[H-SASIG] Proposed changes to Excalibur

Raymond Smith raymond at humbug.org.au
Sun Nov 29 20:25:36 EST 2009 

[And this time, to the list]

2009/11/30 Russell Stuart <russell-humbug at stuart.id.au>:
> 2.  Ssh port
>
> The only service that runs on the OSDC that clashes with the current
> Excalibur is sshd.  The easy fix for this is to move it to a different
> port.  This is actually a good thing to do in itself for security
> reasons.  I am planning to move the the current Excalibur sshd to port
> 24 next weekend.  Thus, assuming there aren't howls of protest here, you
> will need a "ssh -p 24" to connected to Excalibur as of next weekend.
> Also notice this won't work from within a Humbug meeting.

Sorry for my ignorance, but what is stopping the non-standard port
from working within a HUMBUG meeting? Does UQ only allow SSH out on
the default port? Personally, I feel that losing SSH to excalibur from
meetings would be a significant PITA. Its very nice to be able to have
members ask for something to be done, log in, do it, and then let
everyone get on with their lives.

So, not a howl of protest, but definitely an irritated growl.

> 3.  DNS Changes.
>
> Humbug.org.au's registrar is www.enetica.com.au.  Currently our DNS
> servers are Excalibur itself (the primary) and cartman.pipegrep.com.au,
> a secondary kindly provided by Humbug's immediate past president James
> Iseppi.  Humbug doesn't have direct control of cartman.pipegrep and so
> if something has to be done quickly and James is unavailable things can
> get awkward.  The plan is to use a free DNS service such as
> www.zoneedit.com to add secondaries we do control.  I have contacted
> James about this, and he seems happy with the proposed change.

I agree with moving to a free service like zoneedit.com. You might
also like to consider doing a "hidden master" (not sure correct name)
type setup so the secondaries are the only thing we need to change if
we need to move the primary to a different host.

I do have a side question: what sort of "something" do we need to do
to a secondary? I am curious because the only thing I have ever seen
is changing configuration regarding who is primary and that usually
only occurs with a good degree of planning.

Finally -- this is to everyone -- where are we at on the user
authentication issue regarding the request tracker? Is their an email
address that members can use to lodge support requests?

Cheers,

Raymond

More information about the Sasig mailing list