Hi! Hilary here, Product Manager for the Red Hat Secure Web Server. As you know, the Secure Server is a new product for Red Hat and I''m looking for feedback on how we should upgrade once a new version is available. In the past with Red Hat products, we''ve kept upgrades very simple: get the CDs for a low price. However, with a new version of the Secure Server there will be better documentation, so I would rather offer an upgrade that includes the whole box set (CDs, manual, support). What are your thoughts for the upgrade? 1) CD only at a low price 2) CD with documentation and support for a little more $. Also, if you have any other comments/suggestions, please feel free to email them to me at hilary@redhat.com. Hilary
-----BEGIN PGP SIGNED MESSAGE----- Hilary: Better doc for a little more money please! Thanks! Wayne ``There appear to be few if any technical reasons to move from UNIX to Windows NT. The performance of Linux exceeds that of NT 4.0 and Linux appears to be more reliable.'''' -- David Korn, AT&T, author of ksh +---------------------------------------------------------------------------+ Wayne S. Gabree Harvard University Network Administrator 26 Oxford Street Department of Organismic and Cambridge, MA 02138 Evolutionary Biology USA TEL (617) 495-2323 FAX (617) 496-8308 EMAIL wgabree@oeb.harvard.edu PAGER (617) 430-8754 PGP fingerprint: C9 43 E2 22 D2 C0 94 CA 58 49 2A 2D 35 CA 87 DB PGP public key: email pgp-public-keys@keys.pgp.net with subject "get wgabree" +---------------------------------------------------------------------------+> Resent-Cc: recipient list not shown: ; > MBOX-Line: From redhat-secure-server-request@redhat.com Tue Aug 25 14:59:16 1998 > X-Mailer: exmh version 2.0.2 > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Date: Tue, 25 Aug 1998 14:53:25 -0400 > From: Hilary Stokes <hilary@redhat.com> > Resent-From: redhat-secure-server@redhat.com > Reply-To: redhat-secure-server@redhat.com > X-Mailing-List: <redhat-secure-server@redhat.com> archive/latest/29 > X-Loop: redhat-secure-server@redhat.com > Precedence: list > Resent-Sender: redhat-secure-server-request@redhat.com > X-URL: http://www.redhat.com > X-UIDL: ba64bddfa4cc23efa88c4957f6a30fe5 > > Hi! Hilary here, Product Manager for the Red Hat Secure Web Server. > > As you know, the Secure Server is a new product for Red Hat and I''m > looking for feedback on how we should upgrade once a new version is > available. In the past with Red Hat products, we''ve kept upgrades > very simple: get the CDs for a low price. > > However, with a new version of the Secure Server there will be better > documentation, so I would rather offer an upgrade that includes > the whole box set (CDs, manual, support). > > What are your thoughts for the upgrade? > > 1) CD only at a low price > 2) CD with documentation and support for a little more $. > > Also, if you have any other comments/suggestions, please feel free > to email them to me at hilary@redhat.com. > > Hilary > > > > -- > PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! > http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists > To unsubscribe: mail redhat-secure-server-request@redhat.com with > "unsubscribe" as the Subject. >-----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBNeV5/M7+aiBUc6ilAQFBXAP/VrBKpQHcNJuGEuQryUc89paly6uxN4Mv qOgiWHQxp3j1a5oR67T08uenCs+PZhZvP3bEiA0xJ8QTQSZtGotKXI04kcp5Xi5Q MZOfs5sS6DWikPQiwvM8TglKW5KzvWyMZIjQzX0Jd0L7qNwN8BM+TS2l0daZt87r Gdy/OhJa5Ws=Nlkx -----END PGP SIGNATURE----- From mail@mail.redhat.com Aug 13:19:21 1998 -0400 Received: (qmail 636 invoked from network); 27 Aug 1998 18:28:24 -0000 Received: from mail.redhat.com (199.183.24.239) by mail2.redhat.com with SMTP; 27 Aug 1998 18:28:24 -0000 Received: from mail.bkbank.com (mail.bkbank.com [205.216.88.5]) by mail.redhat.com (8.8.7/8.8.7) with SMTP id NAA07691; Thu, 27 Aug 1998 13:19:21 -0400 Received: from fcn105-172.tmi.net ( [207.170.105.172] ) by mail.bkbank.com (Hethmon Brothers Smtpd) ; Thu, 27 Aug 1998 12:19:09 CST6CDT Message-Id: <199807271219.0937189.7@mail.bkbank.com> From: "Jeff Rush" <jrush@summit-research.com> To: "Hilary Stokes" <hilary@redhat.com>, "redhat-secure-server@redhat.com" <redhat-secure-server@redhat.com> Date: Thu, 27 Aug 98 12:19:13 -0500 Reply-To: "Jeff Rush" <jrush@summit-research.com> Priority: Normal X-Mailer: PMMail 1.95a For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Secure Server upgrade On Tue, 25 Aug 1998 14:53:25 -0400, Hilary Stokes wrote:>However, with a new version of the Secure Server there will be better >documentation, so I would rather offer an upgrade that includes >the whole box set (CDs, manual, support). > >What are your thoughts for the upgrade? > >1) CD only at a low price >2) CD with documentation and support for a little more $.As an upgrade, I would prefer a CD only at a low price, with the documentation available on the CD as PDF or HTML, since here they are only likely to be read during install. I''m a little odd in that I like my docs in electronic form, to save office space on infrequently referenced items. One overall item I''d like to see Red Hat address somewhere is their testing policy. Is there a place to volunteer to read those new docs -before- release and provide feedback? I''m aware of the Raw Hide testing program, but how does Red Hat administer alpha/beta/document releases for selected critical packages such as the Secure Server?>Also, if you have any other comments/suggestions, please feel free >to email them to me at hilary@redhat.com.I would be forever in your debt if the next release of Secure Server included the mod_pyapache module, so that Python programs could be run directly. Since Red Hat already relies upon Python in their configuration tools, it''d be a natural addition. Of course, I suppose if the next release includes the necessary headers and such, it could be done as an add-on module. At the moment, I''m out of luck w/o source to rebuild the server. It seems the mod_pyapache maintainers didn''t structure their existing work to be a .so add-on. I''d hope that those includes in the next release will be packaged as a separate *-devel RPM package. Last, I''d like to see some of the schizo pathing re /home/httpd for some utilities bundled with the release and /home/httpsd for the server be straightened out. To explain, if the server goes into /home/httpsd, don''t put the htdig cgi-bin into httpd/cgi-bin where it won''t be found by the server right after install. Thanks for listening all, Jeff Rush
Hilary, Personally, I would opt for #2. Is there any reason why RedHat cannot offer both? Tom Hilary Stokes wrote:> > Hi! Hilary here, Product Manager for the Red Hat Secure Web Server. > > As you know, the Secure Server is a new product for Red Hat and I''m > looking for feedback on how we should upgrade once a new version is > available. In the past with Red Hat products, we''ve kept upgrades > very simple: get the CDs for a low price. > > However, with a new version of the Secure Server there will be better > documentation, so I would rather offer an upgrade that includes > the whole box set (CDs, manual, support). > > What are your thoughts for the upgrade? > > 1) CD only at a low price > 2) CD with documentation and support for a little more $. > > Also, if you have any other comments/suggestions, please feel free > to email them to me at hilary@redhat.com. > > Hilary > > -- > PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! > http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists > To unsubscribe: mail redhat-secure-server-request@redhat.com with > "unsubscribe" as the Subject.-- Tom Crow TCS Systems Administrator/Webmaster NSWC Dahlgren Division tcrow@nswc.navy.mil
> Hilary Stokes wrote: > > > > Hi! Hilary here, Product Manager for the Red Hat Secure Web Server. > > > > As you know, the Secure Server is a new product for Red Hat and I''m > > looking for feedback on how we should upgrade once a new version is > > available. In the past with Red Hat products, we''ve kept upgrades > > very simple: get the CDs for a low price. > > > > However, with a new version of the Secure Server there will be better > > documentation, so I would rather offer an upgrade that includes > > the whole box set (CDs, manual, support). > > > > What are your thoughts for the upgrade? > > > > 1) CD only at a low price > > 2) CD with documentation and support for a little more $. > >Depends on what type of an upgrade this is and how available you''ll have the doc''s. I always like doc''s, but I''d rather see redhat post them on their website and keep them up to date (because we know we always have changes to what we see in the pre-printed books). How much is being upgraded to this and will I have the ability to compile in my own apache modules? Not that I don''t like what redhat''s secure server comes with, but I do like to add in modules and recompile the server with different options (depending on the situation). ---------------------------------------------------------------------- Brent Alexander Oswald /\ http://www.io.com/~buzzboy ILLUMINATI ONLINE /IO\ buzzboy@io.com Webmaster /____\ NIC: BO525 FNORD!
