[[Mathias Chauvin]] - IT stuff

Typo fixed thanks to ces

Here is something quite simple but, one just have to remember about it…
From what I’ve read about Solaris and ext2/3 filesystems, these filesystems should never be supported in Solaris.
So if one want to run a dual boot configuration with Solaris and Linux, here is a way to proceed:

• First, install Solaris 10 x86 on the server.
  Solaris grub will be installed on the disk, allowing to boot the Solaris 10 x86 system.
• Then, install the Linux distro on the second disk (or any other disk).
  This time, grub from the Linux distro will be installed on the disk, and will override the MBR installation.
  Thsu, when booting the server, the Linux grub will be launched.

• Edit the Linux grub configuration to chainload the Solaris OS.
  While running Linux, connect as root:

    [root@linux:~] vi /boot/grub/grub.conf
  

  Add the following to the configuration file:

    title Solaris 10 x86 U5
      rootnoverify (hd0,0)
      makeactive
      chainloader +1
  

  Here, Linux has been installed on the second disk (hd(1,0)(hd1,0)), Solaris on the first disk (hd(0,0)(hd0,0)).

  rootnoverify won’t attempt to mount the partition (not sure that the Solaris filesystem is supported as well).

  For more information about grub command, follow this link

• Reboot the server, and Solaris will be available from the grub prompt

Here is something i always forget about… “howto set the path for libraries” in Solaris 10.
As I was trying to get OpenSSH 5.0p1 compiled for a Solaris 10 x86 machine, I’ve been facing a “no recent OpenSSL libcrypto found” error.
However, the libcrypto has been installed with the blastwave openssl package.

The path for this library is /opt/csw/lib/libcrypto.so.0.9.8. So the library path needs to contain /opt/csw/lib.

Using Solaris 10 (x86 or SPARC), the magic command as follow:

root@sunx86:/# crle -c /var/ld/ld.config -l /lib:/usr/lib:/opt/csw/lib

By the way, you may add whatever you want in the path as soon as it is a valid one

For once, I’ll post what is more a question than a solution
It may happen that, while using Windows XP on a recent 2GB memory workstation, one is not able to open a new tab in IE, or open a new window of his favorite application.
This is mainly due to the fact that Windows is limiting the number of GDI handles. This is done in the registry. The default value is set to 10000 and can be set up to 16384.

That is where my question comes. I’ve created an adm file to modify the settings using a GPO in AD.
This GPO should allow to modify the number of user process handles as well.

Here is how the file looks like:

CLASS MACHINE
CATEGORY "System"
 CATEGORY "Windows Session"

  POLICY "GDI handles limit"
   KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Windows"
   PART "Max number of GDI Handles" NUMERIC REQUIRED
    VALUENAME "GDIProcessHandleQuota"
    MIN 10000 MAX 16384 DEFAULT 10000
    SPIN 1000
   END PART
  END POLICY

  POLICY "process handles limit"
   KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Windows"
   PART "Max number of PROCESS Handles" NUMERIC
    VALUENAME "USERProcessHandleQuota"
    MIN 10000 MAX 18000 DEFAULT 10000
    SPIN 1000
   END PART
  END POLICY

  POLICY "Session Manager tuning"
   KEYNAME "System\CurrentControlSet\Control\Session Manager\Subsystems"
   EXPLAIN "To enhance the benefits of increasing the GDI handles limit..."
   PART "Shared section in Session Manager" COMBOBOX EXPANDABLETEXT
    SUGGESTIONS
     ...
    END SUGGESTIONS
    VALUENAME "Windows"
   END PART
  END POLICY

 END CATEGORY ;; Windows Session
END CATEGORY ;; System

Unfortunately, the GPOs are not allowing these registry keys to be modified… So… What am i missing???
I’d appreciate any help or remarks on this point… allowing me not to run a “dot reg” on each machine I need to modify.

Here is a weird thing… Using Solaris with the default configuration, your password can’t be more than 8 characters.
Let’s have an example.
One of the server (sunsol) user login is “spongebob“. His password is “garyNpatrick“. When connecting to the server, the user can log entering only “garyNpat” as a password.
This is due to the default crypt algorythm used to store passwords in the /etc/shadow file.

This crypt algorythm can be changed. There are a few algorythms available by default in Solaris. To know about them, have a look at /etc/security/crypt.conf

root@sunsol !% cat /etc/security/crypt.conf
#
# Copyright 2002 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident  "@(#)crypt.conf 1.1     02/06/07 SMI"
#
# The algorithm name __unix__ is reserved.

1       crypt_bsdmd5.so.1
2a      crypt_bsdbf.so.1
md5     crypt_sunmd5.so.1

You may wanna choose md5 to enhance the security of passwords on the server. To do so, edit the /etc/security/policy.conf file and modify the CRYPT_DEFAULT parameter from

CRYPT_DEFAULT=__unix__

to

CRYPT_DEFAULT=md5

Ask spongebob to reset his password, and he will no longer be able to log in entering only the 8 first chars of his password

I really don’t like this tool (and i’m not used to it), but sometimes, the choice is not yours… so remember that F10 is simply

<ESC> 0

when using Hyperterminal (It may help configuring some BIOS options for instance )

This was a very simple one, but i often wonder about how to do it