From 386666ec7a3ab737dbe45041d7c7e903aad3bc0c Mon Sep 17 00:00:00 2001
From: jgg <>
Date: Wed, 25 Oct 2000 03:58:01 +0000
Subject: [PATCH] Doc fixes
---
templates/welcome-message-800 | 4 +++-
ud-replicate | 2 +-
web/doc-direct.html | 8 ++++----
web/doc-direct.wml | 2 +-
web/doc-general.html | 12 ++++++------
web/doc-general.wml | 8 ++++----
web/doc-mail.html | 33 +++++++++++++++++----------------
web/doc-mail.wml | 27 ++++++++++++++-------------
web/forward.html | 29 ++++++++++++++++++-----------
web/forward.wml | 16 ++++++++--------
web/password.html | 11 +++++------
web/password.wml | 5 ++---
12 files changed, 83 insertions(+), 74 deletions(-)
diff --git a/templates/welcome-message-800 b/templates/welcome-message-800
index b86d4e1..5df81e8 100644
--- a/templates/welcome-message-800
+++ b/templates/welcome-message-800
@@ -70,7 +70,9 @@ The machine ftp-master.debian.org is our main archive server. Every
uploaded package finds it's way there (except for Packages covered by US
crypto laws which go to non-us.debian.org) eventually. master.debian.org is
the home of our bug tracking system. Project web pages and CVS archives are
-hosted on va.debian.org (aka cvs/www.debian.org).
+hosted on klecker.debian.org (aka cvs/www.debian.org), klecker is also our
+general shell server. Web pages should be placed in public_html on klecker
+and refered to by http://people.debian.org/~__LOGIN__
You should use ssh to log into the machines instead of regular telnet
or rlogin. Our LDAP directory is able to share ssh RSA keys among machines,
diff --git a/ud-replicate b/ud-replicate
index 5010a6a..58f705b 100755
--- a/ud-replicate
+++ b/ud-replicate
@@ -10,7 +10,7 @@ trap "rm -f lock > /dev/null 2>&1" exit
rsync -e ssh -rp sshdist@samosa:/var/cache/userdir-ldap/hosts/$HOST . > /dev/null 2>&1
makedb $HOST/passwd.tdb -o passwd.db.t > /dev/null 2>&1
(umask 027 && makedb $HOST/shadow.tdb -o shadow.db.t) > /dev/null 2>&1
-chown root.shadow shadow.db; chmod 0640 shadow.db.t
+chown root.shadow shadow.db.t; chmod 0640 shadow.db.t
makedb $HOST/group.tdb -o group.db.t > /dev/null 2>&1
mv -f passwd.db.t passwd.db
mv -f shadow.db.t shadow.db
diff --git a/web/doc-direct.html b/web/doc-direct.html
index 2a6de07..536fe73 100644
--- a/web/doc-direct.html
+++ b/web/doc-direct.html
@@ -8,8 +8,8 @@
-
-
+
+
@@ -34,7 +34,7 @@
Direct LDAP Access
The LDAP utilities package provides a program called ldapsearch that can be
-used to exectute direct queries to the database. Generally this is done by
+used to execute direct queries to the database. Generally this is done by
putting
HOST db.debian.org
@@ -93,7 +93,7 @@ book.
Back to the Debian Project homepage.
You can contact us at admin@db.debian.org.
-Last Modified: Tue, Dec 28 06:03:51 UTC 1999
+Last Modified: Wed, Oct 25 05:43:55 UTC 2000
Copyright © 1997-1999 SPI; See license terms
diff --git a/web/doc-direct.wml b/web/doc-direct.wml
index 1142722..fc6b74b 100644
--- a/web/doc-direct.wml
+++ b/web/doc-direct.wml
@@ -1,7 +1,7 @@
#use wml::debian::template title="Direct LDAP Access"
The LDAP utilities package provides a program called ldapsearch that can be
-used to exectute direct queries to the database. Generally this is done by
+used to execute direct queries to the database. Generally this is done by
putting
HOST db.debian.org
diff --git a/web/doc-general.html b/web/doc-general.html
index cf38433..40de257 100644
--- a/web/doc-general.html
+++ b/web/doc-general.html
@@ -8,8 +8,8 @@
-
-
+
+
General LDAP Documentation
-debian.org uses a single LDAP driven directory for account managment across
+debian.org uses a single LDAP driven directory for account management across
all the project run machines. This directory
also provides services for leaving vacation notices, updating
xplanet coordinates,
@@ -45,12 +45,12 @@ running OpenSSH are using replicated SSH RSA authentication keys.
Security and Privacy
Three levels of information security are provided by the database. The first
is completely public information that anyone can see either by issuing an
-LDAP query or by visiting the web site. The next level is "maintainer-only"
+LDAP query or by visiting the web site. The next level is "developer-only"
information that requires authentication to the directory before it can be
accessed. The final level is admin-only or user-only information; this
information can only be viewed by the user or an administrator.
-Maintainer-only information includes precise location information
+developer-only information includes precise location information
[postalcode, postal address, lat/long] telephone numbers, and the vacation
message.
@@ -75,7 +75,7 @@ The directory has several means to access it:
Back to the Debian Project homepage.
You can contact us at admin@db.debian.org.
-Last Modified: Wed, May 3 03:59:30 UTC 2000
+Last Modified: Wed, Oct 25 05:38:37 UTC 2000
Copyright © 1997-1999 SPI; See license terms
diff --git a/web/doc-general.wml b/web/doc-general.wml
index 183446c..697847b 100644
--- a/web/doc-general.wml
+++ b/web/doc-general.wml
@@ -1,8 +1,8 @@
#use wml::debian::template title="General LDAP Documentation"
-debian.org uses a single LDAP driven directory for account managment across
+debian.org uses a single LDAP driven directory for account management across
all the project run machines. This directory
-also provides services for leaving vacation notices, updating
+also provides services for leaving vacation notices, updating
xplanet coordinates,
email forwarding, ssh authentication keys and other information.
@@ -14,13 +14,13 @@ running OpenSSH are using replicated SSH RSA authentication keys.
Security and Privacy
Three levels of information security are provided by the database. The first
is completely public information that anyone can see either by issuing an
-LDAP query or by visiting the web site. The next level is "maintainer-only"
+LDAP query or by visiting the web site. The next level is "developer-only"
information that requires authentication to the directory before it can be
accessed. The final level is admin-only or user-only information; this
information can only be viewed by the user or an administrator.
-Maintainer-only information includes precise location information
+developer-only information includes precise location information
[postalcode, postal address, lat/long] telephone numbers, and the vacation
message.
diff --git a/web/doc-mail.html b/web/doc-mail.html
index 1730fe6..51739e9 100644
--- a/web/doc-mail.html
+++ b/web/doc-mail.html
@@ -8,8 +8,8 @@
-
-
+
+
LDAP Gateway
The LDAP directory has a PGP secured mail gateway that
-allows users to safely and conviently effect changes to their entries. It
-makes use of PGP signed input messages to positivly identify the user and
+allows users to safely and conveniently effect changes to their entries. It
+makes use of PGP signed input messages to positively identify the user and
to confirm the validity of the request. Furthermore it implements a replay
cache that prevents the gateway from accepting the same message more than
once.
-There are three functions logically split into 3 sperate email addresses
+There are three functions logically split into 3 seperate email addresses
that are implemented by the gateway: ping, new password and
changes. The function to act on is the first argument to the program.
@@ -47,7 +47,7 @@ Error handling is currently done by generating a bounce message and passing
descriptive error text to the mailer. This can generate a somewhat hard to
read error message, but it does have all the relevent information.
Ping
-The ping command simply returns the users public record. It is usefull for
+The ping command simply returns the users public record. It is useful for
testing the gateway and for the requester to get a basic dump of their
record. In future this address might 'freshen' the record to indicate the
user is alive. Any PGP signed message will produce a reply.
@@ -59,20 +59,21 @@ daemon from triggering on arbitary signed email. The best way to invoke this
feature is with
echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org
After validating the request the daemon will generate a new random password,
-set it in the directory and respond with an ecrpyted message containing the
+set it in the directory and respond with an encrpyted message containing the
new password. The password can be changed using one of the other interface
methods.
