Webmin

Hello:
        I have divided our systems into 9 groups that are reflected in the =
index. When I try to execute a cluster command against each of these =
groups it works for all but one group. The error that is returned is as =
follows:
"Failed to run command : No servers to run on selected"

The servers are listed in the in the index. Please help!

Regards - Mark K.



-----------------------------------------------------------------------
This e-mail is intended for the addressee shown. 
It contains information that is confidential and 
protected from disclosure. Any review, dissemination 
or use of this transmission or its contents by persons 
or unauthorized employees of the intended organizations 
is strictly prohibited. 

The contents of this email do not necessarily represent 
the views or policies of PSCU Financial Services.

On 28/Jun/2007 08:35 Mark Khan wrote ..
> Hello:
>         I have divided our systems into 9 groups that are reflected in
> the index. When I try to execute a cluster command against each of these
> groups it works for all but one group. The error that is returned is as
> follows:
> "Failed to run command : No servers to run on selected"
> 
> The servers are listed in the in the index. Please help!

Is it possible that none of the servers in the selected group have
a login and password set in the Webmin Servers Index module?

 - Jamie

On 28/Jun/2007 07:50 John Hinton wrote ..
> It sure would be nice if under the Sendmail configuration module:
> 
> Local Domains and Relay Domains
> 
> was handled more like Address mapping. So many times seeing these as an
> alphabetical list would make life so much easier. I also like under 
> Address Mappings the link to edit the config file directly. It would be
> nice to keep this as an option in these modules.

I guess that could be done, but since these are just lists of names
I don't think it makes sense to put them in a table like that. When you
edit those lists, you are effectively editing the underlying config file
directly.

 - Jamie

Jamie Cameron wrote:
> On 28/Jun/2007 07:50 John Hinton wrote ..
>   
>> It sure would be nice if under the Sendmail configuration module:
>>
>> Local Domains and Relay Domains
>>
>> was handled more like Address mapping. So many times seeing these as an
>> alphabetical list would make life so much easier. I also like under 
>> Address Mappings the link to edit the config file directly. It would be
>> nice to keep this as an option in these modules.
>>     
>
> I guess that could be done, but since these are just lists of names
> I don't think it makes sense to put them in a table like that. When you
> edit those lists, you are effectively editing the underlying config file
> directly.
>
>  - Jamie
>   
I guess my main gripe is trying to find one domain among 500 in an 
unordered list. As webmin/virtualmin adds the entries in chronological 
order descending, whereas I used to insert domains alphabetically, this 
part has gotten harder. It really does take some time to read through 
that many domains when looking for just one. I however might have an old 
script laying around that would alphabetize this which could be run from 
a cron... except I don't really like too much running something that 
might bomb, ruining a system critical config file.

John Hinton

John Hinton wrote:
> I guess my main gripe is trying to find one domain among 500 in an 
> unordered list.

Ctrl+F?  <g>  (IIRC that *should* be the default "Find in this page" 
keyboard shortcut in most browsers...)

-kgd

For our Webmin installations we have a 30 minute session timeout. That
is, if there is no browser activity for 30 minutes, then the logged in
session will timeout and you will have to log in again.

However, we are seeing circumstances when the session never times out,
no matter how long it is left idle. We suspect that what is happening is
that the system is synchronizing its date/time with a time server,
causing the date/time on the system to be moved backwards (if the system
has been created from a virtual image, then this shift in time can be
quite large). If the date/time is changed to be prior to the timestamp
of the session, then the session will never timeout.

I would have thought the session timestamp would be updated every time
there is activity on the session, thus avoiding this problem, but
looking at the code it appears that this is not the case. The session
timeout appears to update in the following code:

    # Session is OK
    print $outfd "2 $user\n";
    if ($lot &&
        $time_now - $ltime >
        ($lot*60)/2) {
            $sessiondb{$session_id} =3D "$user $time_now";
            }
    }

Which translates to=20

    if (Now - session_timestamp > timeout/2) then
update_session_timestamp();

I have no idea why there is this logic around updating the session
timestamp. If the session timestamp were updated unconditionally, then
this problem would not occur. Do you think it is safe to make this
change?

Thanks

Dave I

Hi Jamie:
    I figured it out (I think). The solution was to re-create the group =
name from PHX-Stand By to PHX-Stand-By. Note that in the first group name =
there was a space, I recreated the group name with a dash instead of the =
space and everything is working fine.

