2002 03 21

                    LINUX NEWS
        Resources & Links From CramSession.com
             Thursday, March 21, 2002


1) Sean’s Notes

2) Linux News

Lindows is OK
Linux Will Prevail
Bynari Exchange Compatibility
Mandrake Announces New Release

3) Linux Resources

Hardening Sendmail
What's My Name?
Skirting Some Common Samba Problems
Business Card Rescue CD
How's Your Heartbeat?

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Try Our IT Certification Courses FREE! SmartCertify Direct gives you classroom-quality IT training at a fraction of the cost of traditional courses. You’ll get 24-hour online mentoring from certified advisors, hands-on interactive exercises, the popular Test Prep exams and more! Choose from MCSE, Cisco, A+, CIW, Linux, and many other courses. Click below to try them all FREE and register to WIN a state of the art Dell PC!


For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit

1) Sean's Notes

Last week, I went over the basics of the GNU Privacy Guard
and public key cryptography.  We generated a key pair, and
learned a couple of commands to manage keyrings.  The article
is here, for those who are just tuning in, or want to review.


One of the problems with this system of email encryption is
that you need to have someone's public key before you can
encrypt email to them.  Public sites, called keyservers, have
sprung up to solve this problem.  GPG has the capability to
import and export over the Internet directly to the keyservers
(they all replicate, so you only need pick one).

If you browse to http://www.keyserver.net, you can search for
an email address to find people's keys.  Go ahead, look me
up.  My email address is "swalberg@cramsession.com".  When
it returns, you'll see my name and key id, "FE257047".  You
can either click on the keyid, do a cut and paste, and a
gpg --import like we did last week, or take the easy way out:

$ gpg --keyserver wwwkeys.pgp.net --recv-keys FE257047

If you really want to save some time, you can add

keyserver wwwkeys.pgp.net

into your ~/.gnupg/options file, and it will be your default

Again, a "gpg --list-keys" should show my key in your ring.

While we're at it, you can upload your key to the key server.

$ gpg --send-keys FE257047

(Though you'll want to replace FE257407 with your keyid;
it's shown in the list-keys output)

Now you can get someone's key from the server, and get your
own key there for others to download.  You're ready to
encrypt a message!

For this, I'm going to assume you've got a message in a file
called message.txt.  You want to encrypt it, and send it to

$ gpg -sea -r RECIPIENT message.txt

You need a passphrase to unlock the secret key for user:
"Sean Walberg (Linux News) <swalberg@cramsession.com>"
1024-bit DSA key, ID FE257047, created 2001-10-26

Here, I type in my secret password, the message is encrypted
and signed, and I'm done.  A quick explanation of the command
line options is in order, though:

-s means that the message is to be signed.  Signing a message
   requires your secret key, so that's why you were prompted
   to unlock it.

-e means to encrypt the message.  You need the other guy's
   public key for this, but you've got that on your ring, right?

-a means that the message is to be ASCII armored.  Take a look
   at the output, message.txt.asc.  It's all text (gibberish,
   but text nonetheless).  Try it again, without -a, it'll be
   all binary.

-r specifies the recipients.  Here, we can give a keyid, an
   email address, or anything else that uniquely identifies it
   on our keyring.

Finally, "message.txt" says what file we want to operate on.
The output will be message.txt.asc.  Toss that in an email,
send it off, and you're done.

Decrypting the output is a lot easier.

$ gpg message.txt.asc

You need a passphrase to unlock the secret key for user:
"Sean Walberg (Linux News) <swalberg@cramsession.com>"
1024-bit ELG-E key, ID 07DA80CE, created 2001-10-26 (main
key ID FE257047)

gpg: encrypted with 1024-bit ELG-E key, ID 07DA80CE, created
2001-10-26 "Sean Walberg (Linux News) <swalberg@cramsession.com>"
gpg: Signature made Wed 20 Mar 2002 08:10:29 PM CST using DSA
key ID FE257047
gpg: Good signature from "Sean Walberg (Linux News)

Here, I ran GPG on the file.  It asks me for my passphrase,
unlocks my secret key, and uses it to decrypt the message that
was encrypted with my public key.  The output is now in
message.txt.  The final few lines let me know that the message
was signed, and that it was able to verify the signature.

That's GPG in a nutshell.  Mail clients make it a lot easier
to use. For example, if you give Evolution your KeyID, it will
handle it all automatically.  Just click "Security->PGP Encrypt".
PINE users can download PinePGP (it might be on your system).
Redhat users can type "pinegpg-install", and your configuration
will be updated to handle this all.

GPG doesn't have to be used only for encryption.  If you're
making a public posting, you can sign it (no encryption) so
that people can verify that the message hasn't been altered,
and that you in fact wrote it.

So generate that keypair.  Upload it to the servers.  Encrypt
your mail when possible.  Feel free to send one this way, and
let me know how your GPG experiences are going.

Long live the Penguin,


2) Linux News

Lindows is OK
A while back, Microsoft decided that "Lindows" was too close
to "Windows", and chose to sue for copyright infringement.
Not only did they lose, but the judge wrote in his ruling
that Microsoft's "Windows" name might be too generic to
qualify for trademark protection. Somehow, I can't see
Microsoft pushing the issue any further.


Linux Will Prevail
Cramsession user Breakology posted a link to an article seen
here before, and it's generated some interesting conversation
on the Linux-General board. Give us your best "Linux is like
a car" analogy, or your opinion on anything in general!


Bynari Exchange Compatibility
In Exchange, everything is a message. A calendar item? Email?
All the same, it's just the way they're interpreted. Bynari
took this, and wrote a product that makes any IMAP4 mail
server able to do calendar requests through a plug-in for the
Outlook client. Result? You can have Exchange functionality
without needing the Exchange server!


Mandrake Announces New Release
Mandrake is a popular distribution with lots of packages.
Version 8.2 was just released. Some features that look
interesting are encrypted file system support, software to
remotely control X sessions, and the latest applications.


3) Linux Resources

Hardening Sendmail
Sendmail gets a bad rap for being insecure, due to incidents
in the past. I'm a huge sendmail fan, which is why this
article appeals to me. It dispels some of the myths
associated with this MTA, and goes on to show how to use it
in production, along with all its security features.


What's My Name?
No matter which operating system you run, if you're running
several servers, you're going to run into the old "what do I
call it?" problem. SUN has put together some great ideas on
ways to keep your data center straight, even getting down
into how to name your disks!


Skirting Some Common Samba Problems
"Samba is the most common open source file and print server,
but its administration is not without potential quirks. With
Richard Sharpe's guidance, password incompatibilities and
configuration differences will be a thing of the past."


Business Card Rescue CD
There are a few rescue CDs small enough to fit on a mini CD,
but I haven't seen any as powerful as this. ext3, ssh, and
lots of other tools are in one handy spot if you ever get
into a pinch.


How's Your Heartbeat?
Most articles to do with Linux clustering look at the Beowulf
cluster, where a process is run in parallel across many nodes.
Another method of clustering lets you run two machines as if
they were one, if one fails, the other takes over. This is
sometimes known as High Availability (HA). The heartbeat
package is one way of implementing HA, and this article has
a good description of how to set it up.


4) App o' the week
Internet access blocked by a proxy, only letting HTTP and
SSL through? This application can be used to build an SSL
tunnel through your proxy server, and supports a wide
variety of features.


(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.


         This message is from CramSession.com.

You are currently subscribed to the
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail:
   send a blank email message to:


To Subscribe to this newsletter by e-mail:
   send a blank email message to: