the standard GNUmake environment variables for optimisations and now is
-the best time to set them;
-
-export CFLAGS='-s -O2 -march=i386 -fomit-frame-pointer'
-
-unpack db tarball
-patch -p0 < ../patch.4.1.25.1 # Apply the patch
-cd build_unix
-../dist/configure --prefix=/usr --enable-compat185
-make
-make docdir=/usr/doc/berkeleydb install
-ldconfig
-
-Procmail:
-Procmail requires a Sendmail file to exist in order to compile, so we trick it
-into believing that we have Sendmail installed already by touching the future
-location. Again takes the standard GNUmake environment variables for
-optimisations. Be aware that the -O3 opt kills the procmail initial check, as
-the test program seems to take forever to compile with inlining of functions!
-
-unpack procmail tarball
-touch /usr/sbin/sendmail
-make CFLAGS="$CFLAGS" LOCKINGTEST='/tmp'
-make CFLAGS="$CFLAGS" LOCKINGTEST='/tmp' install
-make CFLAGS="$CFLAGS" LOCKINGTEST='/tmp' install-suid
-
-Unfortunately, I have never been able to get Procmail to work without setting
-run-as-root suid. It needs root privileges to read users config files from
-their home directory. With a different setting, this functionality would be
-lost.
-
-Sendmail:
-
-Sendmail runs on TCP port 25, and by default runs as root. Although Sendmail
-has now gained the respect of the community as being safe to run as root,
-I still do not like having daemons running on open ports as root. So we will
-create the group/user pair 'smmsp':
-
-groupadd -g 18 smmsp
-useradd -g smmsp -G mail -u 18 smmsp
-
-Unlike Procmail and most other programs, which use a text based rc file for
-configuration, sendmail uses preprocessed text files for its compile
-configuration. The same technique is used at run time for incoming
-(sendmail.cf) and outgoing mail (submit.cf). You create an 'mc' file which is
-then processed by the m4 macro processor to create the 'cf' config file.
-Editing a 'cf' file directly is NOT recommended.
-
-After unpacking sendmail, in order to avoid a user.group install which we
-may not be able to accomodate, create the config file with the following
-after setting your CFLAGS to what you desire (leaving them blank is also
-OK, but do not skip the 'sed' script even if they are empty)
-
-chmod a+w devtools/OS/Linux
-cat > devtools/OS/Linux << "EOF"
-define(`confDEPEND_TYPE', `CC-M')
-define(`confSM_OS_HEADER', `sm_os_linux')
-define(`confMANROOT', `/usr/man/man')
-define(`confLIBS', `-ldl')
-define(`confEBINDIR', `/usr/sbin')
-APPENDDEF(`confLIBSEARCH', `crypt nsl')
-define(`confLD', `ld')
-define(`confMTCCOPTS', `-D_REENTRANT') 
-define(`confMTLDOPTS', `-lpthread')
-define(`confLDOPTS_SO', `-shared')
-define(`confSONAME',`-soname')
-define(`confOPTIMIZE',`LFSOPTS')
-define(`confMANGRP',`root')
-define(`confMANOWN',`root')
-define(`confSBINGRP',`root')
-define(`confUBINGRP',`root')
-define(`confUBINOWN',`root')
-EOF
-cp devtools/OS/Linux devtools/OS/Linux.orig
-sed -e "s:LFSOPTS:${CFLAGS} \-s:g" devtools/OS/Linux.orig \
- > devtools/OS/Linux
-
-If you wish to use OpenSSL support, then also type this (always use up to
-date releases of OpenSSL!)
-
-cat >> devtools/OS/Linux << "EOF"
-APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DHASURANDOMDEV')
-APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
-EOF
-
-Now we build some preliminaries:
-
-cd sendmail
-sh Build
-cd ..
-
-Now create the config file 'sendmail.mc' and 'submit.mc'. Read cf/README
-for all the options you can use if you ever wish to modify your setup.
-We may need to update this configuration in the future, so it is a good 
-idea to copy over all necessary files into /etc/mail. The sendmail startup
-script will regenerate the config files on startup so unless you want to
-edit the script, place them as shown;
-
-mkdir -p /etc/mail
-cp cf/README /etc/mail
-cp -r cf/m4 /etc/mail
-cp -r cf/ostype /etc/mail
-cp -r cf/domain /etc/mail
-cp -r cf/feature /etc/mail
-cp -r cf/mailer /etc/mail
-cp -r cf/sh /etc/mail
-cat > cf/cf/sendmail.mc << "EOF"
-OSTYPE(linux)
-DOMAIN(generic)
-FEATURE(smrsh)
-FEATURE(`nouucp',`reject')
-FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')
-FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access')
-FEATURE(`no_default_msa')
-MODIFY_MAILER_FLAGS(`LOCAL', `-S')
-define(`confTRUSTED_USER', `smmsp')
-define(`confRUN_AS_USER', `smmsp:smmsp')
-define(`confCW_FILE', `-o /etc/mail/local-domains')
-MAILER(local)
-MAILER(smtp)
-EOF
-cat > cf/cf/submit.mc << "EOF"
-FEATURE(`msp')
-define(`confCF_VERSION', `Submit')
-define(`__OSTYPE__',`linux')
-define(`confTIME_ZONE', `USE_TZ')
-define(`confTRUSTED_USER', `smmsp')
-define(`confRUN_AS_USER', `smmsp:smmsp')
-EOF
-
-A brief description is that we are fork()'ing the listening sendmail daemon
-to use user smmsp. Berkeley DB support has also been enabled here. For a fuller
-explanation, read your locally stored /etc/mail/README. Sendmail also fork's
-as user smmsp to send mails, this avoids any possible local exploits.
-
-To add a database lookup of known spammer IP addresses, simply add one of the
-following to you sendmail.cf file to the end of the FEATURE section.
-
-FEATURE(`dnsbl', `blackholes.mail-abuse.org', `"Listed on http://mail-abuse.org"')
-FEATURE(`dnsbl', `sbl.spamhaus.org', `"Listed on http://spamhaus.org/SBL"')
-FEATURE(`dnsbl', `relays.visi.com', `"Listed on http://relays.visi.com"')
-
-To test that your IP lookup for blackholes.mail-abuse.org is working, Russell
-Nelson has put together an auto-responder. His instructions are:
-Send mail to nelson-rbl-test at crynwr.com from the server whose block you are
-testing. Expect one reply from crynwr.com with the SMTP conversation. If
-you get another reply from crynwr.com, then your spam filter is broken.
-Please note that the RBL, RSS, and DUL zones are now closed to all but paying
-customers, so don't expect this to work unless you have organised with them
-previously, with $/£. Since I have no need of this service I have never checked
-that it is working correctly... I would appreciate mail with success stories!
-
-We will disable SSL connection support as default, as a lot of MTA's implement
-the protocol incorrectly, but if you are in a situation where SSL connections
-are an absolute necessity, then I refer you to your locally stored
-/etc/mail/README file where you may read the section on 'STARTTLS'. You may
-need to create a 'certs' folder to store certificates.
-
-Now compile the 'cf' files from our 'mc' files
-
-cd cf/cf
-sh Build sendmail.cf
-sh Build submit.cf
-
-Install the setup files and create some needed system directories
-
-mkdir -p /var/spool/mqueue /var/lib/smrsh
-cp sendmail.cf /etc/mail
-cp sendmail.mc /etc/mail
-cp submit.cf /etc/mail
-cp submit.mc /etc/mail
-
-Build it and install!
-
-cd ../../
-sh Build
-sh Build install
-
-The Sendmail restricted shell is what will be executed (in place of /bin/sh)
-in order to process any commands that may appear in a user's .forward file.
-It can only execute a program if it appears in it's command directory. This
-will allow smrsh to execute Procmail and vacation, and nothing else. You
-should never allow it to execute any shell, as it will defeat any security
-advantages gained by using it. Execute the following:
-
-cd /var/lib/smrsh
-ln -s /usr/bin/procmail
-ln -s /usr/bin/vacation
-
-Create the file /etc/mail/aliases as follows. See man 5 aliases for
-an explanation of this file
-
-cat > /etc/mail/aliases << "EOF"
-postmaster: root
-MAILER-DAEMON: root
-EOF
-
-And the file /etc/mail/access. This file is quite powerful.. you should
-read the /etc/mail/README section about it to fully understand it.
-
-cat > /etc/mail/access << "EOF"
-localhost.localdomain           RELAY
-localhost                       RELAY
-127.0.0.1                       RELAY
-#example line to block spammers:
-#spammer at aol.com ERROR:"550 spam sucks"
-EOF
-
-Do the next line and also after any change to /etc/mail/access
-
-makemap hash /etc/mail/access < /etc/mail/access
-
-add lines to /etc/mail/local-domains such as
-        @<your domain here>
-Or simply create an empty file by
-
-touch /etc/mail/local-domains
-
-At this stage it is important to set the permissions correctly in the /etc/mail
-directory or sendmail will not be able to upgrade or read it's own databases.
-Set the permissions by issuing
-
-touch /etc/mail/aliases.db
-chown -R smmsp.root /etc/mail/
-chmod -R o-wrx /etc/mail
-chmod o+x /etc/mail
-chown -R root.smmsp /var/spool/mqueue
-chmod 770 /var/spool/mqueue
-chown -R root.smmsp /var/spool/clientmqueue
-chmod 770 /var/spool/clientmqueue
-chmod 1777 /var/mail
-
-Now run `sendmail -v -bi` to upgrade the sendmail alias list.
-
-OK, sendmail is now installed and should be working once we run the startup
-script, speaking of which...
-
-cat > /etc/rc.d/init.d/sendmail << "EOF"
-#!/bin/bash
-
-source /etc/sysconfig/rc
-source $rc_functions
-
-case "$1" in
-        start)
-                echo "Starting sendmail..."
-                /usr/bin/m4 /etc/mail/m4/cf.m4 /etc/mail/sendmail.mc \
-			> /etc/mail/sendmail.cf
-                chmod 444 /etc/mail/sendmail.cf
-                /usr/bin/m4 /etc/mail/m4/cf.m4 /etc/mail/submit.mc \
-			> /etc/mail/submit.cf
-                chmod 444 /etc/mail/submit.cf
-                /usr/sbin/makemap hash /etc/mail/access < /etc/mail/access
-                /usr/bin/newaliases > /dev/null 2>&1
-                /usr/sbin/sendmail -bs -bd -q1m
-		/usr/sbin/sendmail -Ac -qf
-                evaluate_retval
-                ;;
-
-        stop)
-                echo "Stopping sendmail..."
