DOCSLIB.ORG

Apache HTTP Server Documentation Version 2.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Apache HTTP Server Documentation Version 2.0 Apache HTTP Server Documentation Version 2.0 Apache Software Foundation October 2, 2009 ii About The PDF Documentation Copyright c 2005 The Apache Software Foundation Licensed under the Apache License, Version 2.0 (the ”License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 This version of the Apache HTTP Server Documentation is converted from XML source files to LATEX using XSLT with the help of Apache Ant, Apache XML Xalan, and Apache XML Xerces. Since the HTML version of the documentation is more commonly checked during development, the PDF ver- sion may contain some errors and inconsistencies, especially in formatting. If you have difficulty reading a part of this file, please consult the HTML version of the documentation on the Apache HTTP Server website at http://httpd.apache.org/docs/2.0/ The Apache HTTP Server Documentation is maintained by the Apache HTTP Server Documentation Project. More information is available at http://httpd.apache.org/docs-project/ Contents 1 Release Notes 1 1.1 Upgrading to 2.0 from 1.3........................................2 1.2 Overview of new features in Apache 2.0.................................4 1.3 The Apache License, Version 2.0.....................................6 2 Using the Apache HTTP Server9 2.1 Compiling and Installing......................................... 10 2.2 Starting Apache.............................................. 14 2.3 Stopping and Restarting.......................................... 16 2.4 Configuration Files............................................ 19 2.5 Configuration Sections.......................................... 21 2.6 Server-Wide Configuration........................................ 27 2.7 Log Files................................................. 29 2.8 Mapping URLs to Filesystem Locations................................. 36 2.9 Security Tips............................................... 40 2.10 Dynamic Shared Object (DSO) Support................................. 44 2.11 Content Negotiation............................................ 47 2.12 Custom Error Responses......................................... 54 2.13 Binding.................................................. 57 2.14 Multi-Processing Modules (MPMs)................................... 59 2.15 Environment Variables in Apache.................................... 60 2.16 Apache’s Handler Use.......................................... 65 2.17 Filters................................................... 67 2.18 suEXEC Support............................................. 68 2.19 Apache Performance Tuning....................................... 73 2.20 URL Rewriting Guide........................................... 85 3 Apache Virtual Host documentation 109 3.1 Apache Virtual Host documentation................................... 110 iii iv CONTENTS 3.2 Name-based Virtual Host Support.................................... 111 3.3 Apache IP-based Virtual Host Support.................................. 114 3.4 Dynamically Configured Mass Virtual Hosting............................. 116 3.5 VirtualHost Examples........................................... 121 3.6 An In-Depth Discussion of Virtual Host Matching............................ 129 3.7 File Descriptor Limits........................................... 134 3.8 Issues Regarding DNS and Apache.................................... 136 4 Apache Server Frequently Asked Questions 139 4.1 Frequently Asked Questions....................................... 140 4.2 Support - Frequently Asked Questions.................................. 141 4.3 Error Messages - Frequently Asked Questions.............................. 143 5 Apache SSL/TLS Encryption 145 5.1 Apache SSL/TLS Encryption....................................... 146 5.2 SSL/TLS Strong Encryption: An Introduction.............................. 147 5.3 SSL/TLS Strong Encryption: Compatibility............................... 156 5.4 SSL/TLS Strong Encryption: How-To.................................. 160 5.5 SSL/TLS Strong Encryption: FAQ.................................... 165 6 Guides, Tutorials, and HowTos 179 6.1 How-To / Tutorials............................................ 180 6.2 Authentication, Authorization and Access Control............................ 181 6.3 Apache Tutorial: Dynamic Content with CGI.............................. 185 6.4 Apache Tutorial: Introduction to Server Side Includes.......................... 191 6.5 Apache Tutorial: .htaccess files...................................... 197 6.6 Per-user web directories.......................................... 202 6.7 Apache Tutorials............................................. 