Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

  1. LCFG Project
  2. Uncategorised
  3. Weekly Changes – 29/03/2021

Weekly Changes – 29/03/2021

The changes for this week are mostly a selection of minor fixes for Ubuntu. The main thing to note is a tweak to the PAM stack which comes with a minor risk of affecting user access to some services. Here are the details…

Mail size limit

The limit on email size has been increased from the default 10MB to 50MB on Ubuntu DICE machines. The previous lower limit was occasionally affecting legitimate email, for example, our daily server logwatch messages were sometimes blocked. Note that the University mail service appears to have a limit of 25MB.

PAM Stack

The DICE PAM stack on Ubuntu has been tweaked so that most services include the pam_access module by default. That matches more closely the way SL7 is configured and should be more secure. Users should not notice any actual differences in the authentication or authorization processes.

Encrypted USB support

Some extra packages have been added to all Ubuntu desktops so that the Gnome disks application can be used to create encrypted volumes using LUKS on USB sticks. Arguably these packages should already be specified as dependencies for the gnome-disk-utility package, it is a known issue. The process of creating such a volume is described on the Informatics computing.help site.

VirtualBox extension pack

The version of the VirtualBox extension pack on DICE Ubuntu machines has been upgraded to 6.1.16 to match the version of the main VirtualBox package.

Test Kernels

The INF_TEST kernel on SL7 has been updated to 3.10.0-1160.21.1.el7. The INF_TEST kernel on Ubuntu has been updated to 5.4.0-67.75.

squid caching

A new proxymode resource has been added so that it is possible to configure squid to operate in the forward proxy mode as well as a reverse proxy. Support was also added for using an aclname resource for the name of an ACL instead of just the LCFG tag. This makes it possible to have ACL names which are not valid tags, it also allows multiple ACL entries with the same name (which is quite a common requirement). This is supported in version 1.4.3 of the rpmaccel component with the new rpmaccel_3.5.tt template, that’s the default on Ubuntu but not yet on SL7.

To support configuring squid as a standard web proxy service there are new lcfg/options/squid_proxy.h and dice/options/squid_proxy.h headers. This is particularly useful for installing Ubuntu machines which are not on routed VLANs. The current installer technology relies on being able to fetch the base distribution packages from an Ubuntu upstream mirror which isn’t always possible. As well as providing indirect access to a package mirror this also has the potential to make installs faster. Furthermore it could be used for updating firmware using the dsu tool and advertised to users who need to use software tools such as pip to fetch extra modules.

Weekly Changes – 29/03/2021 / LCFG Project by blogadmin is licensed under a Creative Commons Attribution CC BY 3.0

Posted by

Categories

Uncategorised

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel