I have just fixed an issue bothering me for some time.
Symptoms:
When connected to vpn (using vpnc or openvpn) Fedora 19 was not able to resolve any internal name to ip address. All external addresses worked fine (and quickly resolved).
Something like this:
host server1.internal.address.com resolved the address, but ping server1.internal.address.com said it cannot resolve the address.
dig and nslookup worked fine as well.
After some investigation I found that resolver is not even trying to communicate with DNS server. Then my eyes caught process called nscd (A Name Service Caching Daemon).
My system end up with two packages installed with problem that former (nscd-2.17-13.fc19.x86_64) was not removed due to post install script failure.
Resolution:
So, I removed it using rpm -e --noscripts nscd-2.17-13.fc19.x86_64 and ... problem solved.
I hope this helps somebody with similar problem.
Monday, September 2, 2013
Monday, June 4, 2012
How to create x509 certificate in Java
Here is method which creates x509 self signed certificate. Only problem is that it is using sun.security.* packages which are considered internal and Sun/Oracle Java only.
/**
* X509 certificate creation based on JCE and sun.security packages. Works
* for Oracle JDK and OpenJDK.
* @param dn
* @param pair
* @param days
* @param algorithm
* @return
* @throws GeneralSecurityException
* @throws IOException
*/
static X509Certificate generateCertificate(String dn, KeyPair pair,
int days, String algorithm) throws GeneralSecurityException,
IOException {
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn);
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(
CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
// Update the algorithm, and resign.
algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
info.set(CertificateAlgorithmId.NAME + "."
+ CertificateAlgorithmId.ALGORITHM, algo);
cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
return cert;
}
Thursday, May 31, 2012
JBoss AS7 on Rasperry Pi
Just quickly that it is possible:
[pskopek@raspi jboss-as-7.2.0.Alpha1-SNAPSHOT]$ /opt/sun/jre1.6.0_32/bin/java -version
java version "1.6.0_32"
Java(TM) 2 Runtime Environment, Standard Edition for Embedded (build 1.6.0_32-b05, headless)
Java HotSpot(TM) Embedded Client VM (build 20.7-b02, mixed mode)
[pskopek@raspi jboss-as-7.2.0.Alpha1-SNAPSHOT]$ ./bin/standalone.sh -b raspi
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /home/pskopek/dev/as7/jboss-as-7.2.0.Alpha1-SNAPSHOT
JAVA: /opt/sun/jre1.6.0_32/bin/java
JAVA_OPTS: -server -Xms64m -Xmx128m -XX:MaxPermSize=64m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Djboss.server.default.config=standalone.xml
=========================================================================
15:28:08,575 INFO [org.jboss.modules] JBoss Modules version 1.1.2.GA
15:28:13,425 INFO [org.jboss.msc] JBoss MSC version 1.0.2.GA
15:28:14,895 INFO [org.jboss.as] JBAS015899: JBoss AS 7.2.0.Alpha1-SNAPSHOT "Steropes" starting
15:28:50,566 INFO [org.xnio] XNIO Version 3.0.4.GA
15:28:50,696 INFO [org.jboss.as.server] JBAS015888: Creating http management service using socket-binding (management-http)
15:28:51,026 INFO [org.xnio.nio] XNIO NIO Implementation Version 3.0.4.GA
15:28:51,426 INFO [org.jboss.remoting] JBoss Remoting version 3.2.8.GA
15:28:52,706 INFO [org.jboss.as.logging] JBAS011502: Removing bootstrap log handlers
15:28:53,396 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) JBAS010280: Activating Infinispan subsystem.
15:28:53,596 INFO [org.jboss.as.configadmin] (ServerService Thread Pool -- 62) JBAS016200: Activating ConfigAdmin Subsystem
15:28:53,606 INFO [org.jboss.as.security] (ServerService Thread Pool -- 80) JBAS013101: Activating Security Subsystem
15:28:53,776 INFO [org.jboss.as.osgi] (ServerService Thread Pool -- 75) JBAS011906: Activating OSGi Subsystem
15:28:54,186 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 74) JBAS011800: Activating Naming Subsystem
15:28:54,716 INFO [org.jboss.as.webservices] (ServerService Thread Pool -- 84) JBAS015537: Activating WebServices Extension
15:28:57,466 INFO [org.jboss.as.security] (MSC service thread 1-2) JBAS013100: Current PicketBox version=4.0.9.Final
15:29:01,026 INFO [org.jboss.as.connector.logging] (MSC service thread 1-1) JBAS010408: Starting JCA Subsystem (JBoss IronJacamar 1.0.11.Final)
15:29:04,606 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 63) JBAS010403: Deploying JDBC-compliant driver class org.h2.Driver (version 1.3)
15:29:05,416 INFO [org.jboss.as.naming] (MSC service thread 1-2) JBAS011802: Starting Naming Service
15:29:07,416 INFO [org.jboss.as.mail.extension] (MSC service thread 1-2) JBAS015400: Bound mail session [java:jboss/mail/Default]
15:29:09,886 INFO [org.jboss.ws.common.management.AbstractServerConfig] (MSC service thread 1-1) JBoss Web Services - Stack CXF Server 4.0.2.GA
15:29:20,336 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) Starting Coyote HTTP/1.1 on http-raspi/192.168.70.16:8080
15:29:28,817 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on 127.0.0.1:9999
15:29:29,057 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-2) JBAS015012: Started FileSystemDeploymentService for directory /home/pskopek/dev/as7/jboss-as-7.2.0.Alpha1-SNAPSHOT/standalone/deployments
15:29:29,427 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on 192.168.70.16:4447
15:29:33,987 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:jboss/datasources/ExampleDS]
15:29:34,507 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990
15:29:34,517 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss AS 7.2.0.Alpha1-SNAPSHOT "Steropes" started in 94272ms - Started 134 of 214 services (79 services are passive or on-demand)
[pskopek@raspi jboss-as-7.2.0.Alpha1-SNAPSHOT]$ /opt/sun/jre1.6.0_32/bin/java -version
java version "1.6.0_32"
Java(TM) 2 Runtime Environment, Standard Edition for Embedded (build 1.6.0_32-b05, headless)
Java HotSpot(TM) Embedded Client VM (build 20.7-b02, mixed mode)
[pskopek@raspi jboss-as-7.2.0.Alpha1-SNAPSHOT]$ ./bin/standalone.sh -b raspi
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /home/pskopek/dev/as7/jboss-as-7.2.0.Alpha1-SNAPSHOT
JAVA: /opt/sun/jre1.6.0_32/bin/java
JAVA_OPTS: -server -Xms64m -Xmx128m -XX:MaxPermSize=64m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Djboss.server.default.config=standalone.xml
=========================================================================
15:28:08,575 INFO [org.jboss.modules] JBoss Modules version 1.1.2.GA
15:28:13,425 INFO [org.jboss.msc] JBoss MSC version 1.0.2.GA
15:28:14,895 INFO [org.jboss.as] JBAS015899: JBoss AS 7.2.0.Alpha1-SNAPSHOT "Steropes" starting
15:28:50,566 INFO [org.xnio] XNIO Version 3.0.4.GA
15:28:50,696 INFO [org.jboss.as.server] JBAS015888: Creating http management service using socket-binding (management-http)
15:28:51,026 INFO [org.xnio.nio] XNIO NIO Implementation Version 3.0.4.GA
15:28:51,426 INFO [org.jboss.remoting] JBoss Remoting version 3.2.8.GA
15:28:52,706 INFO [org.jboss.as.logging] JBAS011502: Removing bootstrap log handlers
15:28:53,396 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) JBAS010280: Activating Infinispan subsystem.
15:28:53,596 INFO [org.jboss.as.configadmin] (ServerService Thread Pool -- 62) JBAS016200: Activating ConfigAdmin Subsystem
15:28:53,606 INFO [org.jboss.as.security] (ServerService Thread Pool -- 80) JBAS013101: Activating Security Subsystem
15:28:53,776 INFO [org.jboss.as.osgi] (ServerService Thread Pool -- 75) JBAS011906: Activating OSGi Subsystem
15:28:54,186 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 74) JBAS011800: Activating Naming Subsystem
15:28:54,716 INFO [org.jboss.as.webservices] (ServerService Thread Pool -- 84) JBAS015537: Activating WebServices Extension
15:28:57,466 INFO [org.jboss.as.security] (MSC service thread 1-2) JBAS013100: Current PicketBox version=4.0.9.Final
15:29:01,026 INFO [org.jboss.as.connector.logging] (MSC service thread 1-1) JBAS010408: Starting JCA Subsystem (JBoss IronJacamar 1.0.11.Final)
15:29:04,606 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 63) JBAS010403: Deploying JDBC-compliant driver class org.h2.Driver (version 1.3)
15:29:05,416 INFO [org.jboss.as.naming] (MSC service thread 1-2) JBAS011802: Starting Naming Service
15:29:07,416 INFO [org.jboss.as.mail.extension] (MSC service thread 1-2) JBAS015400: Bound mail session [java:jboss/mail/Default]
15:29:09,886 INFO [org.jboss.ws.common.management.AbstractServerConfig] (MSC service thread 1-1) JBoss Web Services - Stack CXF Server 4.0.2.GA
15:29:20,336 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) Starting Coyote HTTP/1.1 on http-raspi/192.168.70.16:8080
15:29:28,817 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on 127.0.0.1:9999
15:29:29,057 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-2) JBAS015012: Started FileSystemDeploymentService for directory /home/pskopek/dev/as7/jboss-as-7.2.0.Alpha1-SNAPSHOT/standalone/deployments
15:29:29,427 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on 192.168.70.16:4447
15:29:33,987 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) JBAS010400: Bound data source [java:jboss/datasources/ExampleDS]
15:29:34,507 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990
15:29:34,517 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss AS 7.2.0.Alpha1-SNAPSHOT "Steropes" started in 94272ms - Started 134 of 214 services (79 services are passive or on-demand)
Sunday, April 8, 2012
Upgrade of my ThinkPad T510 with F14 to F16 - sound problems
A week ago I have decided to move another two steps on my Fedora ladder.
I was very surprised and please with how upgrade went and no major problems occurred.
But later in a week I found my microphone (mic) is not working and Twinkle is not playing/capturing sound as well.
After some googling around a bit I discovered that I need to modify my
/etc/modprobe.d/dist-alsa.conf file putting new following line at the beginning of commands:
Restart the system and problem is still there.
Then I realize that my user is not able to access /dev/snd device files, but there is a group called "audio" preconfigured for this. Obvious solution was to add the user to the group.
Last step is reboot, test and enjoy your sound!
I was very surprised and please with how upgrade went and no major problems occurred.
But later in a week I found my microphone (mic) is not working and Twinkle is not playing/capturing sound as well.
After some googling around a bit I discovered that I need to modify my
/etc/modprobe.d/dist-alsa.conf file putting new following line at the beginning of commands:
options snd-hda-intel index=0 model=thinkpad
Restart the system and problem is still there.
Then I realize that my user is not able to access /dev/snd device files, but there is a group called "audio" preconfigured for this. Obvious solution was to add the user to the group.
sudo useradd -G audio <your_user>
Last step is reboot, test and enjoy your sound!
Sunday, March 25, 2012
Openwrt Dayligh Saving Time Fix
If your openwrt is not changing to DST this year, try this TZ as settings "CET-1CEST,M3.4.0,M10.4.0/3".
Update your /etc/config/system file as this:
config 'system'
option 'hostname' 'gate1'
option 'zonename' 'Europe/Bratislava'
option 'timezone' 'CET-1CEST,M3.4.0,M10.4.0/3'
option 'cronloglevel' '8'
option 'conloglevel' '7'
and /etc/TZ
CET-1CEST,M3.4.0,M10.4.0/3Finally run /etc/init.d/sysntpd reload.
Enjoy!
Tuesday, February 21, 2012
KDC server using ApacheDS 1.5.7
There is a nice work where author describes how to run KDC server using ApacheDS [1].
Problem is that with recent version of ApacheDS the step by step guide is not working, so let's present the fixes.
So, give it a try:
Enjoy your KDC ;-)
[1] http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html
Problem is that with recent version of ApacheDS the step by step guide is not working, so let's present the fixes.
- On machines with dual TCP stack be aware of occasional localhost resoutions to ::1 which is IPv6 localhost. Therefore I have used localhost4 to be on a safe side
- Change server.xml of ApacheDS to include paEncTimestampRequired="false" attribute of kdcServer node.
<kdcServer id="kdcServer" searchBaseDn="ou=Users,dc=example,dc=com" paEncTimestampRequired="false">
<transports>
<tcpTransport port="60088" nbThreads="4" backLog="50"/>
<udpTransport port="60088" nbThreads="4" backLog="50"/>
</transports>
<directoryService>#directoryService</directoryService>
</kdcServer>
- ldiff data should be modified using localhost4 as server ID.
Last element will look like this:dn: uid=ldap,ou=Users,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: krb5principal
objectClass: krb5kdcentry
cn: LDAP
sn: Service
uid: ldap
userPassword: randall
krb5PrincipalName: ldap/localhost4@EXAMPLE.COM
krb5KeyVersionNumber: 0 - Your /etc/krb5.conf file can look like this:
[libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = localhost:60088 } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM
So, give it a try:
kinit hnelson@EXAMPLE.COM
Password for hnelson@EXAMPLE.COM: secret
klist
Ticket cache: FILE:/tmp/krb5cc_12956
Default principal: hnelson@EXAMPLE.COM
Valid starting Expires Service principal
02/21/12 08:37:26 02/22/12 08:37:25 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 02/28/12 08:37:25
Enjoy your KDC ;-)
[1] http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html
Sunday, February 20, 2011
drsr.sk: Elektronický podpis
Zaujímalo by ma prečo musí byť podateľňa elektronických dokumentov na drsr.sk založená na komponente, ktorý je schopný bežať len na systémoch Windows?
Aký je problém implementovať elektronický podpis s použitím technológie Java, ktorá umožní spustenie aplikácie na takmer ľubovoľnom operačnom systéme (Windows, Linux, Mac OS X)?
To ani nehovorím, že podateľňa musí bežať pod Internet Explorerom .... :-(
Aký je problém implementovať elektronický podpis s použitím technológie Java, ktorá umožní spustenie aplikácie na takmer ľubovoľnom operačnom systéme (Windows, Linux, Mac OS X)?
To ani nehovorím, že podateľňa musí bežať pod Internet Explorerom .... :-(
Subscribe to:
Posts (Atom)