204 7 Platform-specific Notes 207 7.1 Platform Specific Notes.......................................... 208 7.2 Using Apache with Microsoft Windows................................. 209 7.3 Compiling Apache for Microsoft Windows............................... 218 7.4 Using Apache With Novell NetWare................................... 223 7.5 Running a High-Performance Web Server on HPUX.......................... 229 7.6 The Apache EBCDIC Port........................................ 230 8 Apache HTTP Server and Supporting Programs 235 8.1 Server and Supporting Programs..................................... 236 CONTENTS v 8.2 httpd - Apache Hypertext Transfer Protocol Server........................... 237 8.3 ab - Apache HTTP server benchmarking tool.............................. 239 8.4 apachectl - Apache HTTP Server Control Interface........................... 241 8.5 apxs - APache eXtenSion tool...................................... 243 8.6 configure - Configure the source tree................................... 247 8.7 dbmmanage - Manage user authentication files in DBM format..................... 257 8.8 htdbm - Manipulate DBM password databases.............................. 259 8.9 htdigest - manage user files for digest authentication........................... 262 8.10 htpasswd - Manage user files for basic authentication.......................... 263 8.11 logresolve - Resolve IP-addresses to hostnames in Apache log files................... 265 8.12 rotatelogs - Piped logging program to rotate Apache logs........................ 266 8.13 suexec - Switch user before executing external programs........................ 268 8.14 Other Programs.............................................. 269 9 Apache Miscellaneous Documentation 271 9.1 Apache Miscellaneous Documentation.................................. 272 9.2 International Customized Server Error Messages............................ 273 9.3 Connections in the FIN WAIT 2 state and Apache............................ 281 9.4 Known Problems in Clients........................................ 286 9.5 Descriptors and Apache.......................................... 291 9.6 Relevant Standards............................................ 294 10 Apache modules 297 10.1 Terms Used to Describe Modules..................................... 298 10.2 Terms Used to Describe Directives.................................... 299 10.3 Apache Module core........................................... 302 10.4 Apache Module mod access....................................... 342 10.5 Apache Module mod actions....................................... 346 10.6 Apache Module mod alias........................................ 348 10.7 Apache Module mod asis......................................... 353 10.8 Apache Module mod auth........................................ 355 10.9 Apache Module mod auth anon..................................... 358 10.10Apache Module mod auth dbm...................................... 361 10.11Apache Module mod auth digest..................................... 364 10.12Apache Module mod auth ldap...................................... 369 10.13Apache Module mod autoindex..................................... 380 10.14Apache Module mod cache........................................ 391 10.15Apache Module mod cern meta..................................... 397 vi CONTENTS 10.16Apache Module mod cgi......................................... 399 10.17Apache Module mod cgid........................................ 402 10.18Apache Module mod charset lite..................................... 403 10.19Apache Module mod dav......................................... 406 10.20Apache Module mod dav fs....................................... 410 10.21Apache Module mod deflate....................................... 411 10.22Apache Module mod dir......................................... 416 10.23Apache Module mod disk cache..................................... 418 10.24Apache Module mod dumpio....................................... 423 10.25Apache Module mod echo........................................ 425 10.26Apache Module mod env......................................... 426 10.27Apache Module mod example...................................... 428 10.28Apache Module mod expires....................................... 430 10.29Apache Module mod ext filter...................................... 433 10.30Apache Module mod file cache..................................... 439 10.31Apache Module mod headers....................................... 442 10.32Apache Module mod imap........................................ 446 10.33Apache Module mod include....................................... 450 10.34Apache Module mod info......................................... 459 10.35Apache Module mod isapi........................................ 461 10.36Apache Module mod ldap.......................................