Changes
-An address is provided for making almost arbitary changes to the contents of
-the record. The daemon parse its input line by line and acts on each line in
-a command oriented manner. Anything, except for passwords, can be changed
-using this mechanism. Note however that because this is a mail gateway it
-does stringent checking on its input. The other tools allow fields to be set
-to virtually anything, the gateway requires specific field formats to be met.
+An address (changes@debian.org) is provided for making almost arbitary
+changes to the contents of the record. The daemon parses its input line by
+line and acts on each line in a command oriented manner. Anything, except for
+passwords, can be changed using this mechanism. Note however that because
+this is a mail gateway it does stringent checking on its input. The other
+tools allow fields to be set to virtually anything, the gateway requires
+specific field formats to be met.
- A line of the form 'field: value' will change the contents of
the field to value. Some simple checks are performed on value to make sure
-that it is not sent to nonsense. The values that can be changed are:
+that it is not set to nonsense. The values that can be changed are:
c, l, facsimiletelephonenumber, telephonenumber,
postaladdress, postalcode,
loginshell, emailforward, ircnick, onvacation,
@@ -104,7 +105,7 @@ Like the SSH function above, multiple hosts are supported, but they must all
be sent at once. The debian.net zone is only reloaded once per day at
midnight -0700.
- If the single word show appears on a line then a PGP encrypted version
-of the entire record will be attached to the result email.
+of the entire record will be attached to the resulting email.
After processing the requests the daemon will generate a report which contains
each input command and the action taken. If there are any parsing errors
@@ -131,7 +132,7 @@ a short while before any changes made take effect.
Back to the Debian Project homepage.
You can contact us at admin@db.debian.org.
-Last Modified: Mon, Dec 27 23:38:30 UTC 1999
+Last Modified: Wed, Oct 25 05:42:44 UTC 2000
Copyright © 1997-1999 SPI; See license terms
diff --git a/web/doc-mail.wml b/web/doc-mail.wml
index 9f0a7d8..6b84576 100644
--- a/web/doc-mail.wml
+++ b/web/doc-mail.wml
@@ -1,14 +1,14 @@
#use wml::debian::template title="LDAP Gateway"
The LDAP directory has a PGP secured mail gateway that
-allows users to safely and conviently effect changes to their entries. It
-makes use of PGP signed input messages to positivly identify the user and
+allows users to safely and conveniently effect changes to their entries. It
+makes use of PGP signed input messages to positively identify the user and
to confirm the validity of the request. Furthermore it implements a replay
cache that prevents the gateway from accepting the same message more than
once.
-There are three functions logically split into 3 sperate email addresses
+There are three functions logically split into 3 seperate email addresses
that are implemented by the gateway: ping, new password and
changes. The function to act on is the first argument to the program.
@@ -18,7 +18,7 @@ descriptive error text to the mailer. This can generate a somewhat hard to
read error message, but it does have all the relevent information.
Ping
-The ping command simply returns the users public record. It is usefull for
+The ping command simply returns the users public record. It is useful for
testing the gateway and for the requester to get a basic dump of their
record. In future this address might 'freshen' the record to indicate the
user is alive. Any PGP signed message will produce a reply.
@@ -31,22 +31,23 @@ daemon from triggering on arbitary signed email. The best way to invoke this
feature is with
echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org
After validating the request the daemon will generate a new random password,
-set it in the directory and respond with an ecrpyted message containing the
+set it in the directory and respond with an encrpyted message containing the
new password. The password can be changed using one of the other interface
methods.
Changes
-An address is provided for making almost arbitary changes to the contents of
-the record. The daemon parse its input line by line and acts on each line in
-a command oriented manner. Anything, except for passwords, can be changed
-using this mechanism. Note however that because this is a mail gateway it
-does stringent checking on its input. The other tools allow fields to be set
-to virtually anything, the gateway requires specific field formats to be met.