Respectfully;
                  Mark K.

>>> "Jamie Cameron" <jcameron@...> 06/28/2007 1:08 PM >>>
On 28/Jun/2007 08:35 Mark Khan wrote ..
> Hello:
>         I have divided our systems into 9 groups that are reflected in
> the index. When I try to execute a cluster command against each of these
> groups it works for all but one group. The error that is returned is as
> follows:
> "Failed to run command : No servers to run on selected"
>=20
> The servers are listed in the in the index. Please help!

Is it possible that none of the servers in the selected group have
a login and password set in the Webmin Servers Index module?

 - Jamie

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/=20
-
Forwarded by the Webmin mailing list at webadmin-list@...=
=20
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list=20




-----------------------------------------------------------------------
This e-mail is intended for the addressee shown. 
It contains information that is confidential and 
protected from disclosure. Any review, dissemination 
or use of this transmission or its contents by persons 
or unauthorized employees of the intended organizations 
is strictly prohibited. 

The contents of this email do not necessarily represent 
the views or policies of PSCU Financial Services.

Ah, that is actually a Webmin bug - it shouldn't allow spaces in group
names in the first place!

 - Jamie

On 28/Jun/2007 11:39 Mark Khan wrote ..
> Hi Jamie:
>     I figured it out (I think). The solution was to re-create the group
> name from PHX-Stand By to PHX-Stand-By. Note that in the first group name
> there was a space, I recreated the group name with a dash instead of the
> space and everything is working fine.
> 
> Respectfully;
>                   Mark K.
> 
> >>> "Jamie Cameron" <jcameron@...> 06/28/2007 1:08 PM >>>
> On 28/Jun/2007 08:35 Mark Khan wrote ..
> > Hello:
> >         I have divided our systems into 9 groups that are reflected in
> > the index. When I try to execute a cluster command against each of these
> > groups it works for all but one group. The error that is returned is
> as
> > follows:
> > "Failed to run command : No servers to run on selected"
> > 
> > The servers are listed in the in the index. Please help!
> 
> Is it possible that none of the servers in the selected group have
> a login and password set in the Webmin Servers Index module?
> 
>  - Jamie

On 28/Jun/2007 12:43 Dave Isaacs wrote ..
> For our Webmin installations we have a 30 minute session timeout. That
> is, if there is no browser activity for 30 minutes, then the logged in
> session will timeout and you will have to log in again.
> 
> However, we are seeing circumstances when the session never times out,
> no matter how long it is left idle. We suspect that what is happening is
> that the system is synchronizing its date/time with a time server,
> causing the date/time on the system to be moved backwards (if the system
> has been created from a virtual image, then this shift in time can be
> quite large). If the date/time is changed to be prior to the timestamp
> of the session, then the session will never timeout.

That would certainly explain it, but would be tough to detect in miniserv.

> I would have thought the session timestamp would be updated every time
> there is activity on the session, thus avoiding this problem, but
> looking at the code it appears that this is not the case. The session
> timeout appears to update in the following code:
> 
>     # Session is OK
>     print $outfd "2 $user\n";
>     if ($lot &&
>         $time_now - $ltime >
>         ($lot*60)/2) {
>             $sessiondb{$session_id} = "$user $time_now";
>             }
>     }
> 
> Which translates to 
> 
>     if (Now - session_timestamp > timeout/2) then
> update_session_timestamp();
> 
> I have no idea why there is this logic around updating the session
> timestamp. If the session timestamp were updated unconditionally, then
> this problem would not occur. Do you think it is safe to make this
> change?

The reason for that code is that %sessiondb is a hash tied to a DBM, which
is stored on disk. If the timestamp in the session was updated on every
request, it would result in a lot of extra IO as each change to the session
was written to disk. So instead, it only gets updated when the session is
50% of the way to timing out.

That said, you can safely remove this check - let me know if it helps with
the problem of timeouts not happening.

 - Jamie

Hello again:
                Sorry to keep bombarding this group with my problems, but =
I just started this job and have been thrown into Webmin head first. I =
have purchased and read both books and I can't seem to come up with a =
procedure using Webmin to maintain passwords in my environment. Here is =
the scenario I am facing:
Various releases of Webmin were deployed before I was hired. Each system =
had already had it's password files updated manually by the SA's, before I =
was hired. Once Webmin was deployed they did not read the documentation on =
how Webmin updates UID's and GID's. Subsequently, we have many conflicts =
in the systems password files.=20

What I would like to do is create a master password file for each of the =
cluster groupings of systems I have created  on my primary Webmin server. =
Then when I need to add or delete a user to a particular cluster I would =
do it on the primary Webmin server and then cluster copy it to the =
appropriate cluster. So far I have found that I can do a batch load of the =
password file at the system level but not at the cluster level. Is what I =
am asking for possible? has anyone ever encountered this situation before? =
If so could you please pass along how you handled it? Finally, is there a =
third party software module or program that anyone knows about that can =
help me resolve this mess.

Respectfully;
                 Mark K.



-----------------------------------------------------------------------
This e-mail is intended for the addressee shown. 
It contains information that is confidential and 
protected from disclosure. Any review, dissemination 
or use of this transmission or its contents by persons 
or unauthorized employees of the intended organizations 
is strictly prohibited. 

The contents of this email do not necessarily represent 
the views or policies of PSCU Financial Services.

On 29/Jun/2007 06:30 Mark Khan wrote ..
> Hello again:
>                 Sorry to keep bombarding this group with my problems, but
> I just started this job and have been thrown into Webmin head first. I
> have purchased and read both books and I can't seem to come up with a procedure
> using Webmin to maintain passwords in my environment. Here is the scenario
> I am facing:
> Various releases of Webmin were deployed before I was hired. Each system
> had already had it's password files updated manually by the SA's, before
> I was hired. Once Webmin was deployed they did not read the documentation
> on how Webmin updates UID's and GID's. Subsequently, we have many conflicts
> in the systems password files. 
> 
> What I would like to do is create a master password file for each of the
> cluster groupings of systems I have created  on my primary Webmin server.
> Then when I need to add or delete a user to a particular cluster I would
> do it on the primary Webmin server and then cluster copy it to the appropriate
> cluster. So far I have found that I can do a batch load of the password
> file at the system level but not at the cluster level. Is what I am asking
> for possible? has anyone ever encountered this situation before? If so
> could you please pass along how you handled it? Finally, is there a third
> party software module or program that anyone knows about that can help
> me resolve this mess.

Hi Mark,

So are you trying to sync Webmin users between multiple systems? Or it is 
Unix users that you are trying to sync? In the former case, this can be
done by copying across the right files, such as /etc/webmin/webmin.acl and
/etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.

Let us know more details on what you are trying to do though, so I can
provide a more complete answer ..

 - Jamie

Jamie:
        Sorry for the lack of detail. It is only the users accounts that =
are contained in the /etc/passwd files and their associated /etc/shadow =
files that I need to be able to manage on a cluster basis. I have already =
taken care of the Webmin user accounts. I need a method or a set of steps =
for creating a master password file for each cluster group and then =
cluster copy it to the appropriate systems in the cluster. I have 9 groups =
so I am envisioning 9 master password files, one for each group.=20

Also I was alarmed to find that in the /etc/webmin/servers[1-9] directory =
there is a file called config that contains the un-encrypted webmin =
password. Is there a way to encrypt the contents of the auto_pass field?

Respectfully;
                  Mark K.

>>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:09 PM >>>
On 29/Jun/2007 06:30 Mark Khan wrote ..
> Hello again:
>                 Sorry to keep bombarding this group with my problems, =
but
> I just started this job and have been thrown into Webmin head first. I
> have purchased and read both books and I can't seem to come up with a =
procedure
> using Webmin to maintain passwords in my environment. Here is the =
scenario
> I am facing:
> Various releases of Webmin were deployed before I was hired. Each system
> had already had it's password files updated manually by the SA's, before
> I was hired. Once Webmin was deployed they did not read the documentation=

> on how Webmin updates UID's and GID's. Subsequently, we have many =
conflicts
> in the systems password files.=20
>=20
> What I would like to do is create a master password file for each of the
> cluster groupings of systems I have created  on my primary Webmin =
server.
> Then when I need to add or delete a user to a particular cluster I would
> do it on the primary Webmin server and then cluster copy it to the =
appropriate
> cluster. So far I have found that I can do a batch load of the password
> file at the system level but not at the cluster level. Is what I am =
asking
> for possible? has anyone ever encountered this situation before? If so
> could you please pass along how you handled it? Finally, is there a =
third
> party software module or program that anyone knows about that can help
> me resolve this mess.

Hi Mark,

So are you trying to sync Webmin users between multiple systems? Or it =
is=20
Unix users that you are trying to sync? In the former case, this can be
done by copying across the right files, such as /etc/webmin/webmin.acl and
/etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.

Let us know more details on what you are trying to do though, so I can
provide a more complete answer ..

 - Jamie

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/=20
-
Forwarded by the Webmin mailing list at webadmin-list@...=
=20
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list=20




-----------------------------------------------------------------------
This e-mail is intended for the addressee shown. 
It contains information that is confidential and 
protected from disclosure. Any review, dissemination 
or use of this transmission or its contents by persons 
or unauthorized employees of the intended organizations 
is strictly prohibited. 

The contents of this email do not necessarily represent 
the views or policies of PSCU Financial Services.

On 29/Jun/2007 10:48 Mark Khan wrote ..
> Jamie:
>         Sorry for the lack of detail. It is only the users accounts that
> are contained in the /etc/passwd files and their associated /etc/shadow
> files that I need to be able to manage on a cluster basis. I have already
> taken care of the Webmin user accounts. I need a method or a set of steps
> for creating a master password file for each cluster group and then cluster
> copy it to the appropriate systems in the cluster. I have 9 groups so I
> am envisioning 9 master password files, one for each group. 

I see .. perhaps a better solution would be to use a service like NIS or LDAP
to share users and groups between machines? This is generally more reliable and
easier to manage, as there is no danger of systems getting out of sync.

> Also I was alarmed to find that in the /etc/webmin/servers[1-9] directory
> there is a file called config that contains the un-encrypted webmin password.
> Is there a way to encrypt the contents of the auto_pass field?

No - Webmin needs to know that password in order to login to remote systems.

 - Jamie

> Respectfully;
>                   Mark K.
> 
> >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:09 PM >>>
> On 29/Jun/2007 06:30 Mark Khan wrote ..
> > Hello again:
> >                 Sorry to keep bombarding this group with my problems,
> but
> > I just started this job and have been thrown into Webmin head first.
> I
> > have purchased and read both books and I can't seem to come up with a
> procedure
> > using Webmin to maintain passwords in my environment. Here is the scenario
> > I am facing:
> > Various releases of Webmin were deployed before I was hired. Each system
> > had already had it's password files updated manually by the SA's, before
> > I was hired. Once Webmin was deployed they did not read the documentation
> > on how Webmin updates UID's and GID's. Subsequently, we have many conflicts
> > in the systems password files. 
> > 
> > What I would like to do is create a master password file for each of
> the
> > cluster groupings of systems I have created  on my primary Webmin server.
> > Then when I need to add or delete a user to a particular cluster I would
> > do it on the primary Webmin server and then cluster copy it to the appropriate
> > cluster. So far I have found that I can do a batch load of the password
> > file at the system level but not at the cluster level. Is what I am asking
> > for possible? has anyone ever encountered this situation before? If so
> > could you please pass along how you handled it? Finally, is there a third
> > party software module or program that anyone knows about that can help
> > me resolve this mess.
> 
> Hi Mark,
> 
> So are you trying to sync Webmin users between multiple systems? Or it
> is 
> Unix users that you are trying to sync? In the former case, this can be
> done by copying across the right files, such as /etc/webmin/webmin.acl
> and
> /etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.
> 
> Let us know more details on what you are trying to do though, so I can
> provide a more complete answer ..
> 
>  - Jamie
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/ 
> -
> Forwarded by the Webmin mailing list at webadmin-list@...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list 
> 
> 
> 
> 
> -----------------------------------------------------------------------
> This e-mail is intended for the addressee shown. 
> It contains information that is confidential and 
> protected from disclosure. Any review, dissemination 
> or use of this transmission or its contents by persons 
> or unauthorized employees of the intended organizations 
> is strictly prohibited. 
> 
> The contents of this email do not necessarily represent 
> the views or policies of PSCU Financial Services.
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> -
> Forwarded by the Webmin mailing list at webadmin-list@...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Jamie:
          The password being in the clear is a real show stopper. Is there =
anyway that we can hide or mask it's readability?

Respectfully;
                 Mark K.