On Fri, 28 Aug 1998, Brent A. Oswald wrote:> How much is being upgraded to this and will I have the ability to compile > in my own apache modules? Not that I don''t like what redhat''s secure > server comes with, but I do like to add in modules and recompile the > server with different options (depending on the situation).You have the ability to compile your own modules right now. The next version will retain the ability to compile modules of course. It will make it easier, too. We really can''t provide you the ability to recompile the server entirely though, because that would mean giving you access to the RSA encryption routines. We can''t do that. --- -Preston Brown Red Hat Software, Inc. pbrown@redhat.com
Will it be easy to set up the Microsoft FrontPage extentions in the new release of the secure server? Jim jht@aloha.net
On Fri, 28 Aug 1998, James H. Thompson wrote:> > Will it be easy to set up the Microsoft FrontPage extentions in > the new release of the secure server?The problem with this is twofold: 1. We aren''t allowed to include FrontPage extensions in our product per the microsoft license for the extensions (you are prohibited from including the extensions in a third party product). 2. The patch to include the FrontPage extensions in Apache is a HUGE security hole. Much of it requires ROOT access. This is pretty much unacceptable to most people who are even partially concerned with the security of their website. --- -Preston Brown Red Hat Software, Inc. pbrown@redhat.com
On Fri, 28 Aug 1998 13:41:39 -1000 (HST), <> wrote:> > Will it be easy to set up the Microsoft FrontPage extentions in > the new release of the secure server?FrontPage and Red Hat Secure Server are paradoxical. -- Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software "So hang the brand-name ego at the door and think about what I''m saying" - Peter Da Silva
I wasn''t asking you to include it in the distribution, only to make sure that those of us that want to run it can easily apply the patches to generate a version with the FP ext. For instance, I managed to apply the patches to the latest version of Stronghold, but doing so required figuring out how to modify the FP patches to match the Stronghold source files, and in one case modifing the FP patch. It would be nice if the FP installation (which is a patch to the server code) either applied correctly out of the box or you included instructions on what needed to be changed to make it work. There are instructions for setting up FP with apache-ssl http://www.westbend.net/~hetzels/apache-fp/ It would be nice to have the equivalent for the RH Secure Server. Microsoft claims to have fixed the security problem with FP. Do you know of a specific problem or just object to it requiring root access? On Fri, 28 Aug 1998, Preston Brown wrote:> On Fri, 28 Aug 1998, James H. Thompson wrote: > > > > > Will it be easy to set up the Microsoft FrontPage extentions in > > the new release of the secure server? > > The problem with this is twofold: > > 1. We aren''t allowed to include FrontPage extensions in our product per > the microsoft license for the extensions (you are prohibited from > including the extensions in a third party product). > > 2. The patch to include the FrontPage extensions in Apache is a HUGE > security hole. Much of it requires ROOT access. This is pretty much > unacceptable to most people who are even partially concerned with > the security of their website. > > --- > -Preston Brown > Red Hat Software, Inc. > pbrown@redhat.com > > > -- > PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! > http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists > To unsubscribe: mail redhat-secure-server-request@redhat.com with > "unsubscribe" as the Subject. >Jim jht@aloha.net From mail@mail.redhat.com Aug 17:53:20 1998 -0400 Received: (qmail 17247 invoked from network); 31 Aug 1998 21:52:34 -0000 Received: from mail.redhat.com (199.183.24.239) by mail2.redhat.com with SMTP; 31 Aug 1998 21:52:33 -0000 Received: from hale-bopp.io.com (buzzboy@hale-bopp.io.com [199.170.88.77]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id RAA18309; Mon, 31 Aug 1998 17:53:20 -0400 Received: from localhost (buzzboy@localhost) by hale-bopp.io.com (8.8.7/8.8.7) with SMTP id QAA19766; Mon, 31 Aug 1998 16:52:50 -0500 X-Authentication-Warning: hale-bopp.io.com: buzzboy owned process doing -bs Date: Mon, 31 Aug 1998 16:52:50 -0500 (CDT) From: "Brent A. Oswald" <buzzboy@io.com> Reply-To: "Brent A. Oswald" <buzzboy@io.com> To: redhat-secure-server@redhat.com cc: Preston Brown <pbrown@redhat.com> Subject: Re: Secure Server upgrade In-Reply-To: <Pine.LNX.3.96.980828183613.3405u-100000@xanadu.redhat.com> Message-ID: <Pine.LNX.3.96.980831161922.914D-100000@hale-bopp.io.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Fri, 28 Aug 1998, Preston Brown wrote:> On Fri, 28 Aug 1998, Brent A. Oswald wrote: > > > How much is being upgraded to this and will I have the ability to compile > > in my own apache modules? Not that I don''t like what redhat''s secure > > server comes with, but I do like to add in modules and recompile the > > server with different options (depending on the situation). > > You have the ability to compile your own modules right now. The next > version will retain the ability to compile modules of course. It will > make it easier, too. > > We really can''t provide you the ability to recompile the server entirely > though, because that would mean giving you access to the RSA encryption > routines. We can''t do that. >I think one of us is confused here. What I''d like the ability to do is to compile a third-party module into the server (say mod_pyapache for example). I don''t have the ability to compile this module into the RedHat secure server (unless you know of a way to compile third-party modules into the server). The only choice I have is whether to include mod_perl and/or mod_php (I don''t even have the choice to exclude some of the standard Apache modules (some of which are useless in many cases)). In comparison, I do run the StrongHold secure webserver (by c2.net) for some of my customers and with that server, you do get the source for the server and the ability to recompile the server with the modules I wanted to include. I don''t know why they''d be able to send me the source and you wouldn''t...maybe it is the fact of the agreements I''ve signed with respect to not releasing the code nor transmitting/transporting it across international lines due its classification as a munition. If we made agreements of that nature with RedHat, would you then be able to send us the source to recompile? (Essentially, I''m looking to be able to convert all of my clients to RedHat secure server instead of Stronghold due to the $900 difference in cost they''ll save, but they still want a server with the ability to do at least some of the things they were able to do with Stronghold). When RedHat first came out with the secure server, I was excited that someone else was marketing an Apache-based secure server on the market and would make competition for Stronghold/c2.net. Now that you''re competing (by being in the market), I''d like to see you win more business. ---------------------------------------------------------------------- Brent Alexander Oswald /\ http://www.io.com/~buzzboy ILLUMINATI ONLINE /IO\ buzzboy@io.com Webmaster /____\ NIC: BO525 FNORD!
On Fri, 28 Aug 1998, Preston Brown wrote:> On Fri, 28 Aug 1998, Brent A. Oswald wrote: > > > How much is being upgraded to this and will I have the ability to compile > > in my own apache modules? Not that I don''t like what redhat''s secure > > server comes with, but I do like to add in modules and recompile the > > server with different options (depending on the situation). > > You have the ability to compile your own modules right now. The next > version will retain the ability to compile modules of course. It will > make it easier, too. > > We really can''t provide you the ability to recompile the server entirely > though, because that would mean giving you access to the RSA encryption > routines. We can''t do that. >I think one of us is confused here. What I''d like the ability to do is to compile a third-party module into the server (say mod_pyapache for example). I don''t have the ability to compile this module into the RedHat secure server (unless you know of a way to compile third-party modules into the server). The only choice I have is whether to include mod_perl and/or mod_php (I don''t even have the choice to exclude some of the standard Apache modules (some of which are useless in many cases)). In comparison, I do run the StrongHold secure webserver (by c2.net) for some of my customers and with that server, you do get the source for the server and the ability to recompile the server with the modules I wanted to include. I don''t know why they''d be able to send me the source and you wouldn''t...maybe it is the fact of the agreements I''ve signed with respect to not releasing the code nor transmitting/transporting it across international lines due its classification as a munition. If we made agreements of that nature with RedHat, would you then be able to send us the source to recompile? (Essentially, I''m looking to be able to convert all of my clients to RedHat secure server instead of Stronghold due to the $900 difference in cost they''ll save, but they still want a server with the ability to do at least some of the things they were able to do with Stronghold). When RedHat first came out with the secure server, I was excited that someone else was marketing an Apache-based secure server on the market and would make competition for Stronghold/c2.net. Now that you''re competing (by being in the market), I''d like to see you win more business. ---------------------------------------------------------------------- Brent Alexander Oswald /\ http://www.io.com/~buzzboy ILLUMINATI ONLINE /IO\ buzzboy@io.com Webmaster /____\ NIC: BO525 FNORD!
On Mon, 31 Aug 1998, Brent A. Oswald wrote:> I think one of us is confused here. What I''d like the ability to do is to > compile a third-party module into the server (say mod_pyapache for > example). I don''t have the ability to compile this module into the RedHat > secure server (unless you know of a way to compile third-party modules > into the server). The only choice I have is whether to include mod_perl > and/or mod_php (I don''t even have the choice to exclude some of the > standard Apache modules (some of which are useless in many cases)).With apache 1.3.x, it is possible to compile 3rd party modules without having anything other than the apache header files available. We will make it possible to compile 3rd party modules for Secure Web Server. You can do this already, with the apache 1.2.6 header files we shipped in 1.0. However, because you have to make modules "think" they are compiling with 1.3.x (which was the first official release to include DSO support) things can be a little bit more complex than they could otherwise be. It will be easier in 2.0. If you are having specific problems compiling a 3rd party module for 1.0, let''s discuss it on the list here, and perhaps I can help. We will be shipping the source code to all portions of the server except for the BSAFE libraries, which RSA does not permit us to distribute of course. --- -Preston Brown Red Hat Software, Inc. pbrown@redhat.com
On Mon, 31 Aug 1998, Preston Brown wrote:> On Mon, 31 Aug 1998, Brent A. Oswald wrote: > > > I think one of us is confused here. What I''d like the ability to do is to > > compile a third-party module into the server (say mod_pyapache for > > example). I don''t have the ability to compile this module into the RedHat > > secure server (unless you know of a way to compile third-party modules > > into the server). The only choice I have is whether to include mod_perl > > and/or mod_php (I don''t even have the choice to exclude some of the > > standard Apache modules (some of which are useless in many cases)). > > With apache 1.3.x, it is possible to compile 3rd party modules without > having anything other than the apache header files available. We will > make it possible to compile 3rd party modules for Secure Web Server. You > can do this already, with the apache 1.2.6 header files we shipped in 1.0. > However, because you have to make modules "think" they are compiling with > 1.3.x (which was the first official release to include DSO support) things > can be a little bit more complex than they could otherwise be. It will be > easier in 2.0. > > If you are having specific problems compiling a 3rd party module for 1.0, > let''s discuss it on the list here, and