Jump to content
Read the Funtoo Newsletter: Summer 2023 ×

Oleg Vinichenko

Members
 View Profile  See their activity

  • Posts

    619

  • Joined

  • Last visited

  • Days Won

    53

 Content Type 

Posts posted by Oleg Vinichenko

  3. PAM: faillock integration

    in News and Announcements

    Posted

    pam-1.3.0-r3 ebuild introducing the faillock capability from Red Hat. This will allow locking of user account after a consequent login failure attempts. After a number of attempts (can be configured) the account will be locked for a certain time (can be configured). 

    Testing can be performed by following. Set the keywords for sys-libs/pam ebuild and install new version. 

    echo "=sys-libs/pam-1.3.0-r3 **" >> /etc/portage/package.accept_keywords
emerge -1u pam

    After installation, edit /etc/pam.d/system-auth with editor and put the lines pointed

    auth            required        pam_env.so
    auth            required        pam_faillock.so preauth audit deny=3 unlock_time=60
    auth            required        pam_unix.so try_first_pass likeauth nullok
    auth            required       pam_faillock.so authfail audit deny=3 fail_interval=60 unlock_time=60
    auth            optional       pam_permit.so
    account     required       pam_faillock.so
    account         required    pam_unix.so
    account         optional    pam_permit.so
    password        required   pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3  
    password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow  
    password        optional        pam_permit.so
    session         required        pam_limits.so
    session         required        pam_env.so
    session         required        pam_unix.so
    session         optional        pam_permit.so
     

    Notice the lines in bold red. This is very important that first line in auth part is before pam_unix module. The second line must be after pam_unix module. In account part, pam_faillock module needed before pam_unix module. In example, 3 attempts are set for the locking. After that, account will be locked and in console you will see a message that account is locked for 60 seconds, in example. After that period of time, the account will be released. To review the state , you can use faillock utility installed by pam. For more advanced options, follow faillock and pam_faillock manual pages. If some mistakes possibly made with configuration, please, have a live cd to boot from to alter the changes in /etc/pam.d/system-auth. It is wise decision to have a copy of it somewhere before the tests.

  4. NGINX ebuilds available to test

    in News and Announcements

    Posted

    Following version of nginx available to test:

    =www-servers/nginx-1.14.0 the stable release

    =www-server/nginx-1.15.2 the mainline release

    To test either one or both, add following to /etc/portage/package.accept_keywords, example with 1.14.0 is shown below

    =www-servers/nginx-1.14.0 **

    Testing feedback is very much appreciated.

     

  5. Outdated Desktop Environments

    in General Discussion

    Posted

    Main reason is to have users who are experienced KDE users and understand about possible quirks during updates. This does no necessarily means that  its needed to be good at writing ebuilds, but it' s of course much better if you can. 

    The way it can be tested is using the generation of a tree that will contain the updated stack of what is forming the KDE. How to  perform this is described in: https://www.funtoo.org/Local_Development_Setup

    Assuming that you have KDE of older kit branch installed, then, you can generate a new tree that track gentoo master ebuilds for KDE. Or LXQT. Then, you can try updating and hunting for update troubles that can be faced during this step. There  could be quite a list of inter-connected issues, considering that KDE and QT are big projects. Eliminating and fixing such pitfalls and also documenting about upgrade steps are the basics. When it's known to be reliable, then, the kit can be locked down and released. Next releases can be then considered to work on. It very much looking as semi-rolling. It can be helped and supported by us with technical difficulties and questions.

  13. nvidia-drivers and debian-sources updates.

    in News and Announcements

    Posted

    Hi!

    Following ebuilds now added to testing

    nvidia-drivers-390.77-r1 and nvidia-drivers-396.45-r1

    Both including patch to resolve a blank screen issue, when kernel-4.16 or newer used.. This patch will not be applied, if older kernel version installed or/and set as default kernel. To test, assuming kernel-4.16 or newer used and video card is supported by LTS release of nvidia-drivers, proceed with following steps 

    echo "=x11-drivers/nvidia-drivers-390.77-r1 **" >> /etc/portage/package.keywords

emerge nvidia-drivers

    debian-sources-4.17.8 added, also with no keywords, for testing, use:  

    echo "=sys-kernel/debian-sources-4.17.8 **" >> /etc/portage/package.keywords

emerge debian-sources

boot-update

    Testing is very much appreciated. As usual, bugs.funtoo.org is your friend for any problems encountered.

    Regards, Oleg.

     

×
×
  • Create New...