+An address (changes@debian.org) is provided for making almost arbitary
+changes to the contents of the record. The daemon parses its input line by
+line and acts on each line in a command oriented manner. Anything, except for
+passwords, can be changed using this mechanism. Note however that because
+this is a mail gateway it does stringent checking on its input. The other
+tools allow fields to be set to virtually anything, the gateway requires
+specific field formats to be met.
- A line of the form 'field: value' will change the contents of
the field to value. Some simple checks are performed on value to make sure
-that it is not sent to nonsense. The values that can be changed are:
+that it is not set to nonsense. The values that can be changed are:
c, l, facsimiletelephonenumber, telephonenumber,
postaladdress, postalcode,
loginshell, emailforward, ircnick, onvacation,
@@ -84,7 +85,7 @@ be sent at once. The debian.net zone is only reloaded once per day at
midnight -0700.
- If the single word show appears on a line then a PGP encrypted version
-of the entire record will be attached to the result email.
+of the entire record will be attached to the resulting email.
After processing the requests the daemon will generate a report which contains
diff --git a/web/forward.html b/web/forward.html
index 207af53..728e85f 100644
--- a/web/forward.html
+++ b/web/forward.html
@@ -8,8 +8,8 @@
-
-
+
+
Email Forwarding
-Emails to @debian.org now go through a LDAP distributed email system. This
-system uses the forwarding field in the LDAP directory to route mail without
-passing it through a users .forward file on a single computer.
-Multiple machines participate in the forwarding to provide redudency.
+Emails to @debian.org addresses now go through a LDAP distributed email system.
+This system uses the forwarding field in the LDAP directory to route mail
+without passing it through a users .forward file on a single host.
+Multiple machines participate in the forwarding to provide redudancy.
-Each of the forwarders inspects the LDAP database
+Each forwarders inspects the LDAP database
to see if foo@debian.org has forwarding set to an address, if so the envelope
to address is rewritten and the message redirected to the new address.
Otherwise the message is relayed to master.debian.org for processing by the
@@ -51,11 +51,18 @@ email. If the user has a home directory and no .forward file the mail is
forwarded rather than delivered to /var/spool/mail. This makes sure cron
reports, bug responses and other unexpected emails are not misplaced.
+If you set the forwarding address to be a specific Debian machine and do
+not create a forward file then that machine will spool the mail to
+/var/spool/mail instead of creating a mail loop.
+
The email forwarding can be easially reconfigured using GnuPG:
echo "emailforward: foo@bar.com" | gpg --clearsign | mail change@db.debian.org
or by visiting db.debian.org
+
+You can test the email routing by using the command /usr/sbin/exim -bt
+foo@debian.org
procmail
If you use procmail for your main mailbox, PLEASE, erase your .forward
file and put a .procmailrc in its place instead. This feature has been
@@ -65,7 +72,7 @@ supported.
The correct way to invoke procmail for extension addresses is "|/usr/bin/procmail [options]"
Ignore the IFS=".." stuff in the procmail man page.
MailBox formats
-Emails can be saved to mailboxes or maildirs by using the correct lines in a
+Email can be saved to mailboxes or maildirs by using the correct lines in a
.forward file:
Mailbox format files "/debian/home/foo/Mbox"
@@ -78,7 +85,7 @@ Exim.
Also, 'Exim Filter' files are deliberately turned off.
Delivey Environment
-Some environment variables are set per-message (not quoted! Carefull!)
+Some environment variables are set per-message (not quoted! Careful!)
It is important to note that the environment variables dealing with
addressing apply to the ENVELOPE address are are totally completely
unrelated to the actual contents of the message:
@@ -97,12 +104,12 @@ unrelated to the actual contents of the message:
RECIPIENT = (the entire envelope to)
-Such that, $RECIPIENT = $LOCAL-EXTENSION@<something>.
+Such that, $RECIPIENT = $LOCAL-$EXTENSION@<something>.
Back to the Debian Project homepage.
You can contact us at admin@db.debian.org.
