Archive for May, 2006



A new security vulnerability has been disclosed for WordPress < = 2.0.2.
The only solution at the moment seems to restrict web access to the wp-content/cache/userlogins/ and wp-content/cache/users/ directories (e.g. with a .htaccess file). Thus, I’ve done so while the WordPress staff confirms and fixes this problem.

A LDAP directory offers a single, logically centralized, hierarchical store to keep data, like information about users, groups, mailboxes, services, etc. There are a number of applications out there than can leverage this LDAP store. For example, PAM can authenticate by checking against an LDAP directory, Cyrus-IMAP can check whether a certain user has a [...]

The file /etc/postfix/master.cf of postfix-2.1.5-4.2.RHEL4.x86_64 contains a hard-coded path to Cyrus-IMAP LMTP deliver agent, /usr/lib/cyrus-imapd/deliver. However, this causes problems on x86_64 systems since Cyrus-IMAP LMTP deliver agent path is /usr/lib64/cyrus-imapd/deliver.
Fixing this problem is easy: just edit /etc/postfix/master.cf and replace /usr/lib/cyrus-imapd/deliver with /usr/lib64/cyrus-imapd/deliver.
I have filled in a bug report against Red Hat’s Enterprise Linux 4:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192601

In Red Hat Enterprise Linux ES 4.1 Update 3, both /etc/pam.d/imap and /etc/pam.d/pop contain hard-coded paths pointing to pam_stack.so, actually /lib/security/pam_stack.so. This causes problems on x86_64 since pam_stack.so is located under /lib64/security/pam_stack.so.
A workaround is to modify /etc/pam.d/imap and /etc/pam.d/pop to look like this:

#%PAM-1.0
auth required pam_stack.so [...]

Care must be exercised when using testsaslauthd to check whether SASL authentication is working and saslauthd is configured to use PAM:

# cat /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=pam
FLAGS=

By default, testsaslauthd test whether the authentication process works by invoking authentication onto the imap service, unless the -s service is passed along in the command-line. PAM configuration for the imap service is [...]

libuser is a collection of libraries and tools to manage users and groups under Linux or UNIX-like systems. libuser has several modules allowing to manage users and groups through different backends, like local (password and shadow) and LDAP (the LDAP backend has been somewhat unusable up to version 0.52).
The LDAP module, however, requires the user [...]

dnsmasq offers a lightweight, functional and integrated DHCP and DNS service. Using it on OpenWRT brings up and embedded, flexible DNS service, with a very small footprint, for small or home offices.
dnsmasq acts as a caching DNS server and DHCP server. It reserves a DNS domain, called the local DNS domain and usually being .lan, [...]

Leo un breve artículo en Kriptópolis que pone en duda la ecuación Firma digital=Firma manuscrita:
La Ley dice que sí, pero algunos nunca hemos creído en esa ecuación. En nuestra opinión, lo más que puede acreditar la firma digital es su relación con determinada clave, pero la voluntariedad e intencionalidad de su uso siempre podrá ser [...]