-                killproc sendmail
-                ;;
-
-        restart)
-                $0 stop
-                sleep 1
-                $0 start
-                ;;
-
-        status)
-                statusproc sendmail
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|restart|status}"
-                exit 1
-                ;;
-esac
-EOF
-chmod 755 /etc/rc.d/init.d/sendmail
-
-When you send or receive an email you can check that sendmail is running as
-smmsp by issuing "ps -u smmsp v". If you intend on using a Firewall, you
-will have to open port 25 up to NEW connections. eg. for iptables
-
-/usr/sbin/iptables -A INPUT -i eth0 -p tcp --dport 25 -m state \
-	--state NEW -j ACCEPT
-
-BUGFIX:
-sendmail has some incorrectly formatted man pages, so if you experience
-trouble, run this
-
-for A in sendmail/mailq.1 sendmail/newaliases.1 vacation/vacation.1
-do
-/bin/cp -f $A /usr/share/man/man1/ ;
-done
-/bin/cp -f sendmail/aliases.5 /usr/share/man/man5/ ;
-for A in mailstats/mailstats.8 \
-  makemap/makemap.8 smrsh/smrsh.8 \
-  sendmail/sendmail.8 praliases/praliases.8 \
-  editmap/editmap.8
-do
-/bin/cp -f $A /usr/share/man/man8/ ;
-done
-
-ADDITIONAL
-==========
-
-Now we need a mail client program which users can send and read their email
-with. I recommend two; 'pine' for console and 'sylpheed-claws' for GTK+ in
-an X environment.
-
-Pine:
-This will install Pine the mail client for a console. It also has openssl
-support, see the BLFS book for that. Unfortunately the compile is totally
-non-standard and the authors should be ashamed of themselves! You must
-edit the file imap/src/osdep/unix/Makefile (in the slx section) in order
-to add optimisations to the imap build. We will install for shadow password
-support, but PAM support is also available if you replace the 'slx' with
-'lnp'.
-
-./build clean
-./build slx CC="$CC" MAILSPOOL='/var/mail' SSLINCLUDE='/usr/include/openssl' \
-	SSLCERTS='/etc/ssl/certs' SSLTYPE=unix DEBUG="$CFLAGS"
-strip pine/pine
-install pine/pine /usr/bin/
-
-Sylpheed Claws:
-You will need GTK+-1.2 for this one. 'GPG made easy' (www.gnupg.org/gpgme.html)
-and GPG are needed for GPG support. The new 'all in one' aspell for spelling
-and of course, OpenSSL for SSL.
-
-./configure --prefix=/usr/X11R6 --enable-aspell --enable-gpgme --enable-openssl
-make 
-make install    
-
-Happy emailing!
-
-BUGS:
-
-Procmail, despite being suid root, is running as smmsp and is therefore unable
-to read user's .forward files unless their home directories are world readable!
-As a workaround, set the permissions on everyone's home directories to
-`chown <user>.smmsp`. This does not need to be run recursively, but requires
-that the .forward and .procmailrc files be world readble, or also set
-`chown <user>.smmsp`. I would LOVE to hear the real fix for this.
-
-NOTES:
-
-Feedback and patches are most welcome! Consider the 'AUTHOR' field mearly a
-formality for saying 'contact'. This hint is community owned/written and wishes
-to stay that way.
-
-For further reading, I direct you to
-http://www.sendmail.org/faq
-and the numerous books available on sendmail.

Deleted: trunk/PREVIOUS_FORMAT/shadowpasswd_plus.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/shadowpasswd_plus.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/shadowpasswd_plus.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,479 +0,0 @@
-TITLE:		Shadow Suite for Linux(tm) - installation, usage, enhancement
-LFS VERSION:	3.0+
-AUTHOR:		Jeffrey Allen Neitzel <jan at belvento.org>
-
-SYNOPSIS:
-	Do you want to know your system is secured with regard to passwords?
-	Do you want to learn more about security?
-	Understanding the usage of passwords on your system is a good place
-	to start since passwords on UNIX(tm) are analogous to the keys for
-	the front door of your home. Shadow Passwords can help to keep these
-	keys from falling into the wrong hands.
-
-HINT:
-
-2001-10-09
-
-Table of Contents
-	Preface
-	Introduction
-		*) Two Approaches
-		*) Terminology
-	Chapter 1
-		- Preliminary Information
-		  *) What is password shadowing?
-		  *) Am I already using it?
-		  *) DES vs. MD5 passwords?
-		  *) Do I want to shadow my password file?
-	Chapter 2
-		- Installing Shadow-20001016
-		  *) Installation Commands
-	Chapter 3
-		- Additional Configuration/Security Steps
-		  *) How do I add a new user?
-		  *) /etc/login.defs (configuring the shadow login suite)
-		  *) Essential Permissions
-	Chapter 4
-		- Conclusion
-	Footnotes
-
-
-==============================================================================
-  PREFACE
-==============================================================================
-
-All of the following modifications and suggestions are based on the
-installation commands as they appear in:
-
-	Linux From Scratch: Version 3.0 (lfs-3.0)
-
-The suggestions here will apply directly to any LFS System which uses the
-shadow password suite (shadow-20001016) as obtained from:
-ftp://ftp.pld.org.pl/software/shadow/
-
-Please refer to the DISCLAIMER at
-http://hints.linuxfromscratch.org/hints/DISCLAIMER
-
-In addition, the author takes no responsibility for the security of your system.
-These are friendly suggestions, but it should not be forgotten that implementing
-security measures for your site is multifaceted. Password security is only one
-part of that.
-
-I assume you are installing the shadow password suite now. You will need
-super-user (root) privileges to perform many of the system-wide configuration
-activities discussed here. This document assumes you have these privileges.
-Because of this, I must leave you with one final thought, "Think before you
-type."
-
-
-==============================================================================
-  INTRODUCTION
-==============================================================================
-
-The primary objective of this document is to complement and extend the LFS BOOK
-in regards to shadow passwords on your LFS System. I will try to detail some
-additional steps to take which can help enhance system security. In doing so,
-I hope the reader finds this to be a valuable extension to the book's methods.