Load more

Recommended publications
  • Katalog Elektronskih Knjiga
    KATALOG ELEKTRONSKIH KNJIGA Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 1 Peter Kent Pay Per Click Search 2006 0-471-74594-3 130 Kupovina Engine Marketing for Dummies 2 Terry Large Access 1 2007 Internet Freeware 3 Kevin Smith Excel Lassons & Tutorials 2004 Internet Freeware 4 Terry Michael Photografy Tutorials 2006 Internet Freeware Janine Peterson Phil Pivnick 5 Jake Ludington Converting Vinyl LPs 2003 Internet Freeware to CD 6 Allen Wyatt Cleaning Windows XP 2004 0-7645-7311-X Poklon for Dummies 7 Peter Kent Sarch Engine Optimization 2006 0-4717-5441-2 Kupovina for Dummies 8 Terry Large Access 2 2007 Internet Freeware 9 Dirk Dupon How to write, create, 2005 Internet Freeware promote and sell E-books on the Internet 10 Chayden Bates eBook Marketing 2000 Internet Freeware Explained 11 Kevin Sinclair How To Choose A 1999 Internet Freeware Homebased Bussines 12 Bob McElwain 101 Newbie-Frendly Tips 2001 Internet Freeware 13 Windows Basics 2004 Poklon 14 Michael Abrash Zen of Graphic 2005 Poklon Programming, 2. izdanje 15 13 Hot Internet 2000 Internet Freeware Moneymaking Methods 16 K. Williams The Complete HTML 1998 Poklon Teacher 17 C. Darwin On the Origin of Species Internet Freeware 2/175 Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 18 C. Darwin The Variation of Animals Internet Freeware 19 Bruce Eckel Thinking in C++, Vol 1 2000 Internet Freeware 20 Bruce Eckel Thinking in C++, Vol 2 2000 Internet Freeware 21 James Parton Captains of Industry 1890 399 Internet Freeware 22 Bruno R. Preiss Data Structures and 1998 Internet
    [Show full text]
  • Mac OS X Server Administrator's Guide
    034-9285.S4AdminPDF 6/27/02 2:07 PM Page 1 Mac OS X Server Administrator’s Guide K Apple Computer, Inc. © 2002 Apple Computer, Inc. All rights reserved. Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of Apple Computer, Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Netscape Navigator is a trademark of Netscape Communications Corporation. RealAudio is a trademark of Progressive Networks, Inc. © 1995–2001 The Apache Group. All rights reserved. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. 062-9285/7-26-02 LL9285.Book Page 3 Tuesday, June 25, 2002 3:59 PM Contents Preface How to Use This Guide 39 What’s Included
    [Show full text]
  • Bibliography of Erik Wilde
    dretbiblio dretbiblio Erik Wilde's Bibliography References [1] AFIPS Fall Joint Computer Conference, San Francisco, California, December 1968. [2] Seventeenth IEEE Conference on Computer Communication Networks, Washington, D.C., 1978. [3] ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, Los Angeles, Cal- ifornia, March 1982. ACM Press. [4] First Conference on Computer-Supported Cooperative Work, 1986. [5] 1987 ACM Conference on Hypertext, Chapel Hill, North Carolina, November 1987. ACM Press. [6] 18th IEEE International Symposium on Fault-Tolerant Computing, Tokyo, Japan, 1988. IEEE Computer Society Press. [7] Conference on Computer-Supported Cooperative Work, Portland, Oregon, 1988. ACM Press. [8] Conference on Office Information Systems, Palo Alto, California, March 1988. [9] 1989 ACM Conference on Hypertext, Pittsburgh, Pennsylvania, November 1989. ACM Press. [10] UNIX | The Legend Evolves. Summer 1990 UKUUG Conference, Buntingford, UK, 1990. UKUUG. [11] Fourth ACM Symposium on User Interface Software and Technology, Hilton Head, South Carolina, November 1991. [12] GLOBECOM'91 Conference, Phoenix, Arizona, 1991. IEEE Computer Society Press. [13] IEEE INFOCOM '91 Conference on Computer Communications, Bal Harbour, Florida, 1991. IEEE Computer Society Press. [14] IEEE International Conference on Communications, Denver, Colorado, June 1991. [15] International Workshop on CSCW, Berlin, Germany, April 1991. [16] Third ACM Conference on Hypertext, San Antonio, Texas, December 1991. ACM Press. [17] 11th Symposium on Reliable Distributed Systems, Houston, Texas, 1992. IEEE Computer Society Press. [18] 3rd Joint European Networking Conference, Innsbruck, Austria, May 1992. [19] Fourth ACM Conference on Hypertext, Milano, Italy, November 1992. ACM Press. [20] GLOBECOM'92 Conference, Orlando, Florida, December 1992. IEEE Computer Society Press. http://github.com/dret/biblio (August 29, 2018) 1 dretbiblio [21] IEEE INFOCOM '92 Conference on Computer Communications, Florence, Italy, 1992.