>>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:59 PM >>>
On 29/Jun/2007 10:48 Mark Khan wrote ..
> Jamie:
>         Sorry for the lack of detail. It is only the users accounts that
> are contained in the /etc/passwd files and their associated /etc/shadow
> files that I need to be able to manage on a cluster basis. I have =
already
> taken care of the Webmin user accounts. I need a method or a set of =
steps
> for creating a master password file for each cluster group and then =
cluster
> copy it to the appropriate systems in the cluster. I have 9 groups so I
> am envisioning 9 master password files, one for each group.=20

I see .. perhaps a better solution would be to use a service like NIS or =
LDAP
to share users and groups between machines? This is generally more =
reliable and
easier to manage, as there is no danger of systems getting out of sync.

> Also I was alarmed to find that in the /etc/webmin/servers[1-9] =
directory
> there is a file called config that contains the un-encrypted webmin =
password.
> Is there a way to encrypt the contents of the auto_pass field?

No - Webmin needs to know that password in order to login to remote =
systems.

 - Jamie

> Respectfully;
>                   Mark K.
>=20
> >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:09 PM >>>
> On 29/Jun/2007 06:30 Mark Khan wrote ..
> > Hello again:
> >                 Sorry to keep bombarding this group with my problems,
> but
> > I just started this job and have been thrown into Webmin head first.
> I
> > have purchased and read both books and I can't seem to come up with a
> procedure
> > using Webmin to maintain passwords in my environment. Here is the =
scenario
> > I am facing:
> > Various releases of Webmin were deployed before I was hired. Each =
system
> > had already had it's password files updated manually by the SA's, =
before
> > I was hired. Once Webmin was deployed they did not read the documentati=
on
> > on how Webmin updates UID's and GID's. Subsequently, we have many =
conflicts
> > in the systems password files.=20
> >=20
> > What I would like to do is create a master password file for each of
> the
> > cluster groupings of systems I have created  on my primary Webmin =
server.
> > Then when I need to add or delete a user to a particular cluster I =
would
> > do it on the primary Webmin server and then cluster copy it to the =
appropriate
> > cluster. So far I have found that I can do a batch load of the =
password
> > file at the system level but not at the cluster level. Is what I am =
asking
> > for possible? has anyone ever encountered this situation before? If so
> > could you please pass along how you handled it? Finally, is there a =
third
> > party software module or program that anyone knows about that can help
> > me resolve this mess.
>=20
> Hi Mark,
>=20
> So are you trying to sync Webmin users between multiple systems? Or it
> is=20
> Unix users that you are trying to sync? In the former case, this can be
> done by copying across the right files, such as /etc/webmin/webmin.acl
> and
> /etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.
>=20
> Let us know more details on what you are trying to do though, so I can
> provide a more complete answer ..
>=20
>  - Jamie
>=20
> -------------------------------------------------------------------------=

> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/=20
> -
> Forwarded by the Webmin mailing list at webadmin-list@...=
et=20
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list=20
>=20
>=20
>=20
>=20
> -----------------------------------------------------------------------
> This e-mail is intended for the addressee shown.=20
> It contains information that is confidential and=20
> protected from disclosure. Any review, dissemination=20
> or use of this transmission or its contents by persons=20
> or unauthorized employees of the intended organizations=20
> is strictly prohibited.=20
>=20
> The contents of this email do not necessarily represent=20
> the views or policies of PSCU Financial Services.
>=20
>=20
>=20
> -------------------------------------------------------------------------=

> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/=20
> -
> Forwarded by the Webmin mailing list at webadmin-list@...=
et=20
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list=20

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/=20
-
Forwarded by the Webmin mailing list at webadmin-list@...=
=20
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list=20



-----------------------------------------------------------------------
This e-mail is intended for the addressee shown. 
It contains information that is confidential and 
protected from disclosure. Any review, dissemination 
or use of this transmission or its contents by persons 
or unauthorized employees of the intended organizations 
is strictly prohibited. 

The contents of this email do not necessarily represent 
the views or policies of PSCU Financial Services.

Hi Mark,

There is no way Webmin can truly encrypt it, as when it logs into a remote
Webmin in order to perform some action (like copying a file or installing
a package), it needs to provide the remote system with a password.

I suppose I could use some symetric key to encrypt the password, but that
would in turn need to be stored on the same system, so it wouldn't really
be secure.

That said, the password file should only be readable by root. Anyone who
gains access to it could do much worse, like change the password for the master
Webmin, login to that and then do things to your remote system. So even if
there was some magical way it could be securely encrypted, it wouldn't 
really help..

 - Jamie

On 29/Jun/2007 11:29 Mark Khan wrote ..
> Jamie:
>           The password being in the clear is a real show stopper. Is there
> anyway that we can hide or mask it's readability?
> 
> Respectfully;
>                  Mark K.
> 
> >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:59 PM >>>
> On 29/Jun/2007 10:48 Mark Khan wrote ..
> > Jamie:
> >         Sorry for the lack of detail. It is only the users accounts that
> > are contained in the /etc/passwd files and their associated /etc/shadow
> > files that I need to be able to manage on a cluster basis. I have already
> > taken care of the Webmin user accounts. I need a method or a set of steps
> > for creating a master password file for each cluster group and then cluster
> > copy it to the appropriate systems in the cluster. I have 9 groups so
> I
> > am envisioning 9 master password files, one for each group. 
> 
> I see .. perhaps a better solution would be to use a service like NIS or
> LDAP
> to share users and groups between machines? This is generally more reliable
> and
> easier to manage, as there is no danger of systems getting out of sync.
> 
> > Also I was alarmed to find that in the /etc/webmin/servers[1-9] directory
> > there is a file called config that contains the un-encrypted webmin password.
> > Is there a way to encrypt the contents of the auto_pass field?
> 
> No - Webmin needs to know that password in order to login to remote systems.
> 
>  - Jamie
> 
> > Respectfully;
> >                   Mark K.
> > 
> > >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:09 PM >>>
> > On 29/Jun/2007 06:30 Mark Khan wrote ..
> > > Hello again:
> > >                 Sorry to keep bombarding this group with my problems,
> > but
> > > I just started this job and have been thrown into Webmin head first.
> > I
> > > have purchased and read both books and I can't seem to come up with
> a
> > procedure
> > > using Webmin to maintain passwords in my environment. Here is the scenario
> > > I am facing:
> > > Various releases of Webmin were deployed before I was hired. Each system
> > > had already had it's password files updated manually by the SA's, before
> > > I was hired. Once Webmin was deployed they did not read the documentation
> > > on how Webmin updates UID's and GID's. Subsequently, we have many conflicts
> > > in the systems password files. 
> > > 
> > > What I would like to do is create a master password file for each of
> > the
> > > cluster groupings of systems I have created  on my primary Webmin server.
> > > Then when I need to add or delete a user to a particular cluster I
> would
> > > do it on the primary Webmin server and then cluster copy it to the
> appropriate
> > > cluster. So far I have found that I can do a batch load of the password
> > > file at the system level but not at the cluster level. Is what I am
> asking
> > > for possible? has anyone ever encountered this situation before? If
> so
> > > could you please pass along how you handled it? Finally, is there a
> third
> > > party software module or program that anyone knows about that can help
> > > me resolve this mess.
> > 
> > Hi Mark,
> > 
> > So are you trying to sync Webmin users between multiple systems? Or it
> > is 
> > Unix users that you are trying to sync? In the former case, this can
> be
> > done by copying across the right files, such as /etc/webmin/webmin.acl
> > and
> > /etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.
> > 
> > Let us know more details on what you are trying to do though, so I can
> > provide a more complete answer ..
> > 
> >  - Jamie

Hi Jamie:
            I am concerned that the password being in the clear is more =
dangerous and harmful than an encrypted  password stored in a dbm or dat =
file. The whole purpose of my current employer deploying Webmin was to be =
able to manage systems remotely without having the tedious task of =
repetitive key strokes. In my testing Webmin cannot distribute s/w or =
execute remote cluster copies unless the password is provided. Is that =
correct? Is there any way to add an encrypted password that is not stored =
in the clear?

Regards - Mark

>>> "Jamie Cameron" <jcameron@...> 06/29/2007 5:34 PM >>>
Hi Mark,

There is no way Webmin can truly encrypt it, as when it logs into a remote
Webmin in order to perform some action (like copying a file or installing
a package), it needs to provide the remote system with a password.

I suppose I could use some symetric key to encrypt the password, but that
would in turn need to be stored on the same system, so it wouldn't really
be secure.

That said, the password file should only be readable by root. Anyone who
gains access to it could do much worse, like change the password for the =
master
Webmin, login to that and then do things to your remote system. So even if
there was some magical way it could be securely encrypted, it wouldn't=20
really help..