-
-o== Two Approaches ==o
-
-I have tried to split the commands to address both, those individuals who are
-doing the book and reading this document concurrently, and those who are reading
-this after they have already finished the book. To achieve this, the author will
-use the following notations in Chapters 2, 3, and 4:
-
-  # Approach 1
-    will allow the reader to replace commands for installing Shadow-20001016
-    as found in the book with commands listed here.
-
-  # Approach 2
-    will be primarily for those individuals who have already installed
-    Shadow-20001016 previously and now want to check their configuration
-    to be sure all is well, upgrade, modify, etc.
-
-  # BOTH 1+2
-    will apply to both sets of readers.
-
-o== Terminology ==o
-
-I will use the terms password, passphrase, and secret interchangeably. Also,
-rather than use the word "encrypted" to describe the string your password gets
-turned into, I will say "encoded" instead. This is because the password you type
-actually gets encoded using a one way hash function. See crypt(3) for more info.
-I believe the same holds true for MD5-based passwords.
-
-==
-
-I hope to extend on what I have written here as time permits, and I invite the
-reader to contact me to report errors and/or omissions. Of course, all comments
-and questions are welcome.
-
-To begin, I should preface all of the following with the fact that when it
-comes to security and computers there is *always* a balancing act between
-security (paranoia) and convenience, for both system administrators and
-users alike.
-
-Because of this need for compromise and balance, interpretation of security
-requirements differs from site to site. Interpretation of suggested practice
-will usually fall victim to the subjectives inherent in human nature.
-
-On that note, this author approaches security from the PARANOID perspective.
-Reader should balance these suggestions with his/her own need for convenience.
-If the suggestion introduces too much inconvenience relative to added security
-benefit, I invite you to interpret and implement as your needs dictate.
-
-References will be made when necessary to explain more fully about a particular
-topic.
-
-
-==============================================================================
-  Chapter 1 - Preliminary Information
-==============================================================================
-
-o== What is password shadowing? ==o
-
-Password shadowing is a useful tool and one part of securing your system. It is
-a tool to allow protecting password information from those who really have no
-need to see it. Since reams of information exist about passwords and computer
-security I won't go on to duplicate any of it here.
-
-In short, shadowing your password file consists of removing the encoded secrets
-from the necessarily world-readable /etc/password file and instead placing them
-into another file which is not world-readable. This other file is normally
-called /etc/shadow on Linux systems.
-
-It is an idea which is not necessarily new and has been implemented in one way
-or another on a great many UNIX systems. The Shadow Suite for Linux is one of
-these tools. It is only a tool, not security salvation.
-
-o== Am I already using it? ==o
-
-Have you already run the `/usr/sbin/pwconv' command? Have you already given
-root a password by running `/usr/bin/passwd root'? If so, the answer is most
-likely, "YES".
-
-I say "most likely" because I feel that you can never be too certain with
-something this important to the integrity of your system. So, on that note,
-please take a moment now to examine the relevant files if you have not done
-this already.
-
-For more information on the following please refer to the relevant man pages
-which would be:
-PASSWD(5) get there with `man 5 passwd' and/or,
-SHADOW(5) get there with `man 5 shadow'.
-
-For each line in /etc/password, you should see something like this:
-
-  username:password:uid:gid:comment:home_directory:user_shell
-
-The fields are delimited by colons. Field number 2 is the password field.
-One of the following will be true:
-
-  *) password field contains nothing (e.g. username::uid)
-
-     This is a sign of danger! DANGER! You have no password. Please stop now
-     and give yourself a password.
-
-  *) password field contains "x"
-
-     If you see an "x" there this normally means that shadow passwords have
-     been enabled. In such case, your encoded password has moved to the shadow
-     password file (/etc/shadow). If you are the super-user, now might be a
-     good time to go ahead and look at what is in this file. Be sure there is
-     an entry in /etc/shadow for each user in /etc/password. There are occasions
-     where some users in the password file might be missing from the shadow
-     file. This is most likely to happen if you have ever added a user with
-     the vipw program.
-
-  *) password field contains "a_bunch_of_ASCII_characters"
-
-     If you see a bunch of ASCII characters instead of an "x", then you are not
-     using shadow passwords. The ASCII characters make up the encoded string
-     which represents your password.
-
-o== DES vs. MD5 passwords? ==o
-
-There are two different algorithms *commonly* used to encode user passwords.
-One of them uses the crypt function which uses a DES-based algorithm. The
-other method uses a MD5-based algorithm which is substantially better than
-the DES method. There *are* others, but these two are the ones currently
-available on Linux.
-
-Which one am I using?
-You can distinguish one from the other by looking at the encoded password
-string. If it begins with $1$ and is 34 characters long including the $1$,
-this is an MD5-based ciphertext format. DES-based formats are substantially
-shorter, about 13 characters in length if I recall.
-
-o== Do I want to shadow my password file? ==o
-
-Yes, you do! It should be noted, however, that there are apparently some
-situations where you might not want to do this. Since I personally cannot speak
-of these situations I must defer to the experience of others in this regard.
-On the other hand, if your machine is one with user accounts on it (a desktop
-workstation for example) and doesn't mess around with NFS and the like, then
-shadowing your password file certainly can't hurt. In the end of course, it's
-entirely up to you.
-
-Suffice it to say that on any UNIX system passwords are an important part of
-the basic security model and the first step, or front door, into the system.
-If you can protect system integrity in any way by *hiding* these keys, then
-I figure it is a proactive step in the right direction.
-
-
-==============================================================================
-  Chapter 2 - Installing Shadow-20001016
-==============================================================================
-
-o== Installation Commands ==o
-
-I have added comments to elaborate where I feel it necessary. Comments are
-denoted below the same as in any Bourne Shell script. A "#" at the beginning
-of a line marks that line as a comment. I have double-spaced between related
-command blocks for legibility and emphasis.