    [Show full text]
  • Capsicum: Practical Capabilities for UNIX
    Capsicum: practical capabilities for UNIX Robert N. M. Watson Jonathan Anderson Ben Laurie University of Cambridge University of Cambridge Google UK Ltd. Kris Kennaway Google UK Ltd. Abstract significant technical limitations: current OS facilities are simply not designed for this purpose. Capsicum is a lightweight operating system capabil- The access control systems in conventional (non- ity and sandbox framework planned for inclusion in capability-oriented) operating systems are Discretionary FreeBSD 9. Capsicum extends, rather than replaces, Access Control (DAC) and Mandatory Access Control UNIX APIs, providing new kernel primitives (sandboxed (MAC). DAC was designed to protect users from each capability mode and capabilities) and a userspace sand- other: the owner of an object (such as a file) can specify box API. These tools support compartmentalisation of permissions for it, which are checked by the OS when monolithic UNIX applications into logical applications, the object is accessed. MAC was designed to enforce an increasingly common goal supported poorly by dis- system policies: system administrators specify policies cretionary and mandatory access control. We demon- (e.g. “users cleared to Secret may not read Top Secret strate our approach by adapting core FreeBSD utilities documents”), which are checked via run-time hooks in- and Google’s Chromium web browser to use Capsicum serted into many places in the operating system’s kernel. primitives, and compare the complexity and robustness Neither of these systems was designed to address the of Capsicum with other sandboxing techniques. case of a single application processing many types of in- formation on behalf of one user. For instance, a mod- 1 Introduction ern web browser must parse HTML, scripting languages, images and video from many untrusted sources, but be- Capsicum is an API that brings capabilities to UNIX.
    [Show full text]
  • Sandboxing with Capsicum
    SECURITY Sandboxing with Capsicum PAWEL JAKUB DAWIDEK AND MARIUSZ ZABORSKI Pawel Jakub Dawidek is a ery few programmers have managed to successfully use the principle co-founder and CTO at Wheel of least privilege, as found in OpenSSH, Postfix, and djbdns. Capsi- Systems and a FreeBSD cum, introduced in 2010, adds a capability model designed to make it committer who lives and works V easier for programmers to reason about how to split a program into privileged in Warsaw, Poland. He is the and unprivileged portions. In this article, we describe the changes made in author of various GEOM classes, including the disk-encryption class GELI; he implemented Capsicum since 2010, compare Capsicum to earlier sandboxing techniques, the Highly Available Storage (HAST) daemon and look at the new Casperd, which makes it simpler to split programs. for distributing audit trail files (auditdistd), and Long ago, people started to recognize that security models proposed by the mainstream nowadays is mostly working on the Capsicum operating systems, including Windows, Mac OS X, and all kinds of UNIX-like systems, are framework and the Casper daemon. simply naive: All you need to do is to write programs that have no bugs. That’s indeed naive. [email protected] Let’s also state an obvious rule: The more code we write, the more bugs we introduce, some of which may jeopardize the security of our system. Once we accept this fact, where do we go? Mariusz Zaborski is currently We could only develop very small programs, which are easy to audit, but this again would be working as a software a bit naive.
    [Show full text]
  • Site Map - Apache HTTP Server 2.0
    Site Map - Apache HTTP Server 2.0 Apache HTTP Server Version 2.0 Site Map ● Apache HTTP Server Version 2.0 Documentation ❍ Release Notes ■ Upgrading to 2.0 from 1.3 ■ New features with Apache 2.0 ❍ Using the Apache HTTP Server ■ Compiling and Installing Apache ■ Starting Apache ■ Stopping and Restarting the Server ■ Configuration Files ■ How Directory, Location and Files sections work ■ Server-Wide Configuration ■ Log Files ■ Mapping URLs to Filesystem Locations ■ Security Tips ■ Dynamic Shared Object (DSO) support ■ Content Negotiation ■ Custom error responses ■ Setting which addresses and ports Apache uses ■ Multi-Processing Modules (MPMs) ■ Environment Variables in Apache ■ Apache's Handler Use ■ Filters ■ suEXEC Support ■ Performance Hintes ■ URL Rewriting Guide ❍ Apache Virtual Host documentation ■ Name-based Virtual Hosts ■ IP-based Virtual Host Support ■ Dynamically configured mass virtual hosting ■ VirtualHost Examples ■ An In-Depth Discussion of Virtual Host Matching ■ File descriptor limitations ■ Issues Regarding DNS and Apache ❍ Apache Server Frequently Asked Questions http://httpd.apache.org/docs-2.0/sitemap.html (1 of 4) [5/03/2002 9:53:06 PM] Site Map - Apache HTTP Server 2.0 ■ Support ❍ Apache SSL/TLS Encryption ■ SSL/TLS Encryption: An Introduction ■ SSL/TLS Encryption: Compatibility ■ SSL/TLS Encryption: How-To ■ SSL/TLS Encryption: FAQ ■ SSL/TLS Encryption: Glossary ❍ Guides, Tutorials, and HowTos ■ Authentication ■ Apache Tutorial: Dynamic Content with CGI ■ Apache Tutorial: Introduction to Server Side Includes ■ Apache
    [Show full text]
  • December 2010 VOLUME 35 NUMBER 6
    December 2010 VOLUME 35 NUMBER 6 OPINION Musings 2 RikR FaR ow SECURITY Introducing Capsicum: Practical Capabilities for UNIX 7 Robe Rt N.M. watsoN, JoNathaN THE USENIX MAGAZINE aNdeRsoN, beN LauRie, aNd kRis keNNaway The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution 18 Moheeb abu Ra Jab, Lucas baLLaRd, PaNayiotis MavRoMMatis, NieLs PRovos, aNd XiN Zhao Vulnerable Compliance 26 d aN GeeR Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically 31 Matthew hicks, MuRPh FiNNicuM, saMueL t. kiNG, MiLo M.k. MaRtiN, aNd JoNathaN M. sMith C OLUMNS Practical Perl Tools: Family Man 42 d avid N. bLaNk-edeLMaN Pete’s All Things Sun: Comparing Solaris to RedHat Enterprise and AIX 48 Petee R ba R GaLviN iVoyeur: Ganglia on the Brain 54 d ave JosePhseN /dev/random 58 Robe Rt G. Fe RReLL BOEO K reVI WS Book Reviews 60 El iZabeth Zwicky et a L. useni X NOTES Thankso t Our Volunteers 64 Ell u ie yo ng CN O FERENCES 19th USENIX Security Symposium Reports 67 Report on the 5th USENIX Workshop on Hot Topics in Security 97 Report on the 1st USENIX Workshop on Health Security and Privacy 103 Report on the 4th USENIX Workshop on Offensive Technologies 112 Report on the New Security Paradigms Workshop 117 The Advanced Computing Systems Association dec10covers.indd 1 11.17.10 1:28 PM Upcoming Events 9th USENIX CoNfErence oN fIlE aNd StoragE 2011 USENIX fEdEratEd CoNfErences Week techNologies (FASt ’11) j une 12–17, 2011, portland, OR, uSa Sponsored by USENIX in cooperation with ACM SIGOPS EventS inclUdE:
    [Show full text]
  • A Bibliography of O'reilly & Associates and O
    A Bibliography of O'Reilly & Associates and O'Reilly Media. Inc. Publishers Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 08 February 2021 Version 3.67 Title word cross-reference #70 [1263, 1264]. #70-059 [1263]. #70-068 [1264]. 2 [949]. 2 + 2 = 5986 [1456]. 3 [1149, 1570]. *# [1221]. .Mac [1940]. .NET [1860, 22, 186, 342, 441, 503, 591, 714, 716, 721, 730, 753, 786, 998, 1034, 1037, 1038, 1043, 1049, 1089, 1090, 1091, 1119, 1256, 1468, 1858, 1859, 1863, 1899, 1900, 1901, 1917, 1997, 2029]. '05 [461, 1532]. 08 [1541]. 1 [1414]. 1.0 [1009]. 1.1 [59]. 1.2 [1582]. 1000 [1511]. 1000D [1073]. 10g [711, 710]. 10th [2109]. 11 [1385]. 1 2 2 [53, 209, 269, 581, 2134, 919, 940, 1515, 1521, 1530, 2023, 2045]. 2.0 [2, 55, 203, 394, 666, 941, 1000, 1044, 1239, 1276, 1504, 1744, 1801, 2073]. 2.1 [501]. 2.2 [201]. 2000 [38, 202, 604, 610, 669, 927, 986, 1087, 1266, 1358, 1359, 1656, 1751, 1781, 1874, 1959, 2069]. 2001 [96]. 2003 [70, 71, 72, 73, 74, 279, 353, 364, 365, 789, 790, 856, 987, 1146, 1960, 2026]. 2003-2013 [1746]. 2004 [1195]. 2005 [84, 151, 755, 756, 1001, 1041, 1042, 1119, 1122, 1467, 2120, 2018, 2056]. 2006 [152, 153]. 2007 [618, 726, 727, 728, 1123, 1125, 1126, 1127, 2122, 1973, 1974, 2030].