perhaps I can help. > > We will be shipping the source code to all portions of the server except > for the BSAFE libraries, which RSA does not permit us to distribute of > course. >Thanks! Excellent answer! Sorry if I sounded a bit hard-nosed in my first two posts...I was really just ''trolling'' for a *good* answer and trying to impress my opinion that I''d like to see a little bit more documentation and/or some abilities that weren''t readily noticeable in the first version of the server that you released. Part of what I''m looking for in a secure server is the fact that it is Apache-based, but the other part is in a server where the authors/distributors can and will help you with it. I don''t yet have need for any third-party modules installed with the server, but the day will come (and I''ll be sure to ask when I have questions). I did however re-examine the CD tonight (twice to be sure) and didn''t notice anywhere that the header files were included (even as part of the rpm''s). I still don''t quite understand how you''d go about doing this anyway, because normally, the code for a module is compiled (or simply uncompressed) and copied to the apache src tree, then you''d edit the Configuration file and perform a new make(1L). That''s how I did it in Apache 1.2* at least (I''m not sure about 1.3* since I haven''t yet taken the time to tweak configurations with it). Glad to hear you''ll be shipping source code for the server now. PS- A question unrelated to the previous posts: Would upgrading PERL on the machine (latest version is at 5.005_02) have any impact on mod_perl with the server (ie: nothing is likely to break, is it?) To quote the README on the CD: "If you do not have RPM, if you choose to install mod_perl, Perl 5.00404 WILL be installed and will become the default version of Perl on your system. This is because mod_perl requires that specific version of Perl." Certainly mod_perl would be able to handle future releases of PERL, wouldn''t it (or don''t the authors know how to code for future revisions?) :) Also (for those who haven''t looked into perl5.005* versions), you might want to note the warning in the PERL Porters post (http://www.perl.com/CPAN-local/authors/id/GSAR/perl5.005_02.announce): "WARNING: Perl 5.005 and later are NOT BINARY COMPATIBILE with releases prior to 5.005. You will need to recompile all extensions that require a C compiler to build (i.e. those that contain XSUBs). See the "INSTALL" document for detailed instructions on how to cope." ---------------------------------------------------------------------- Brent Alexander Oswald /\ http://www.io.com/~buzzboy ILLUMINATI ONLINE /IO\ buzzboy@io.com Webmaster /____\ NIC: BO525 FNORD!
What do you have to do to get DBM to work with secure server? Doing httpd -h I see that it isn''t one of the modules that is compiled in. Thanks, Chris From mail@mail.redhat.com Sep 04:03:27 1998 -0400 Received: (qmail 30693 invoked from network); 1 Sep 1998 08:02:40 -0000 Received: from mail.redhat.com (199.183.24.239) by mail2.redhat.com with SMTP; 1 Sep 1998 08:02:40 -0000 Received: from hale-bopp.io.com (buzzboy@hale-bopp.io.com [199.170.88.77]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id EAA03917; Tue, 1 Sep 1998 04:03:27 -0400 Received: from localhost (buzzboy@localhost) by hale-bopp.io.com (8.8.7/8.8.7) with SMTP id DAA08878; Tue, 1 Sep 1998 03:01:59 -0500 X-Authentication-Warning: hale-bopp.io.com: buzzboy owned process doing -bs Date: Tue, 1 Sep 1998 03:01:59 -0500 (CDT) From: "Brent A. Oswald" <buzzboy@io.com> To: redhat-secure-server@redhat.com cc: Preston Brown <pbrown@redhat.com> Subject: Modules, src, Was: Secure Server upgrade In-Reply-To: <Pine.LNX.3.96.980831184759.3405I-100000@xanadu.redhat.com> Message-ID: <Pine.LNX.3.96.980901013921.914L-100000@hale-bopp.io.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Mon, 31 Aug 1998, Preston Brown wrote:> On Mon, 31 Aug 1998, Brent A. Oswald wrote: > > > I think one of us is confused here. What I''d like the ability to do is to > > compile a third-party module into the server (say mod_pyapache for > > example). I don''t have the ability to compile this module into the RedHat > > secure server (unless you know of a way to compile third-party modules > > into the server). The only choice I have is whether to include mod_perl > > and/or mod_php (I don''t even have the choice to exclude some of the > > standard Apache modules (some of which are useless in many cases)). > > With apache 1.3.x, it is possible to compile 3rd party modules without > having anything other than the apache header files available. We will > make it possible to compile 3rd party modules for Secure Web Server. You > can do this already, with the apache 1.2.6 header files we shipped in 1.0. > However, because you have to make modules "think" they are compiling with > 1.3.x (which was the first official release to include DSO support) things > can be a little bit more complex than they could otherwise be. It will be > easier in 2.0. > > If you are having specific problems compiling a 3rd party module for 1.0, > let''s discuss it on the list here, and perhaps I can help. > > We will be shipping the source code to all portions of the server except > for the BSAFE libraries, which RSA does not permit us