 - Jamie

On 29/Jun/2007 11:29 Mark Khan wrote ..
> Jamie:
>           The password being in the clear is a real show stopper. Is =
there
> anyway that we can hide or mask it's readability?
>=20
> Respectfully;
>                  Mark K.
>=20
> >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:59 PM >>>
> On 29/Jun/2007 10:48 Mark Khan wrote ..
> > Jamie:
> >         Sorry for the lack of detail. It is only the users accounts =
that
> > are contained in the /etc/passwd files and their associated /etc/shadow=

> > files that I need to be able to manage on a cluster basis. I have =
already
> > taken care of the Webmin user accounts. I need a method or a set of =
steps
> > for creating a master password file for each cluster group and then =
cluster
> > copy it to the appropriate systems in the cluster. I have 9 groups so
> I
> > am envisioning 9 master password files, one for each group.=20
>=20
> I see .. perhaps a better solution would be to use a service like NIS or
> LDAP
> to share users and groups between machines? This is generally more =
reliable
> and
> easier to manage, as there is no danger of systems getting out of sync.
>=20
> > Also I was alarmed to find that in the /etc/webmin/servers[1-9] =
directory
> > there is a file called config that contains the un-encrypted webmin =
password.
> > Is there a way to encrypt the contents of the auto_pass field?
>=20
> No - Webmin needs to know that password in order to login to remote =
systems.
>=20
>  - Jamie
>=20
> > Respectfully;
> >                   Mark K.
> >=20
> > >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:09 PM >>>
> > On 29/Jun/2007 06:30 Mark Khan wrote ..
> > > Hello again:
> > >                 Sorry to keep bombarding this group with my =
problems,
> > but
> > > I just started this job and have been thrown into Webmin head first.
> > I
> > > have purchased and read both books and I can't seem to come up with
> a
> > procedure
> > > using Webmin to maintain passwords in my environment. Here is the =
scenario
> > > I am facing:
> > > Various releases of Webmin were deployed before I was hired. Each =
system
> > > had already had it's password files updated manually by the SA's, =
before
> > > I was hired. Once Webmin was deployed they did not read the =
documentation
> > > on how Webmin updates UID's and GID's. Subsequently, we have many =
conflicts
> > > in the systems password files.=20
> > >=20
> > > What I would like to do is create a master password file for each of
> > the
> > > cluster groupings of systems I have created  on my primary Webmin =
server.
> > > Then when I need to add or delete a user to a particular cluster I
> would
> > > do it on the primary Webmin server and then cluster copy it to the
> appropriate
> > > cluster. So far I have found that I can do a batch load of the =
password
> > > file at the system level but not at the cluster level. Is what I am
> asking
> > > for possible? has anyone ever encountered this situation before? If
> so
> > > could you please pass along how you handled it? Finally, is there a
> third
> > > party software module or program that anyone knows about that can =
help
> > > me resolve this mess.
> >=20
> > Hi Mark,
> >=20
> > So are you trying to sync Webmin users between multiple systems? Or it
> > is=20
> > Unix users that you are trying to sync? In the former case, this can
> be
> > done by copying across the right files, such as /etc/webmin/webmin.acl
> > and
> > /etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.
> >=20
> > Let us know more details on what you are trying to do though, so I can
> > provide a more complete answer ..
> >=20
> >  - Jamie

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/=20
-
Forwarded by the Webmin mailing list at webadmin-list@...=
=20
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list=20



-----------------------------------------------------------------------
This e-mail is intended for the addressee shown. 
It contains information that is confidential and 
protected from disclosure. Any review, dissemination 
or use of this transmission or its contents by persons 
or unauthorized employees of the intended organizations 
is strictly prohibited. 

The contents of this email do not necessarily represent 
the views or policies of PSCU Financial Services.

Kris Deugau wrote:
> John Hinton wrote:
>   
>> I guess my main gripe is trying to find one domain among 500 in an 
>> unordered list.
>>     
>
> Ctrl+F?  <g>  (IIRC that *should* be the default "Find in this page" 
> keyboard shortcut in most browsers...)
>
> -kgd
>
>   
Thanks for that! I had never tried to use that inside a text box or any 
form entry for that matter. Didn't know it actually worked there even 
though the text might not be in view, but sure enough it does.

Jamie... never mind!

John Hinton