    [Show full text]
  • Protecting Commodity Operating Systems Through Strong Kernel Isolation
    Protecting Commodity Operating Systems through Strong Kernel Isolation Vasileios P. Kemerlis Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2015 c 2015 Vasileios P. Kemerlis All Rights Reserved ABSTRACT Protecting Commodity Operating Systems through Strong Kernel Isolation Vasileios P. Kemerlis Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrators to exploit them for profit. The constant rise in the number of software weak- nesses, coupled with the sophistication of modern adversaries, make the need for effective and adaptive defenses more critical than ever. In this dissertation, we develop a set of novel protection mechanisms, and introduce new concepts and techniques to secure commodity operating systems against attacks that exploit vulnerabilities in kernel code. Modern OSes opt for a shared process/kernel model to minimize the overhead of opera- tions that cross protection domains. However, this design choice provides a unique vantage point to local attackers, as it allows them to control—both in terms of permissions and contents—part of the memory that is accessible by the kernel, easily circumventing protec- tions like kernel-space ASLR and WˆX. Attacks that leverage the weak separation between user and kernel space, characterized as return-to-user (ret2usr) attacks, have been the de facto kernel exploitation technique in virtually every major OS, while they are not limited to the x86 platform, but have also targeted ARM and others. Given the multi-OS and cross-architecture nature of ret2usr threats, we propose kGuard: a kernel protection mechanism, realized as a cross-platform compiler extension, which can safeguard any 32- or 64-bit OS kernel from ret2usr attacks.
    [Show full text]
  • A Technical Summary
    A Technical Summary Table A.1. Kerberos administrative ACL (MIT) Allow Deny Operation a A Add principals or policies d D Delete principals or policies m M Modify principals or policies c C Change passwords i I Inquiry the database l L List principals or policies s S Set key for principals * or x Allow all privileges Table A.2. Kerberos kadmin password policies (MIT) Option Meaning -history Minimum count of unusable old passwords -maxlife Maximum allowed lifetime -minclasses Minimum character classes -minlength Minimum password length -minlife Minimum lifetime 380 A Technical Summary Table A.3. LDAP access control list levels Level Privilege Coding Explanation none =0 No access at all auth =x Permits authentication attempt compare =cx Permits comparison search =scx Permits search filter application read =rscx Permits search result inspection write =wrscx Permits modification or deletion Table A.4. The OpenAFS access control list attributes Permission Meaning l List contents (lookup) i Create new files or directories (insert) d Delete files or directories a Change ACL attributes of directories (administer) r Read contents of files w Modify contents of files (write) k Lock files for reading read Equivalent to rl write Equivalent to rlidwk (no administrative rights) all Equivalent to rlidwka none Remove all ACL permissions Table A.5. The OpenAFS @sys names (excerpt) @sys Architecture alpha dux40 Digital UNIX 4 on an Alpha alpha dux50 Digital UNIX 5 on an Alpha i386 linux24 Linux Kernel 2.4 on Intel and compatible i386 linux26 Linux Kernel 2.6 on Intel and compatible i386 nt40 Microsoft Windows NT and later on Intel and compatible ppc darwin70 Apple MacOS X 10.3 on a PowerPC Macintosh ppc darwin80 Apple MacOS X 10.4 on a PowerPC Macintosh ppc darwin90 Apple MacOS X 10.5 on a PowerPC Macintosh rs aix52 IBM AIX 5.2 on a pSeries rs aix53 IBM AIX 5.3 on a pSeries sgi 65 SGI Irix 6.5 on a MPIS x86 darwin80 Apple MacOS X 10.4 on an Intel Macintosh x86 darwin90 Apple MacOS X 10.5 on an Intel Macintosh A Technical Summary 381 Table A.6.