to distribute of > course. >Thanks! Excellent answer! Sorry if I sounded a bit hard-nosed in my first two posts...I was really just ''trolling'' for a *good* answer and trying to impress my opinion that I''d like to see a little bit more documentation and/or some abilities that weren''t readily noticeable in the first version of the server that you released. Part of what I''m looking for in a secure server is the fact that it is Apache-based, but the other part is in a server where the authors/distributors can and will help you with it. I don''t yet have need for any third-party modules installed with the server, but the day will come (and I''ll be sure to ask when I have questions). I did however re-examine the CD tonight (twice to be sure) and didn''t notice anywhere that the header files were included (even as part of the rpm''s). I still don''t quite understand how you''d go about doing this anyway, because normally, the code for a module is compiled (or simply uncompressed) and copied to the apache src tree, then you''d edit the Configuration file and perform a new make(1L). That''s how I did it in Apache 1.2* at least (I''m not sure about 1.3* since I haven''t yet taken the time to tweak configurations with it). Glad to hear you''ll be shipping source code for the server now. PS- A question unrelated to the previous posts: Would upgrading PERL on the machine (latest version is at 5.005_02) have any impact on mod_perl with the server (ie: nothing is likely to break, is it?) To quote the README on the CD: "If you do not have RPM, if you choose to install mod_perl, Perl 5.00404 WILL be installed and will become the default version of Perl on your system. This is because mod_perl requires that specific version of Perl." Certainly mod_perl would be able to handle future releases of PERL, wouldn''t it (or don''t the authors know how to code for future revisions?) :) Also (for those who haven''t looked into perl5.005* versions), you might want to note the warning in the PERL Porters post (http://www.perl.com/CPAN-local/authors/id/GSAR/perl5.005_02.announce): "WARNING: Perl 5.005 and later are NOT BINARY COMPATIBILE with releases prior to 5.005. You will need to recompile all extensions that require a C compiler to build (i.e. those that contain XSUBs). See the "INSTALL" document for detailed instructions on how to cope." ---------------------------------------------------------------------- Brent Alexander Oswald /\ http://www.io.com/~buzzboy ILLUMINATI ONLINE /IO\ buzzboy@io.com Webmaster /____\ NIC: BO525 FNORD! From mail@mail.redhat.com Tue Sep 1 08:01:33 1998 Received: (qmail 334 invoked from network); 1 Sep 1998 12:00:47 -0000 Received: from mail.redhat.com (199.183.24.239) by mail2.redhat.com with SMTP; 1 Sep 1998 12:00:47 -0000 Received: from K3.peakpeak.com (root@dns1.peakpeak.com [207.174.103.3]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id IAA07484 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 08:01:33 -0400 Received: from [199.165.157.57] (lovetown.oneup.com [199.165.157.57]) by K3.peakpeak.com (8.8.5/8.8.5) with ESMTP id GAA29616; Tue, 1 Sep 1998 06:00:44 -0600 Message-Id: <v0313030cb21191ab19be@[199.165.157.57]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Sep 1998 06:00:31 -0600 To: redhat-secure-server@redhat.com From: "Chris J. Magnuson" <chrism@peakpeak.com> Subject: Secure Server error When I try to connect to my web site that supposedly has RSS installed, https:// www.whatever.com, I get an error in Navigator: "The server''s certificate has an invalid signature. You will not be able to connect to this site securely." I followed the instructions for installing the Thawte certificate properly, and when I start httpsd it prompts me for a pass phrase and accepts what I type in. httpsd is running if I do a ps auwwx So what have I overlooked? I need this to work by Thursday. If you would like the site name contact me off-list. Thanks, Chris From mail@mail.redhat.com Tue Sep 1 11:14:38 1998 Received: (qmail 22679 invoked from network); 1 Sep 1998 15:14:39 -0000 Received: from lacrosse.redhat.com (root@207.175.42.154) by mail2.redhat.com with SMTP; 1 Sep 1998 15:14:39 -0000 Received: from pip.devel.redhat.com (pbrown@pip.devel.redhat.com [207.175.42.15]) by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id LAA17445 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 11:14:38 -0400 Received: from localhost (pbrown@localhost) by pip.devel.redhat.com (8.8.7/8.8.7) with SMTP id LAA20717 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 11:11:38 -0400 X-Authentication-Warning: pip.devel.redhat.com: pbrown owned process doing -bs Date: Tue, 1 Sep 1998 11:11:38 -0400 (EWT) From: Preston Brown <pbrown@redhat.com> X-Sender: pbrown@pip.devel.redhat.com To: redhat-secure-server@redhat.com Subject: Re: Modules, src, Was: Secure Server upgrade In-Reply-To: <Pine.LNX.3.96.980901013921.914L-100000@hale-bopp.io.com> Message-ID: <Pine.LNX.4.02.9809011107240.30401-100000@pip.devel.redhat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Tue, 1 Sep 1998, Brent A. Oswald wrote:> I did however re-examine the CD tonight (twice to be sure) and didn''t > notice anywhere that the header files were included (even as part of > the rpm''s). I still don''t quite understand how you''d