Cover V03, I06
Article
Figure 1
Listing 1

nov94.tar


Questions and Answers

Bjorn Satdeva

The LISA VIII System Administration Conference took place in San Diego, CA, September 19 to 24th. The size of this year's conference was about the same as last year's, roughly 1200 people, which is a lot of system administrators in one small place! The technical content of the conference this year was a bit disappointing to me, because several of the papers addressed topics that had been covered at earlier LISA conferences and some of the talks were essentially rehashes of material the speakers had presented before.

Some of the papers I found most useful and interesting were: "Kernel Mucking in Top," by William LeFebvre, from Argonne National Laboratory, a much overdue paper describing some of the issues in the very popular top program, a ps substitute; and "Managing the Ever-Growing To Do List," by Emy Edward, Northwestern University, a paper describing a request-like program, to manage the admin's job queue.

However, the main reason for going was, as always, to touch base with many other system administrators, and simply to compare notes on a person-to-person basis. So even if the speculations voiced by some people -- that LISA may be at a place where it is growing ever larger but its technical content is starting to slip -- turns out to be correct, LISA will still be one of the major conference on my agenda for years to come.

The Interop tradeshow has also taken place, this year in Atlanta, GA. This trade show is also growing bigger each time, and it is in fact getting harder to get good technical information there. For many of the vendors, marketing is increasingly taking precedence at the cost of technical information. The show can be a good opportunity to learn specifics from vendors chosen in advance, but, as always, the most fun places to go were the small startup companies, with new products.

Of products in the latter category, I liked the "Top of Mind" help disk software from the Molley Group, Inc. The product is intended to allow the user to interact directly with a Windows-based program which will ask questions and guide the user to a solution. The product currently runs only under Windows, but UNIX versions are in the works. The software demonstration was very impressive, but I of course do not know how well this product will stand up in a real environment. The Molley Group can be contacted at (201) 884-2040.

I also took the opportunity to stop at the Novell booth, to ask about their vision of what is to come for UNIX. So far, Novell has totally failed to establish any direction for the future of UNIX, which is in many ways unfortunate. However, I was assured by the people at the booth that Novell is about to change this picture, and that we should see evidence of this over the next few months. It is now a question whether this is at all possible, since Sun has purchased a license-free copy of the System V Release 4 sources for future development of their version of UNIX, and BSDI has another version, based on BSD Net2 and 4.4, which is free of any license requirement from Novell and USL.

Next, a number of upcoming events. While LISA is over for this year, the other main conference for system administrators is ramping up on the East Coast. The Fourth Conference on System Administration, Security, and Networking (SANS IV) will take place April 24-29, 1995, in Washington, DC. However, if you want to present a paper at that conference, you need to get your proposal in right away, as the deadline for this is November 1. Please contact sans@fedunix.org for further information on this conference.

Another upcoming conference is ETHICOMP95, the International Conference on the Ethical Issues of Using Information Technology. It is organized by De Montfort University, in the United Kindom, and Southern Connecticut State University, in the United States. The conference is scheduled to take place at De Montfort University, Leicester, March 28 to 30, 1995. From the Call for Papers (the deadline for which precedes the publication of this issue of Sys Admin), it appears that ETHICOMP95 will provide an excellent forum for stimulating debate on fundamental issues relating to the development and use of Information Technology and Information Systems. There will be an opportunity to consider approaches based on the different cultures/countries of both conference presenters and conference delegates. The three-day conference consists of three parallel themes. Each theme will comprise a series of papers and workshops. For more information, contact Simon Rogerson, Co-Director, ETHICOMP95, Department of Information Systems, De Montfort University; voice: +44 533 577475; fax: +44 533 541891; or email: srog@dmu.ac.uk.

Yet another conference of interest for UNIX administrators is the "UNIX & The Law" Symposium, sponsored by the Sun User Group, in Austin, TX, to take place November 14-17, 1994. This conference is meant to create a forum where the members of the once distinct areas of technology, legislation, and law enforcement can meet to share experiences and ideas. The conference consists of a day of tutorials, two days of talks, and yet another day of tutorials. For further conference information, contact the Sun User Group, voice: (617) 232-0514; fax: (617) 232-1347; email: conference@sug.org

And now to the real question and answers.

 Q At my site, if a user sends any internal mail from some machines (say group A), the mail header consists of <username>@machine_name; from other machines (say group B), if the same user sends internal mail, the header is <username> only. We have tried copying /etc/sendmail.cf from group B to group A machines and have tried sending mail after killing and reinvoking /usr/lib/sendmail, but the result is same.

 A It sounds like entires in your /etc/hosts file are incorrect for some of your hosts. The sequence in that file is more important than many man-pages and UNIX admin books may lead you to believe. The first entry is of course the IP address for the machine, and the second is the "real" name of the machine, which must be fully qualified. Following the real name can be as many aliases as you need. Second, you must ensure that when you set the machine name (typically in /etc/rc on BSD systems, and something like /etc/rc1.d/tcp on System V), you use the fully qualified domain name. If you don't follow these rules stringently, you will get the kind of unpredictability you described above. Figure 1 shows some sample /etc/hosts entries.

 Q Do you happen to know of any products that do password encryption across the network so that the password could not be read by an analyzer/sniffer? I cannot find one anyplace, and it seems I've asked everyone who knows how to spell UNIX if they've heard of such a thing.

 A I believe that there is no direct solution to this problem. I have, however, two possible solutions for you, although they do not address your question directly. One solution is to implement Kerberos everywhere, in which case the need for sending the password over the wire is eliminated. Another possibility is to implement a challenge/response system, such as the S/Key free-ware or the Secure ID from Security Dynamics. However, if your users do a lot of remote logins, it will be a pain in the neck to use the challenge response system.

 Q In the old days, the UNIX man pages came with a permutated index, which was helpful if you were looking for a specific kind of operation or command, but did not know which man page covered it. The UNIX system at my site does not have this, and to make the situation worse, we have only the preformatted man-pages, so the old macros do not allow us to build an index ourselves. Is there any way we can get a permutated index for our version of UNIX?

 A It is very unfortunate, but it seems that permutated indexes are a thing of the past. For people who are unfamiliar with the permutated index, this was an index created by a program, which extracted the the one-line description from the top of the man page, and then did a sorted permutation, somewhat like this short example, using the man-page for man:

display the on-line manual pages    man(1)
display the     on-line manual pages  ............  man(1)
display the on-line     manual pages  ....................  man(1)
display the on-line manual     pages  ...........................  man(1)

Such a permutated index is, as stated in the question above, very useful when you are looking for information and do not know exactly which man page has it. We use BSDI on all our machines, and the number of new programs that were picked up from the Internet and are now included on their distribution cd-rom is astonishingly large. A permutated index would have been very useful, but BSDI did not provide one. I therefore wrote the perl program in Listing 1. The program traverses the man-page directory trees, and makes a best attempt at building a permutated index. As it uses the preformatted man pages, it makes some mistakes here and there, but still the output is good enough to be very useful.

About the Author

Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area user's group for system administrators of large sites. Bjorn can be contacted at /sys/admin, inc., 2787 Moorpark Ave., San Jose, CA 95128; electronically at bjorn@sysadmin.com; or by phone at (408) 241-3111.