mirror of
https://github.com/bstansell/conserver.git
synced 2024-12-18 20:37:56 +00:00
278 lines
12 KiB
Plaintext
278 lines
12 KiB
Plaintext
INSTALL
|
|
=======
|
|
|
|
Upgrading?
|
|
|
|
Whenever you upgrade I suggest you upgrade both the client and
|
|
server. Most times, however, you can get away without upgrading
|
|
the client (it's usually a fairly static piece of code). I'll
|
|
document any dependencies here, but check the CHANGES file for any
|
|
new features added to the client if you're considering *not*
|
|
upgrading.
|
|
|
|
Version 8.1.3
|
|
- The '^Ec;' sequence won't work correctly with 8.1.2 (where it
|
|
was introduced).
|
|
|
|
Version 8.1.2
|
|
- The 'devicesubst' and 'execsubst' formats have changed from
|
|
8.1.1. It's fairly simple to update your config file to the
|
|
new format...just check the conserver.cf manpage. Sorry for
|
|
having to change things, but it's for a good reason (I should
|
|
have though ahead when designing the original format).
|
|
|
|
Version 8.1.0
|
|
|
|
- The client/server protocol has changed to better protect 8-bit
|
|
data and to allow programs invoked with '^Ec|' not have to
|
|
worry about accidentally sending the escape sequence to the
|
|
server. Though it will look like things are mostly
|
|
backward-compatible, don't count on it and just upgrade.
|
|
|
|
Version 8.0.2
|
|
|
|
- I've added a '^Ec;' sequence to allow the client to signal the
|
|
server as to when it's ready to see console data. Without
|
|
this, verbose consoles will prevent clients from attaching
|
|
(the client sees unexpected data). An 8.0.2 client should be
|
|
compatible with an 8.0.1 server, but an 8.0.1 client is not
|
|
compatible with an 8.0.2 server.
|
|
|
|
Version 8.0.1
|
|
|
|
- There's a slight client/server protocol change to implement
|
|
the new 'initcmd' console option. If you use this
|
|
functionality with an 8.0.0 client, you'll run into a
|
|
compatibility problem while the 'initcmd' command is running.
|
|
|
|
Version 8.0.0
|
|
|
|
- The client/server protocol has been rearchitected. You *MUST*
|
|
use an 8.0.0 client with an 8.0.0 server. No combination of
|
|
client/server will work with pre-8.0.0 code.
|
|
|
|
- Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires
|
|
you to change your conserver.cf and conserver.passwd files
|
|
because both of the file formats have changed.
|
|
|
|
The conserver.cf file changes are so major that there is a
|
|
convert program available in the conserver subdirectory. Just
|
|
run './conserver/convert <old-cf-file>' and it will attempt a
|
|
conversion to the new format, sending it to stdout. Any errors
|
|
will be printed to stderr. There are a couple of things
|
|
you might need to adjust. First are the user access lists.
|
|
If you are restricting users to certain consoles in your old
|
|
conserver.passwd file, you'll need to move those restrictions
|
|
into the new conserver.cf file. Restrictions are set with the
|
|
'ro' and 'rw' tags in the configuration file. Second are the
|
|
'access' blocks. What get produced by the convert program
|
|
will be functionally equivalent to the old behavior, but you
|
|
may be able to tune things to better suit your environment.
|
|
|
|
The conserver.passwd file's console restrictions have moved,
|
|
as described above. So to convert the conserver.passwd file,
|
|
all you really need to do is something like:
|
|
|
|
awk -F: '{print $1 ":" $2}' <old-passwd-file>
|
|
|
|
If you have comments or continuation lines in your file,
|
|
you'll have to do a bit more cleanup to strip out the third
|
|
field (which is what the awk command is intending to do).
|
|
|
|
- Conserver no longer trusts reverse DNS information by default.
|
|
If you use the --with-trustrevdns configure flag, you can
|
|
re-enable the use of gethostbyaddr() [I don't recommended it,
|
|
however]. If you are using domain names in access lists,
|
|
you'll either need to change those to use hostnames and/or ip
|
|
addresses/ranges or use the --with-trustrevdns flag. For
|
|
example, if you have (in the
|
|
8.0.0 format):
|
|
|
|
allowed conserver.com; # allow *.conserver.com
|
|
|
|
then you'll need to worry about this change. If you only use
|
|
full hostnames, you shouldn't have to do anything.
