Archive for November, 2008

Linux as a general purpose shell server?

November 26, 2008

The University I work for has offered a UNIX (secure-) shell service for its students and staff for over 15 years now. The servers have so far been AIX (Power/PPC), OSF1/Digital Unix/Tru64 UNIX (alpha) and Solaris (sparc64).They’ve also been mostly top-of-the-line (=expensive) boxes so they can handle hundreds of simultaneous users without problems. The exotic hardware and OS also makes it more secure, since script-kiddies tend to use more common hardware and OS’s.

Now we are in the process of phasing out the last remaining publicly available Tru64 server (ES40/4x667MHz, 5GB RAM), and possibly with a x86-64 server running Linux (Ubuntu 8.04). The reason why Linux has not been an option before is that some people claim it still can’t handle the load of ~1000 users reading their email (pine/alpine/mutt) while chatting with irssi or whatnot. Also the security problems have been brought up. It’s possibly a lot easier to break into Linux than Solaris, because Linux is more common and easy to get (although there is Opensolaris now..).

What I’d like to know is that are there people already running Linux on similar purpose, and how does it perform? What measures can be taken against the security threats (preferably something that doesn’t involve building a custom kernel)? What else should be taken into account to make it scale better?

The x86 hardware is at least a lot cheaper. Eight-core blade with 64GB of RAM is less than 8kEUR.. but could it handle 700 users like the ES40 does with ease?

book meme

November 13, 2008

Oh well

  • Grab the nearest book.
  • Open it to page 56.
  • Find the fifth sentence.
  • Post the text of the sentence in your journal along with these instructions.
  • Don’t dig for your favorite book, the cool book, or the intellectual one: pick the CLOSEST.

There were two books within reach, so I picked the one that wasn’t in Finnish: “Kerberos: The Definite Guide” by Jason Garman (O’Reilly)

Make sure that the hostname you place in the krb5.conf file actually resolves to the local machine.