    [Show full text]
  • Operating Systems and Middleware: Supporting Controlled Interaction
    Operating Systems and Middleware: Supporting Controlled Interaction Max Hailperin Gustavus Adolphus College Revised Edition 1.1 July 27, 2011 Copyright c 2011 by Max Hailperin. This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Bibliography [1] Atul Adya, Barbara Liskov, and Patrick E. O’Neil. Generalized iso- lation level definitions. In Proceedings of the 16th International Con- ference on Data Engineering, pages 67–78. IEEE Computer Society, 2000. [2] Alfred V. Aho, Peter J. Denning, and Jeffrey D. Ullman. Principles of optimal page replacement. Journal of the ACM, 18(1):80–93, 1971. [3] AMD. AMD64 Architecture Programmer’s Manual Volume 2: System Programming, 3.09 edition, September 2003. Publication 24593. [4] Dave Anderson. You don’t know jack about disks. Queue, 1(4):20–30, 2003. [5] Dave Anderson, Jim Dykes, and Erik Riedel. More than an interface— SCSI vs. ATA. In Proceedings of the 2nd Annual Conference on File and Storage Technology (FAST). USENIX, March 2003. [6] Ross Anderson. Security Engineering: A Guide to Building Depend- able Distributed Systems. Wiley, 2nd edition, 2008. [7] Apple Computer, Inc. Kernel Programming, 2003. Inside Mac OS X. [8] Apple Computer, Inc. HFS Plus volume format. Technical Note TN1150, Apple Computer, Inc., March 2004. [9] Ozalp Babaoglu and William Joy. Converting a swap-based system to do paging in an architecture lacking page-referenced bits.
    [Show full text]
  • An Overview of Security in the Freebsd Kernel 131 Dr
    AsiaBSDCon 2014 Proceedings March 13-16, 2014 Tokyo, Japan Copyright c 2014 BSD Research. All rights reserved. Unauthorized republication is prohibited. Published in Japan, March 2014 INDEX P1A: Bold, fast optimizing linker for BSD — Luba Tang P1B: Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite 007 Michael Dexter P2A: LLVM in the FreeBSD Toolchain 013 David Chisnall P2B: NPF - progress and perspective 021 Mindaugas Rasiukevicius K1: OpenZFS: a Community of Open Source ZFS Developers 027 Matthew Ahrens K2: Bambi Meets Godzilla: They Elope 033 Eric Allman P3A: Snapshots, Replication, and Boot-Environments—How new ZFS utilities are changing FreeBSD & PC-BSD 045 Kris Moore P3B: Netmap as a core networking technology 055 Luigi Rizzo, Giuseppe Lettieri, and Michio Honda P4A: ZFS for the Masses: Management Tools Provided by the PC-BSD and FreeNAS Projects 065 Dru Lavigne P4B: OpenBGPD turns 10 years - Design, Implementation, Lessons learned 077 Henning Brauer P5A: Introduction to FreeNAS development 083 John Hixson P5B: VXLAN and Cloud-based networking with OpenBSD 091 Reyk Floeter INDEX P6A: Nested Paging in bhyve 097 Neel Natu and Peter Grehan P6B: Developing CPE Routers based on NetBSD: Fifteen Years of SEIL 107 Masanobu SAITOH and Hiroki SUENAGA P7A: Deploying FreeBSD systems with Foreman and mfsBSD 115 Martin Matuška P7B: Implementation and Modification for CPE Routers: Filter Rule Optimization, IPsec Interface and Ethernet Switch 119 Masanobu SAITOH and Hiroki SUENAGA K3: Modifying the FreeBSD kernel Netflix streaming servers — Scott Long K4: An Overview of Security in the FreeBSD Kernel 131 Dr. Marshall Kirk McKusick P8A: Transparent Superpages for FreeBSD on ARM 151 Zbigniew Bodek P8B: Carve your NetBSD 165 Pierre Pronchery and Guillaume Lasmayous P9A: How FreeBSD Boots: a soft-core MIPS perspective 179 Brooks Davis, Robert Norton, Jonathan Woodruff, and Robert N.
    [Show full text]