|
|
|
|
Version 7.2.4
|
|
|
|
- If SSL support is compiled into the code, older versions of
|
|
the client and server are, by default, incompatible because
|
|
encrypted connections are a requirement. Use of the -E flag in
|
|
the client and/or server can work around this (but I discourage
|
|
this - please upgrade the clients and servers instead).
|
|
|
|
Version 7.2.0
|
|
|
|
- The code related to broadcast messages in the client (-b) has
|
|
changed. If you want the username to come across properly in
|
|
the broadcast message, you'll need to make sure you upgrade
|
|
to the 7.2.0 client.
|
|
|
|
Version 7.1.1
|
|
|
|
- Both conserver.passwd and conserver.cf file parsing behaves
|
|
the same now. Both use leading whitespace as a continuation
|
|
line indicator - if you have leading whitespace on a line
|
|
(aside from comments) you probably should remove it.
|
|
|
|
Version 7.1.0
|
|
|
|
- The client/server protocol has changed. You *MUST* use a
|
|
7.1.0 client with a 7.1.0 and above server. A 7.1.0 client
|
|
is *not* backward compatible with a pre-7.1.0 server.
|
|
|
|
- Some of the flags in the client (-d, -D, and -r) and server
|
|
(-n) have been given new identities to make the client and
|
|
server flags more uniform.
|
|
|
|
- The conserver.passwd file now uses the first username match
|
|
to determine access rights - if you have multiple instances
|
|
of a username in an existing password file, they must be
|
|
combined into one to continue to work.
|
|
|
|
|
|
Quickie Instructions
|
|
|
|
- Download conserver (http://www.conserver.com/) and unpack
|
|
|
|
- Run './configure'
|
|
|
|
- Run 'make'
|
|
|
|
- Run 'make test'
|
|
|
|
- If all is well, run 'make install'
|
|
|
|
- Now set up config files, etc. (see below)
|
|
|
|
|
|
Detailed Instructions
|
|
|
|
- First thing to do is determine if you want different defaults. A
|
|
'./configure --help' will show you the basics. If you like all
|
|
the defaults shown, you're set. If not, here are the conserver
|
|
unique options:
|
|
|
|
--with-port=PORT Specify port number [conserver]
|
|
--with-base=PORT Base port for secondary channel [0]
|
|
--with-master=MASTER Specify master server hostname [console]
|
|
--with-ccffile=CFFILE Specify client config filename
|
|
[SYSCONFDIR/console.cf]
|
|
--with-cffile=CFFILE Specify config filename [SYSCONFDIR/conserver.cf]
|
|
--with-pwdfile=PWDFILE Specify password filename
|
|
[SYSCONFDIR/conserver.passwd]
|
|
--with-logfile=LOGFILE Specify log filename [/var/log/conserver]
|
|
--with-pidfile=PIDFILE Specify PID filepath [/var/run/conserver.pid]
|
|
--with-maxmemb=MAXMEMB Specify maximum consoles per process [16]
|
|
--with-timeout=TIMEOUT Specify connect() timeout in seconds [10]
|
|
--with-trustrevdns Trust reverse DNS information
|
|
--with-extmsgs Produce extended messages
|
|
--with-rpath Use -R as well as -L for libraries
|
|
--with-cycladests (deprecated - noop) Build for a Cyclades TS
|
|
--with-uds[=DIR] Use Unix domain sockets for client/server
|
|
communication [/tmp/conserver]
|
|
--with-trust-uds-cred Trust UDS credentials obtained via socket
|
|
--with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support
|
|
--with-openssl[=PATH] Compile in OpenSSL support
|
|
--with-req-server-cert Require server SSL certificate by client
|
|
--with-gssapi[=PATH] Compile in GSS-API support
|
|
--with-striprealm retry username without @REALM with gss-api
|
|
authentication
|
|
--with-freeipmi[=PATH] Compile in FreeIPMI support
|
|
--with-dmalloc[=PATH] Compile in dmalloc support
|
|
--with-pam Enable PAM support
|
|
--with-ipv6 (experimental) Use IPv6 for client/server
|
|
communication
|
|
|
|
Not surprisingly, some match the old conserver/cons.h items...here
|
|
they are for reference:
|
|
|
|
PORT or SERVICE - Socket used to communicate
|
|
HOST - Hostname of console server
|
|
CONFIG - Config file path
|
|
PASSWD_FILE - Password file path
|
|
MAXMEMB - Number of consoles per child process
|
|
|
|
A couple of notes. First, --with-libwrap will add tcp_wrappers
|
|
lookups to all socket connections in the server. --with-openssl
|
|
will add encryption between the client and server when you connect
|
|
to a console. --with-uds will cause the client and server to use
|
|
unix domain sockets for their communication, eliminating the
|
|
tcp communication they normally do (which means --with-master and
|
|
--with-port are not used). --with-dmalloc should only be used to
|
|
do memory allocation debugging and not used in production.
|
|
|
|
- Run './configure'. This will detect system specific
|
|
information. The --prefix option will redirect where things are
|
|
installed. Other options are available as well...try
|
|
'./configure --help'.
|
|
|
|
- Now run 'make'. Hopefully things will compile.
|
|
|
|
- To test your binaries, run 'make test'. If there are problems, it
|
|
should mean something is wrong, but check the output differences
|
|
to make sure it wasn't a temporary failure. I tried to make the
|
|
tests generic, but I may have missed something.
|
|
|
|
- Once things build, you can run 'make install'.
|
|
|
|
- If you'd like to build the autologin application, you'll need to
|
|
run 'make autologin'. If you'd like it installed, use 'make
|
|
autologin.install'.
|
|
|
|
- Now that the binaries are in place, we need to set up the
|
|
configuration files and such.
|
|
|
|
+ Does your conserver master hostname exist? This is the
|
|
hostname specified with the --with-master option. By default
|
|
the hostname is "console", so make sure it's in DNS, hosts
|
|
files, or whatever.
|
|
|
|
+ If you used a symbolic name for the --with-port option (by
|
|
default it uses "conserver", so the answer would be yes),
|
|
you'll need to enter a definition in your services file
|
|
(directly, via NIS, or whatever). Here's what we use:
|
|
|
|
console 782/tcp conserver # console server
|
|
|
|
If you used a number, you shouldn't have to worry about this
|
|
step.
|
|
|
|
+ Next, make sure conserver runs during boot. The init script we
|
|
use under Solaris is installed in
|
|
<DATADIR>/examples/conserver/conserver.rc. Use that or some
|
|
form of it for your own /etc/init.d script or an entry in
|
|
startup files (/etc/rc, /etc/rc.local, or whatever).
|
|
|
|
+ Now for the fun stuff. You need to create a conserver.cf and
|
|
conserver.passwd file. Those are defined with the
|
|
--with-cffile and --with-pwdfile settings. If you ever need to
|
|
know what values were compiled into conserver, run 'conserver
|
|
-V'. See the conserver.cf/INSTALL file for instructions on
|
|
setup of these files.
|
|
|
|
- That's it! Just start up the console server and enjoy!
|
|
|
|
|
|
Other Information And Gotchas
|
|
|
|
- Potential GCC bug
|
|
|
|
Adam Morris <AMorris@providence.org> reported a problem with
|
|
the following line in console/console.c:
|
|
|
|
if ((in_addr_t) (-1) == pPort->sin_addr.s_addr) {
|
|
|
|
This tickles a GCC bug under HP-UX 11.11 using GCC 3.0.2 in
|
|
64-bit mode with optimization enabled (-O). The bug could
|
|
possibly be provoked in other combinations as well. His fix is
|
|
to change the line to:
|
|
|
|
if ((in_addr_t) (-1) == inet_addr(pcToHost)) {
|
|
|
|
It's also reported that newer versions of the compiler fix the
|
|
issue, so if you happen to have problems with the client
|
|
connecting to servers, you might be tickling this bug and you
|
|
can upgrade the compiler, turn off the optimization, or apply
|
|
this code change.
|