Weekly Changes – 29/03/2021
The changes for this week are mostly a selection of minor fixes for Ubuntu. The main thing to note is a tweak to the PAM stack which comes with a minor risk of affecting user access to some services. Here are the details…
Mail size limit
The limit on email size has been increased from the default 10MB to 50MB on Ubuntu DICE machines. The previous lower limit was occasionally affecting legitimate email, for example, our daily server logwatch messages were sometimes blocked. Note that the University mail service appears to have a limit of 25MB.
PAM Stack
The DICE PAM stack on Ubuntu has been tweaked so that most services include the pam_access module by default. That matches more closely the way SL7 is configured and should be more secure. Users should not notice any actual differences in the authentication or authorization processes.
Encrypted USB support
Some extra packages have been added to all Ubuntu desktops so that the Gnome disks application can be used to create encrypted volumes using LUKS on USB sticks. Arguably these packages should already be specified as dependencies for the gnome-disk-utility package, it is a known issue. The process of creating such a volume is described on the Informatics computing.help site.
VirtualBox extension pack
The version of the VirtualBox extension pack on DICE Ubuntu machines has been upgraded to 6.1.16 to match the version of the main VirtualBox package.
Test Kernels
The INF_TEST
kernel on SL7 has been updated to 3.10.0-1160.21.1.el7
. The INF_TEST
kernel on Ubuntu has been updated to 5.4.0-67.75
.
squid caching
A new proxymode
resource has been added so that it is possible to configure squid to operate in the forward proxy mode as well as a reverse proxy. Support was also added for using an aclname
resource for the name of an ACL instead of just the LCFG tag. This makes it possible to have ACL names which are not valid tags, it also allows multiple ACL entries with the same name (which is quite a common requirement). This is supported in version 1.4.3 of the rpmaccel component with the new rpmaccel_3.5.tt
template, that’s the default on Ubuntu but not yet on SL7.
To support configuring squid as a standard web proxy service there are new lcfg/options/squid_proxy.h
and dice/options/squid_proxy.h
headers. This is particularly useful for installing Ubuntu machines which are not on routed VLANs. The current installer technology relies on being able to fetch the base distribution packages from an Ubuntu upstream mirror which isn’t always possible. As well as providing indirect access to a package mirror this also has the potential to make installs faster. Furthermore it could be used for updating firmware using the dsu tool and advertised to users who need to use software tools such as pip to fetch extra modules.
Recent comments