-
-The meaning of "# Approach 1", "# Approach 2", and "# BOTH 1+2" notations is
-detailed above in the Introduction.
-
-############################################################
-# Approach 1
-cd /path/to/your/sources/shadow-20001016
-
-# Begin installation commands.
-cp src/useradd.c src/useradd.c.backup &&
-sed 's/\(.*\) (nflg || \(.*\))\(.*\)/\1\2\3/' \
-   src/useradd.c.backup > src/useradd.c &&
-
-# Want md5crypt? This capability is now compiled-in by default.
-./configure --prefix=/usr &&
-make &&
-make install &&
-cd etc &&
-cp limits login.access /etc &&
-
-# The second expression below will enable MD5-based password
-# encoding in your /etc/login.defs file.
-sed 's%/var/spool/mail%/var/mail%
-     s%^#MD5_CRYPT_ENAB.*no%MD5_CRYPT_ENAB yes%' login.defs.linux \
-   > /etc/login.defs &&
-
-# Move some libs around and make a couple symlinks.
-cd /lib &&
-mv libshadow.a libshadow.la /usr/lib &&
-ln -sf libshadow.so.0 libshadow.so &&
-cd /usr/lib &&
-ln -sf ../../lib/libshadow.so
-
-############################################################
-# Approach 2
-# If you are reading this hint after the shadow password installation
-# and you have performed that installation by-the-lfs-book, then run
-# these commands to turn on MD5 support.
-cp /etc/login.defs /etc/login.defs.working &&
-sed 's%^#MD5_CRYPT_ENAB.*no%MD5_CRYPT_ENAB yes%' /etc/login.defs.working \
-   > /etc/login.defs
-
-############################################################
-# BOTH 1+2
-# Make these symlinks if you want vigr . Just a nice addition.
-cd /usr/sbin &&
-ln -sf vipw vigr &&
-cd /usr/share/man/man8 &&
-ln -sf vipw.8 vigr.8
-
-
-==============================================================================
-  Chapter 3 - Additional Configuration/Security Steps # BOTH 1+2
-==============================================================================
-
-o== How do I add a new user? ==o
-
-Well, there is more than one way to do this of course, but we want the easiest
-way. Right? First, please note that the relevant man pages are USERADD(8) and
-GROUPADD(8). I mention the man pages because the following example is the
-simplest possible way to do this. This will leave a lot to be desired, and you
-will certainly want to refine the example to suit your needs.
-
-Example: You want to add a new user "joe". He will be in group "users".
-         What to do?
-
-Does group "users" already exist on your system? If not, add this new group
-by doing:
-/usr/sbin/groupadd users
-
-Now you can add user "joe" by doing:
-/usr/sbin/useradd -g users joe
-
-Ok, now that this has been done... Can joe really use this account yet? No.
-Why is this? Well, he doesn't have a password yet. The account is currently
-locked. Also, by using the commands exactly as above, his home directory does
-not yet exist on the system.
-
-You can give joe a password by doing:
-/usr/bin/passwd joe
-
-That's all for now. Please refer to USERADD(8) for further info. There are a
-great many additional options you can use. You can also create a shell script
-to automate the procedure so that the results are always consistent. I may
-include an example script here in time.
-
-o== /etc/login.defs (configuring the shadow login suite) ==o
-
-This is a very important configuration file for your system. I highly recommend
-that you take a few moments to familiarize yourself with it. Since it has a
-great many configuration definitions, it is almost required to know exactly
-what is there. Besides, if you have a little time to play around with this file
-it's actually kind of fun! ;o)
-
-Before you change this file, make a backup of it for obvious reasons.
-A good way to get an overview of this file is to simply `less /etc/login.defs'.
-It has comments to describe what each definition does. You can also have a look
-at LOGIN(5), `man 5 login.defs', if you need more info than these comments
-provide.
-
-In time, I will add an example /etc/login.defs file below ([3] /etc/login.defs)
-with further information about what I believe are the best settings to use and
-why.
-
-o== Essential Permissions ==o
-
-If you want to take maximum advantage of password shadowing and add some extra
-security to your system I recommend to take the following steps. This is really
-intended for the paranoid. In my opinion, computer security and paranoia go
-hand-in-hand! Paranoia is good! Let me take this moment and invite you again to
-balance these suggestions with your own needs.
-
-#
-# Restrict permissions on /bin/login and /bin/su .
-# Refer to [1] below for explanation of why.
-#
-# Before restricting su to a privileged group, you must first create this
-# group with groupadd (man 8 groupadd for details) or vigr . For example,
-# replace "admin" below with whatever groupname you chose to use. Then, be
-# sure to add yourself, or whoever this privileged user is, to your newly
-# created "admin" group. Then run the following commands.
-chmod -c 0700 /bin/login &&
-chgrp -c admin /bin/su &&
-chmod -c o-rx /bin/su
-
-#
-# Some other programs that should be restricted.
-# Refer to [2] below for explanation of why.
-#
-# The following will remove group/other execute permissions from these programs.
-# Since only root can effectively use any of these you might as well make them
-# to be 0700 and be done with it. Then, privileged user can su to root and do
-# user administration.
-cd /usr/sbin &&
-chmod -c go-rx chpasswd dpasswd group* grp[cu]* logoutd \
-               mkpasswd newusers pw[cu]* user* vipw
-
-#
-#== Exercise for the reader ==#
-#
-# Will you really use any of these programs on a daily basis? If not, you could
-# possibly remove them from the system entirely, put them on a CD, and mount the
-# CD when you need to do user administration. This *is* possible by the way, but
-# you need to weigh the costs/benefits of doing so. It's up to you in the end.
-#
-
-
-==============================================================================
-  Chapter 4 - Conclusion
-==============================================================================
-
-After all of this, I assume you want to enable password shadowing... =)
-
-############################################################
-# Approach 1
-If you are still running within chroot on your host system and haven't booted
-your new LFS System yet, then run:
-
-/usr/sbin/pwconv
-
-Then run:
-
-/usr/bin/passwd root
-
-############################################################
-# Approach 2
-Before you run the following command, be absolutely certain that you have
-taken a copy of your currently unshadowed password file, put it somewhere
-safe, and chmod it to 0600 . Better safe than sorry. If something were to
-go foul, recovery is easy. After taking the previous precautionary measure,
-be sure you are root and are logged in on more than one console/terminal.
-
-Then run:
-/usr/sbin/pwconv
-
-On the second, and/or third, terminal(s) you are logged into do some tests
-to be certain that you get the expect results (i.e., you can login). On some
-other terminal try logging into your normal user account. Success? Good!
-Now, try to `su - root' . If you don't see any anomalous behaviour then you
-should be good to go.
-
-If you added passwords to your system before you changed /etc/login.defs to
-allow MD5 support, please note that the old passwords do not get converted
-automatically. The old password strings will still be encoded using the
-DES-based algorithm. To change these old passwords so they will use the
-MD5-based ciphertext format, simply run `/usr/bin/passwd <username>' for
-each username where this is true.
-
-The new encoded string will now be MD5-based. If you want to keep the original
-password for each account run passwd twice for each one. First, change to some
-temporary value, and then change to original.
-
-############################################################
-# BOTH 1+2
-Congratulations! You have done very well indeed! =)
-
-
-==============================================================================
-  FOOTNOTES
-==============================================================================
-
-[1] login and su should not be world executable!
-
- login:
-        As far as I have ever seen, login is only started by a getty
-        or some other root-owned process. Sometimes sshd might be setup
-        to use login. Since sshd normally runs as root, or some other
-        privileged user, this should not cause any problem.
-        No guarantee on that, can someone confirm?
-
- su:
-     This program should be tightly restricted. It is suid root.
-     Security would dictate that all privileged users who might be
-     permitted to use su, should be members of a privileged group
-     whose membership consists only of trusted admins.
-
-     I always use wheel or admin for this, pick whatever group name
-     you want. /etc/login.defs has an avenue to restrict use of su.
-     Also, the su program itself has a config file you can opt to
-     configure: /etc/suauth .
-
-     This file is not created by default. `man 5 suauth' will give
-     the details on this file. In short, do look over these
-     possibilities for restricting su usage. Until then, removing
-     world execute from /bin/su is a good place to start.
-
-
-[2] Change some other modes as an additional safeguard.
-
- There are a whole slew of programs installed as part of the
- shadow-suite into /usr/sbin . These programs should also be tightly
- restricted to admins only. Only root can effectively use any of these
- So, administrator does a su to root, does admin duties, and goes back
- to his/her normal user account.
-
- Note: Some of the programs do give errors if joe user is trying to
-       use one of them. If your system permissions in /etc are set
-       correctly, joe user won't be able to obtain a lock on any of
-       the relevant files in /etc/{passwd,shadow,group,gshadow} .
-       Because of this, it makes sense to simply restrict permissions
-       on these programs.
-
-
-[3] /etc/login.defs
-
- This will be added soon.

Deleted: trunk/PREVIOUS_FORMAT/shells.txt
===================================================================
--- trunk/PREVIOUS_FORMAT/shells.txt	2005-08-06 18:12:57 UTC (rev 978)
+++ trunk/PREVIOUS_FORMAT/shells.txt	2005-08-08 02:55:30 UTC (rev 979)
@@ -1,346 +0,0 @@
-TITLE:		How to install alternative shells on your LFS-system
-LFS VERSION:	All
-AUTHOR:		Björn Lindberg <d95-bli at nada.kth.se>
-
-SYNOPSIS:	A guide on how to install other shells than bash on an 
-		LFS-system.
-
-HINT:
-
-1. INTRODUCTION
-
-A vanilla LFS only comes with one shell, namely bash (Bourne-again
-shell). There are a lot of reasons why one would like to have
-alternatives. Different shells are good at different things. You might
-want to use one particular shell as your interactive shell, but another
-one for scripting. There are some programs that have their compile
-scripts written with a syntax that requires a certain shells. I will
-give a brief description of each shell, listing some of their strong
-points below.
-
-
-1.1 The Almquist Shell (ash)
-
-This is the shell that most closely tries to mimick the behaviour of
-the original Bourne shell -- and no more. It is therefore Bourne shell
-compliant, while being extraordinarily small and efficient. It is used
-as the /bin/sh shell on NetBSD, who also currently maintains it. There
-are two good reasons why you might want to consider installing ash:
-
-(1) It is small. It's memory footprint is about a third of bigger more
-    feature-filled shells, like bash and Korn shell. On a less
-    powerful machine it could be installed as /bin/sh, causing all
-    common administration scripts, eg. boot scripts to be run with it.
-
-(2) Portability. On Linux systems it is commonplace to begin a script
-    with /bin/sh, yet oftentimes bash-specific features will creep in,
-    since bash is the Linux standard shell. Those scripts should
-    arguably have /bin/bash at the top, because most of them won't run
-    as intended on other flavors of UNIX that don't use bash for their
-    /bin/sh, like the *BSDs and commercial Unices. Thus, using ash for
-    /bin/sh is an extra insurance that your scripts are portable in
-    the sense that they will generally work with the interpreter given
-    on the first line. this is good.
-
-
-1.2 The Korn Shell (ksh)
-
-Korn shell, like bash, is an improved Bourne shell derivative. It is
-actually more than a shell, designed to be a very high-level
-programming language while still maintaining Bourne shell
-compatibility. Bash has borrowed a lot of the ksh functionality, so
-the syntax is very similar. Korn shell is commonly used for more
-advanced scripting on non-Linux platforms, and since ksh is frequently
-available on commerical Unices, the portability for ksh scripts is
-good. It is also a very good interactive shell, and has some distinct
-features, like co-processes. See http://www.kornshell.com for more info.
-
-
-1.3 The T C Shell (tcsh)
-
-T C shell is the successor of the C shell, a competitor to the Bourne
-shell but with C-like syntax. tcsh thus has a vastly different syntax
-than the Bourne shell derivatives. Although shell afficionados
-consider csh (and by extension tcsh) a bad scripting shell (see
-http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/), it is a very
-nice interactive shell with some unique features, like programmable
-tab completion. Another good reason to have it is that you might
-encounter scripts written in csh or tcsh. Such scripts won't run with
-Bourne shell and compatibles, since the syntax is different. Some
-program sources requires tcsh to build, eq xv (the image viewer), and
-openoffice. See http://www.tcsh.org for more info on tcsh.
-
-
-1.4 The Z shell (zsh)
-
-The Z shell is the most feature-filled (or bloated :-) of our
-shells. It's syntax is mostly similar to the Korn shell, but also
-borrowing elements from the C shell. It strongpoints are as an
-interactive shell, where it incorporates features from all other
-shells, while containing modules with a large variation of
-functionality. As an example, zsh comes with it's built-in ftp-client!
-See http://www.zsh.org for more info.
-
-
-2. INSTALLATION
-
-
-2.1 The Almquist Shell
-
-As mentioned earlier, the most actively maintained ash is the one
-NetBSD are using for their /bin/sh. Most Linux-distros are including
-ash, and they are then typically keeping their sources in sync with
-the NetBSD ones. We will use the Debian sources, since they are a bit
-more Linux-friendly than NetBSD. :-)
-
-It is still a lot of trouble to compile though, because the makefile
-requires pmake, which is a make common on *BSDs. Gnu make won't
-work. The tarballs we'll need, and the places I got them:
-
-ash
-	ftp://ftp.debian.org/debian/dists/potato/main/source/shells/\
-		ash_0.3.5.orig.tar.gz
-ash-diff
-	ftp://ftp.debian.org/debian/dists/potato/main/source/shells/\
-		ash_0.3.5-11.diff.gz
-ash-hetios
-	ftp://ftp.psychosis.com/linux/linux-router-devel/\
-		ash-hetios-0.5.1.diff.gz
-pmake
-	ftp://ftp.debian.org/debian/dists/potato/main/source/devel/ \
-		pmake_1.45-3.2.tar.gz
-
-We might as well use the Debian pmake, found at the same place. Don't
-hesitate to use your local Debian mirror site instead of the main one.
-
-The ash-hetios patch is a patch from the Linux Router Project that
-enables history support and arrow keys. If you plan on using ash as an
-interactive shell, you would want this patch, and if not, just don't
-apply it.
-
-In the section below I will assume that you do not want to keep pmake
-after using it to build ash. If you want to install pmake on your
-system the procedure will actually be somewhat easier.
-
-Unpack the pmake tarball and issue the following command:
-
-	debian/rules
-
-We will need this later:
-
-	export PMAKE=<path-to-pmake>
-	export PATH=$PATH:$PMAKE
-
-If you want to install pmake on your system, instead do the following:
-
-	install -m 755 bmake /usr/bin/pmake
-	install -m 755 mkdep /usr/bin/
-	install -m 644 make.1 /usr/share/man/man1/pmake.1
-	install -m 644 mkdep.1 /usr/share/man/man1/
-	install -d -m 755 /usr/share/mk/
-	for file in mk/*; do install -m 644 $file /usr/share/; done
-
-Now unpack the ash tarball and apply first the debian diff, and then
-the hetios diff. The hetios diff will not apply cleanly beacuse it was
-made against a slightly different source tree. This is nothing to
-worry about.
-
-We still have to make some small modifications:
-
-	mv Makefile Makefile.orig
-	sed 's/\(^CPPFLAGS.*$\)/\1 -DHETIO/' Makefile.orig > Makefile
-	echo -e "#endif\n" >> hetio.c
-	mv arith.y arith.y.orig
-	sed 's/\(yyerrok;\)/\/* \1 *\//' arith.y.orig > arith.y
-	$PMAKE/pmake -m $PMAKE/mk CFLAGS='-O2' CPPFLAGS='-DBSD \
-		-DSMALL	-DSHELL -DHETIO -D__COPYRIGHT\(x\)= \
-		-D__RCSID\(x\)=' HOST_CPPFLAGS='-DBSD -DSMALL \
-		-DSHELL -DHETIO -D__COPYRIGHT\(x\)= \
-		-D__RCSID\(x\)=' YACC='bison -y'
-
-Voilà! We now have a binary called sh and a manpage to go with
-it. Install via the following:
-
-	install -m 755 sh /bin/ash
-	install -m 644 sh.1 /usr/share/man/man1/
-	cd /usr/share/man/man1 && ln sh.1 ash.1
-
-If you would like to use ash as /bin/sh, either symlink it or install
-it as sh directly. The manpage is a very good manpage for sh in either
-case.
-
-
-2.2 The Korn Shell
-
-The Korn SHell used to be a commercial closed-source shell. Because of
-this, a free clone was written, pdksh (Public Domain Korn
-Shell). pdksh supposedly has most of the original ksh's functionality,
-but since early 2000 the source code for the original ksh is
-available, so that is what we are going to install here. Note that ksh
-is still under a license though. The following packages are needed:
-
-http://www.research.att.com/~gsf/download/tgz/INIT.2002-06-28.tgz
-http://www.research.att.com/~gsf/download/tgz/ast-ksh.2002-06-28.tgz
-http://www.research.att.com/~gsf/download/tgz/ast-ksh-locale.2002-06-28.tgz
-
-Note that the exact URL may change as a result of updates to the
-source code packages. If the above links don't work you will have to
-go to http://www.research.att.com/sw/download/ and manually download
-the following packages: INIT, ast-ksh and ast-ksh-locale.
-
-ksh is built using AT&T's particular build system. First you will need
-to designate an empty build directory, eg <...>/src/ksh. The rest of
-the install commands should be executed while standing in this
-directory. Unpack the INIT package from this directory. Execute
-
-	mkdir lib/package/tgz
-
-and move all three packages to this directory. Now issue
-
-	bin/package read
-	bin/package make
-
-To install ksh
-
-	cp arch/linux.i386/bin/ksh /bin
-	cp arch/linux.i386/man/man1/sh.1 /usr/share/man/man1/ksh.1
-
-To install the provided shell functions pushd, popd and dirs, do this
-
-	mkdir -p /usr/share/ksh/functions
-	cp arch/linux.i386/fun/* /usr/share/ksh/functions
-
-you will then have to set the following environment variable to access
-them, this can be done in one of the startup scripts
-
-	export FPATH=/usr/share/ksh/functions
-
-The install management system supposedly will make it easier to
-upgrade ksh to a newer version by the following command
-
-	bin/package update source http://www.research.att.com/sw/download
-
-
-2.3 The T C Shell
-
-tcsh is by comparison easy to install. First we need the sources:
-
-ftp://ftp.funet.fi/pub/unix/shells/tcsh/tcsh-6.11.tar.gz
-
-Build the sources
-
-	./configure --prefix=/usr --bindir=/bin --mandir=/usr/share/man
-	mv config_f.h config_f.h.orig
-	sed '/NLS_CATALOGS/s/undef/define/; /AUTOLOGOUT/s/define/undef/' \
-		config_f.h.orig > config_f.h
-	make
-	make install install.man
-
-That's it! You now have a shiny new tcsh in your /bin directory. If
-you have special considerations you might want to edit the settings in
-config_f.h differently from mine, for instance it is possible to set
-vi editing as default. If you want to play with the programmable tab
-completion feature, have a look at the file complete.tcsh.
-
-
-2.4 The Z Shell
-
-The sources are available for instance here:
-
-ftp://sunsite.dk/pub/unix/shells/zsh/zsh-4.0.4.tar.bz2
-
-Building and installation is straightforward
-
-	./configure --prefix=/usr --bindir=/bin --mandir=/usr/share/man
-	make
-	make install
-
-This will install, in addition to the shell, the shell modules as well
-as a lot of shell functions. To take advantage of the latter, you need
-to set the following environment variable, and also "autoload" the
-functions you would like to use
-
-	fpath=(/usr/share/zsh/4.0.4/functions/)
-	autoload zed	# example
-
-
-3. Startup files
-
-To learn more about the different shells, I recommend the manpages and
-homepages for the shells, as well as the general web resources listed
-in section 5. I will however say something about startup files, which
-is otherwise often a source of confusion.
-
-Beginning with ash and ksh, all shells (interactive, non-interactive
-and login) will read the file specified in $ENV. A login shell will in
-addition to this first read /etc/profile and .profile. It is common to
-set $ENV from one of those two files with a command such as this
-
-	ENV=$HOME/.shrc; export ENV	# or
-	export ENV=$HOME/.kshrc
-
-To restrict parts of the $ENV file to interactive shells (that will
-not be run for eg shell scripts), something like the following can be
-used
-
-	case $- in *i*)
-		# interactive commands
-		# ...
-	esac
-
-A tsch login shell will read the following files
-
-	/etc/csh.cshrc
-	/etc/csh.login
-	~/.tcshrc, or if not found, ~/.chsrc
-	~/.login
-
-a non-login shell will only read /etc/csh.cshrc and ~/.tcshrc (or
-~/.cshrc). On logout, a login shell will read /etc/csh.logout and
-~/.logout.
-
-A zsh login shell reads the following files
-
-	/etc/zshenv
-	~/.zshenv
-	/etc/zprofile
-	~/.zprofile
-	/etc/zshrc
-	~/.zshrc
-	/etc/zlogin
-	~/.zlogin
-
-an interactive (but non-login) shell will read all those but the
-*profile and *login files. A non-interactive shell will not read
-*zshrc. In addition, zsh login shells will also read ~/.zlogout and
-/etc/zlogout on exit.
-
-
-4. Size comparisons
-
-Shell	In-memory size (kB)	Binary size (kB)
--------------------------------------------
-ash	472			97
-bash	1400			533
-ksh	1212			834
-tcsh	1448			292
-zsh	1472			424
-
-All binaries were stripped. The in-memory size is obtained from the
-RSS column from 'top'. Sizes may vary slightly from system to system
-and also depending on exact shell version. I am actually not certain
-how relevant these figures are, but decided to include them for
-comparison. Another thing to keep in mind is that zsh uses a lot of
-modules that also takes up space, so the total disk space needed are
-higher than the above figure. The total zsh installation uses over 3
-MB.
-
-
-5. Shell resources
-
-http://www.shelldorado.com
-http://www.faqs.org/faqs/unix-faq/shell/shell-differences/
-http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/
-http://www.kornshell.com
-http://www.tcsh.org
-http://www.zsh.org




More information about the hints mailing list