-Last Modified: Wed, May 10 04:51:33 UTC 2000
+Last Modified: Wed, Oct 25 05:46:04 UTC 2000
Copyright © 1997-1999 SPI; See license terms
diff --git a/web/forward.wml b/web/forward.wml
index 532bbf7..86fc31b 100644
--- a/web/forward.wml
+++ b/web/forward.wml
@@ -1,12 +1,12 @@
#use wml::debian::template title="Email Forwarding"
-Emails to @debian.org now go through a LDAP distributed email system. This
-system uses the forwarding field in the LDAP directory to route mail without
-passing it through a users .forward file on a single computer.
-Multiple machines participate in the forwarding to provide redudency.
+Emails to @debian.org addresses now go through a LDAP distributed email system.
+This system uses the forwarding field in the LDAP directory to route mail
+without passing it through a users .forward file on a single host.
+Multiple machines participate in the forwarding to provide redudancy.
-Each of the forwarders inspects the LDAP database
+Each forwarders inspects the LDAP database
to see if foo@debian.org has forwarding set to an address, if so the envelope
to address is rewritten and the message redirected to the new address.
Otherwise the message is relayed to master.debian.org for processing by the
@@ -47,7 +47,7 @@ The correct way to invoke procmail for extension addresses is "|/usr/bin/procmai
Ignore the IFS=".." stuff in the procmail man page.
MailBox formats
-Emails can be saved to mailboxes or maildirs by using the correct lines in a
+Email can be saved to mailboxes or maildirs by using the correct lines in a
.forward file:
Mailbox format files "/debian/home/foo/Mbox"
@@ -63,7 +63,7 @@ Exim.
Also, 'Exim Filter' files are deliberately turned off.
Delivey Environment
-Some environment variables are set per-message (not quoted! Carefull!)
+Some environment variables are set per-message (not quoted! Careful!)
It is important to note that the environment variables dealing with
addressing apply to the ENVELOPE address are are totally completely
unrelated to the actual contents of the message:
@@ -84,5 +84,5 @@ unrelated to the actual contents of the message:
-Such that, $RECIPIENT = $LOCAL-EXTENSION@<something>.
+Such that, $RECIPIENT = $LOCAL-$EXTENSION@<something>.
diff --git a/web/password.html b/web/password.html
index 674ec50..38241d8 100644
--- a/web/password.html
+++ b/web/password.html
@@ -8,8 +8,8 @@
-
-
+
+
@@ -51,20 +51,19 @@ Alternatively, you can do without a password and use PGP to manipulate your
LDAP information through the mail gateway and use
SSH RSA Authentication to access the servers. To setup OpenSSH for RSA you
need to first generate a private RSA key using ssh-keygen and select
-a good password for it. Then send the public portion of the key to the LDAP
+a good passphrase for it. Then send the public portion of the key to the LDAP
directory:
gpg --clearsign < ~/.ssh/identity.pub | mail change@db.debian.org
You can then use this key to authenticate to the machines. Using ssh-agent
(automatically run by Debian's X configuration) you can use ssh-add to 'cache'
-your password once. Note: Very few
-machines have the patched SSH required to support this yet.
+your passphrase once.
Back to the Debian Project homepage.
You can contact us at admin@db.debian.org.
-Last Modified: Tue, Dec 28 06:44:59 UTC 1999
+Last Modified: Wed, Oct 25 05:43:55 UTC 2000
Copyright © 1997-1999 SPI; See license terms
diff --git a/web/password.wml b/web/password.wml
index e4dbee3..8901cef 100644
--- a/web/password.wml
+++ b/web/password.wml
@@ -19,13 +19,12 @@ Alternatively, you can do without a password and use PGP to manipulate your
LDAP information through the mail gateway and use
SSH RSA Authentication to access the servers. To setup OpenSSH for RSA you
need to first generate a private RSA key using ssh-keygen and select
-a good password for it. Then send the public portion of the key to the LDAP
+a good passphrase for it. Then send the public portion of the key to the LDAP
directory:
gpg --clearsign < ~/.ssh/identity.pub | mail change@db.debian.org
You can then use this key to authenticate to the machines. Using ssh-agent
(automatically run by Debian's X configuration) you can use ssh-add to 'cache'
-your password once. Note: Very few
-machines have the patched SSH required to support this yet.
+your passphrase once.
--
2.20.1