go about doing > this anyway, because normally, the code for a module is compiled (or > simply uncompressed) and copied to the apache src tree, then you''d > edit the Configuration file and perform a new make(1L). That''s how I > did it in Apache 1.2* at least (I''m not sure about 1.3* since I > haven''t yet taken the time to tweak configurations with it).It is possible in Apache 1.3.x to build modules OUTSIDE of the apache source code tree, IF you have the apache header files around. Unfortunately, we didn''t ship these headers directly with SWS 1.0, but they can be found in the apache 1.2.6 SRPM that ships with Red Hat (or from ftp.redhat.com). Our modifications to SWS allow modules to be compiled in a similar way (outside the apache source tree). But it isn''t "plug and play"-- there''s a bit of manual work involved most of the time. Suffice it to say that we are building our third party modules (mod_perl and mod_php3) with no Apache or Secure Web Server installed on the system. Just the header files. Take a look at the SRPM to either one if you are curious.> PS- A question unrelated to the previous posts: Would upgrading PERL > on the machine (latest version is at 5.005_02) have any impact on mod_perl > with the server (ie: nothing is likely to break, is it?) To quote the > README on the CD: > > "If you do not have RPM, if you choose to install mod_perl, Perl > 5.00404 WILL be installed and will become the default version of > Perl on your system. This is because mod_perl requires that > specific version of Perl."When it says that mod_perl "requires" this version, it means it needs AT LEAST this version. Not that version specifically. Note that mod_perl actually links the runtime perl library into itself when it is compiled, so if you upgrade your perl, you won''t really be upgrading the perl in mod_perl. You''ll have to recompile mod_perl in order for this to happen. I hope that makes sense. --- Preston Brown Red Hat Software, Inc. pbrown@redhat.com From mail@mail.redhat.com Tue Sep 1 11:48:29 1998 Received: (qmail 27021 invoked from network); 1 Sep 1998 15:48:30 -0000 Received: from lacrosse.redhat.com (root@207.175.42.154) by mail2.redhat.com with SMTP; 1 Sep 1998 15:48:30 -0000 Received: from pip.devel.redhat.com (pbrown@pip.devel.redhat.com [207.175.42.15]) by lacrosse.redhat.com (8.8.7/8.8.7) with ESMTP id LAA22101 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 11:48:29 -0400 Received: from localhost (pbrown@localhost) by pip.devel.redhat.com (8.8.7/8.8.7) with SMTP id LAA20799 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 11:45:29 -0400 X-Authentication-Warning: pip.devel.redhat.com: pbrown owned process doing -bs Date: Tue, 1 Sep 1998 11:45:29 -0400 (EWT) From: Preston Brown <pbrown@redhat.com> X-Sender: pbrown@pip.devel.redhat.com To: redhat-secure-server@redhat.com Subject: Re: [redhat-secure-server] What do you have to do for mod_dbm? In-Reply-To: <v03130304b2111c8288e5@[199.165.157.57]> Message-ID: <Pine.LNX.4.02.9809011143340.30401-100000@pip.devel.redhat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Mon, 31 Aug 1998, Chris J. Magnuson wrote:> What do you have to do to get DBM to work with secure server? Doing httpd > -h I see that it isn''t one of the modules that is compiled in.You must either 1) wait for 2.0 2) grab the apache 1.3.1 sourcecode, compile the auth_dbm module as a shared object, and then put it in /usr/lib/apache, and edit /etc/httpsd/conf/httpd.conf to reflect the additional module. --- Preston Brown Red Hat Software, Inc. pbrown@redhat.com From mail@mail.redhat.com Tue Sep 1 14:48:22 1998 Received: (qmail 24139 invoked from network); 1 Sep 1998 18:47:36 -0000 Received: from mail.redhat.com (199.183.24.239) by mail2.redhat.com with SMTP; 1 Sep 1998 18:47:35 -0000 Received: from hermes.in.netwaveinc.com (cyclops.netwaveinc.com [209.61.14.193]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id OAA15711 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 14:48:22 -0400 Received: from netwavelink.com ([192.168.1.111]) by hermes.in.netwaveinc.com (8.8.7/8.8.7) with ESMTP id OAA24217 for <redhat-secure-server@redhat.com>; Tue, 1 Sep 1998 14:47:32 -0400 Message-ID: <35E99E40.43B0607D@netwavelink.com> Date: Sun, 30 Aug 1998 14:47:28 -0400 From: Tod Hagan <todh@netwavelink.com> Organization: Netwave X-Mailer: Mozilla 4.05 [en] (Win95; I) MIME-Version: 1.0 To: redhat-secure-server@redhat.com Subject: Re: [redhat-secure-server] Re: Secure Server upgrade References: <Pine.LNX.3.96.980831184759.3405I-100000@xanadu.redhat.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Preston Brown wrote:> With apache 1.3.x, it is possible to compile 3rd party modules without > having anything other than the apache header files available. We will > make it possible to compile 3rd party modules for Secure Web Server. You > can do this already, with the apache 1.2.6 header files we shipped in 1.0. > However, because you have to make modules "think" they are compiling with > 1.3.x (which was the first official release to include DSO support) things > can be a little bit more complex than they could otherwise be. It will be > easier in 2.0. > > If you are having specific problems compiling a 3rd party module for 1.0, > let''s discuss it on the list here, and perhaps I can help.Do all modules currently work as DSOs? I ask because I''ve been unable to successfully compile mod_auth_pgsql for 1.2.6 as a DSO. When I tried to load the mod_auth_pgsql.so I compiled, it wasn''t able to resolve symbol module_info. When I examined the source code for mod_auth_pgsql, the module_info struct was called something else (pgsql_auth_module) instead. When I tried renaming the struct and recompiling, apache ceased complaining, but started failing silently instead. I concluded that mod_auth_pgsql really needed to be statically linked. It sounds like version 2.0 won''t support statically-linked modules either, and so mod_auth_pgsql won''t work with it. -- Tod Hagan On assignment at: Bondcliff Internet Group NetWave, Inc. tod@bondcliff.com todh@netwavelink.com
