Securing Oracle SGD

We want to secure Oracle SGD with aim to be able accessible thru https port only and use testing cert. This process is based on SGD 4.50 and 4.60 as we have tested. This step is to enable secure connection from client to SGD Web Server and SGD Server components.

After installation process completed and SGD started properly, we can start to configure SGD to:

  1. Enabling and Start Security in SGD Web Server
    • /opt/tarantella/bin/tarantella security enable
    • /opt/tarantella/bin/tarantella security start
  2. Apply Security connections
    • Edit httpd.conf replace from Listen 443 to Listen 127.0.0.1:443
    • /opt/tarantella/bin/tarantella config edit –security-applyconnections 1
    • /opt/tarantella/bin/tarantella config edit –array-port-encrypted 443
    • /opt/tarantella/bin/tarantella config edit –array –security-firewallurl https://127.0.0.1:443
    • /opt/tarantella/bin/tarantella restart webserver -https
  3. Create secure mapping from Client to SGD Server Edit Profile
    • Login to administration console
    • Choose User Profiles of the user that you want to configure (can be done thru System Objects)
    • Choose Security
    • Click Add, than map pattern Client Address and SGD, than choose connection type Secure, example:
Client Device Address Secure Global Desktop Server Address Connection Type
Connections Defined Directly
* sgd.server.com Secure

Installing Oracle Secure Global Desktop on Solaris 10 Non-Global Zone

After several years I am not playing around with Secure Global Desktop (SGD), recently I tried to install Sun Secure Global Desktop in non-global zone of Solaris 10.

First attempt installation using SGD 4.5, it was failed. Second trial is using SGD 4.41, that I have tried before and works, but the only different is the Solaris version. It was using Sun Solaris instead of Oracle Solaris.

The error is unable to start SGD server, after digging got an error because the installer is unable to opening specific port. Try find it thru Google and forum no luck.

Then check ulimit, voila, the default nofiles in non-global zone is very small, that’s why the installer is always failed, and even it starting, when we tried to login thru browser, we will get java.io.Exception.

So, I tried to increase the nofiles limit, you can use traditional with ulimit command per session based, for zone based you can achieve thru projects.

Just login to non-global zone and edit /etc/project and edit this line look like:

user.root:1::::process.max-file-descriptor=(basic,8192,deny)

It means we will set nofiles limit to 8192. To understand about project you can open Solaris documentation chapter Projects and Tasks.

Sun Java Web Server 7u8 – PHP Compile with NSAPI

After more than years do not have time to hands develop on Solaris 10, now I try to share my successful compilation of PHP using NSAPI with Sun Java Web Server 7u8. I am using gcc from sunfreeware.

Requirements software to be installed from sunfreeware:
SMCexpat expat
SMCfontc fontconfig
SMCftype freetype
SMCgcc gcc
SMCgd gd
SMCjpeg jpeg
SMClibpng libpng
SMCliconv libiconv
SMClintl libintl
SMCmake make
SMCzlib zlib
SMCxpm xpm
SMCncurs ncurses
SMCcmake cmake
SMCm4 m4
SMCautoc autoconf
SMCautom automake
SMCbison bison
SMClibt libtool
SMCcoreu coreutils
SMCgmp gmp
SMCperl perl

Download libxml2, compile and install without zlib option, since there is problem with gzopen64, it is in zlib, but ld.so unable to find the reference, although ldd shows everything normal.

Download mysql source from mysql (I am using mysql version 5.1.54 from mysql download site) extract and compile with prefix /usr/local/mysql.

Download php source code from php website (I am php version using 5.3.5) extract it what ever you want. Download pcre source tar ball if you need to get PCRE_UTF8 enable, and extract it at $PHP_SOURCE_DIR/ext/pcre and run upgrade_pcre.php.

Regiter your PATH environment variable to use /usr/local/bin:
# export PATH=/usr/local/bin:$PATH:/usr/ccs/bin
Download libmcrypt source code, extract somewhere and compile:
# ./configure --host=i686-sun-solaris2.10 --enable-dynamic-loading
# make && make install

Than configure, compile and install php source as follow:
# ./configure '--prefix=/opt/sun/webserver7/plugins/php' '--bindir=/opt/sun/webserver7/plugins/php/bin' '--libdir=/opt/sun/webserver7/plugins/php/lib' '--libexecdir=/opt/sun/webserver7/plugins/php/libexec' '--disable-static' '--enable-shared' '--enable-cli' '--disable-cgi' '--with-pic' '--with-nsapi=/opt/sun/webserver7' '--enable-cgi' '--disable-rpath' '--enable-safe-mode' '--enable-ftp' '--enable-sockets' '--enable-inline-optimization' '--enable-soap' '--enable-dba=shared' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-sqlite-utf8' '--enable-zend-multibyte' '--enable-bcmath' '--enable-exif' '--enable-magic-quotes' '--enable-wddx' '--enable-mbstring' '--enable-mbregex' '--enable-gd-native-ttf' '--with-iconv-dir=/usr/local' '--with-libxml-dir=/usr/local' '--with-zlib=/usr/local' '--with-mysql=/usr/local/mysql' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-gd=/usr/local/' '--with-pear=/opt/sun/webserver7/plugins/php/include/php' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--enable-exif' '--with-xpm-dir=/usr/local' '--enable-maintainer-zts' '--enable-sigchild' '--host=i686-sun-solaris2.10' '--enable-sigchild' '--with-mcrypt=/usr/local'
# make -j4 && make install
# cp libs/libphp5* /opt/sun/webserver7/plugins/php

Solaris 10 10/08 (U6) ZFS Root Installation Tip

If you wish to install the new Solaris 10 10/08 using ZFS for its root file system, you might not see it in GUI installation mode.

That’s why you need to install it using Text/Console mode. Just choose number 4 in the first prompt of the installation process.

In one of wizard step, you are prompted either using ZFS or UFS, just choose ZFS instead. Then, fill the pool name, choose the size of root pool swap and dump area, and how you want to store /var.

xVM with Marvell Yukon Ethernet Driver

I have days problem with enabling my Marvell Yukon Ethernet Driver (in may case, I’m using 88E8056) working with Sun xVM VirtualBox and xVM in either Solaris 10 or Nevada B80/B93. I used driver comes from Marvell, I have test 2 versions of drivers, but no luck. All version, when I issued dladm show-dev command. it always indicate that the status is UNKNOWN.

After searching around just realize that xVM needs GLD v3 network drivers that is not provided by Marvell, this link is very useful for me, so I replicated from that site become newer version:

  • Obtain ON source here and extract it
  • Obtain driver source here (in this case I’m using version 2.6.1, or you can get newer version) and extract it
  • Make sure that skge (from Solaris/OpenSolaris Installer) or yukonx (from Marvell) were removed
  • Do this thing:

$ gzcat myk-2.6.1.tar.gz | tar xf -
$ cd myk-2.6.1
$ rm Makefile.config
$ ln -s Makefile.config_gld3 Makefile.config
$ vi Makefile.config

Edit the line like this (appropriate with your ON source extracted location):
ONUTSDIR = /root/Download/opensolaris/usr/src/uts

  • Build and install the driver (in this case I’m using GCC)

$ export PATH=$PATH:/usr/sfw/bin
$ gmake
$ su
# gmake install
# ./adddrv.sh
# dladm show-link
LINK CLASS MTU STATE OVER
myk0 phys 1500 up --

Now you can start your Sun xVM VirtualBox and xVM network bridge is working fine…

Me, OSUG in Jurnal Indonesia

Last week, suddenly I contacted by a girl that finally introduced her self as reporter from Jurnal Indonesia. It’s a nice conversation though. You can look at the news here:

http://jurnalnasional.com/?med=tambahan&sec=PROFIT&rbrk=&id=57860&detail=PROFIT

The lady’s name was reminding me to the Indonesia’s President’s doughter in law 🙂

Middle Mouse button in Firefox and Swiftweasel as “Paste”

Long time ago, back to 1980’s, X11 define that middle mouse button is paste, you can read the detail in here. As opposed to Microsoft standard uses middle mouse button as navigation key.

Firefox/Swiftweasel in Unix/Linux implemented the same nature of X11. If you have problem with this nature, you can simply disable the feature.

  • From your browser, put about:config in address bar
  • Search middlemouse.paste and change the value to false