On Tue, 1 Sep 1998, Brent A. Oswald wrote:> I did however re-examine the CD tonight (twice to be sure) and didn''t > notice anywhere that the header files were included (even as part of > the rpm''s). I still don''t quite understand how you''d go about doing > this anyway, because normally, the code for a module is compiled (or > simply uncompressed) and copied to the apache src tree, then you''d > edit the Configuration file and perform a new make(1L). That''s how I > did it in Apache 1.2* at least (I''m not sure about 1.3* since I > haven''t yet taken the time to tweak configurations with it).It is possible in Apache 1.3.x to build modules OUTSIDE of the apache source code tree, IF you have the apache header files around. Unfortunately, we didn''t ship these headers directly with SWS 1.0, but they can be found in the apache 1.2.6 SRPM that ships with Red Hat (or from ftp.redhat.com). Our modifications to SWS allow modules to be compiled in a similar way (outside the apache source tree). But it isn''t "plug and play"-- there''s a bit of manual work involved most of the time. Suffice it to say that we are building our third party modules (mod_perl and mod_php3) with no Apache or Secure Web Server installed on the system. Just the header files. Take a look at the SRPM to either one if you are curious.> PS- A question unrelated to the previous posts: Would upgrading PERL > on the machine (latest version is at 5.005_02) have any impact on mod_perl > with the server (ie: nothing is likely to break, is it?) To quote the > README on the CD: > > "If you do not have RPM, if you choose to install mod_perl, Perl > 5.00404 WILL be installed and will become the default version of > Perl on your system. This is because mod_perl requires that > specific version of Perl."When it says that mod_perl "requires" this version, it means it needs AT LEAST this version. Not that version specifically. Note that mod_perl actually links the runtime perl library into itself when it is compiled, so if you upgrade your perl, you won''t really be upgrading the perl in mod_perl. You''ll have to recompile mod_perl in order for this to happen. I hope that makes sense. --- Preston Brown Red Hat Software, Inc. pbrown@redhat.com
Preston Brown
1998-Sep-01 08:45 UTC
Re: [redhat-secure-server] What do you have to do for mod_dbm?
On Mon, 31 Aug 1998, Chris J. Magnuson wrote:> What do you have to do to get DBM to work with secure server? Doing httpd > -h I see that it isn''t one of the modules that is compiled in.You must either 1) wait for 2.0 2) grab the apache 1.3.1 sourcecode, compile the auth_dbm module as a shared object, and then put it in /usr/lib/apache, and edit /etc/httpsd/conf/httpd.conf to reflect the additional module. --- Preston Brown Red Hat Software, Inc. pbrown@redhat.com
Chris J. Magnuson
1998-Sep-11 03:15 UTC
Re: [redhat-secure-server] Re: Modules, src, Was: Secure Server upgrade
>On Tue, 1 Sep 1998, Brent A. Oswald wrote: > >> I did however re-examine the CD tonight (twice to be sure) and didn''t >> notice anywhere that the header files were included (even as part of >> the rpm''s). I still don''t quite understand how you''d go about doing >> this anyway, because normally, the code for a module is compiled (or >> simply uncompressed) and copied to the apache src tree, then you''d >> edit the Configuration file and perform a new make(1L). That''s how I >> did it in Apache 1.2* at least (I''m not sure about 1.3* since I >> haven''t yet taken the time to tweak configurations with it). > >It is possible in Apache 1.3.x to build modules OUTSIDE of the apache >source code tree, IF you have the apache header files around. >Unfortunately, we didn''t ship these headers directly with SWS 1.0, but >they can be found in the apache 1.2.6 SRPM that ships with Red Hat (or >from ftp.redhat.com). Our modifications to SWS allow modules to be >compiled in a similar way (outside the apache source tree). But it isn''t >"plug and play"-- there''s a bit of manual work involved most of the time. >Suffice it to say that we are building our third party modules (mod_perl >and mod_php3) with no Apache or Secure Web Server installed on the system. >Just the header files. Take a look at the SRPM to either one if you are >curious.Hey! I''m interested in learning how to compile in things like mod_dbm_auth (I think it should be part of the stock distribution as shipped, but I digress). Is there a doc or HOWTO that describes how to accomplish this feat with SWS 1.0? Thanks, Chris