怎样编译安装Kerberos

2017年1月19日 由 Amon 没有评论 »

参考:http://linuxfromscratch.org/blfs/view/svn/postlfs/mitkrb.html

下载:http://web.mit.edu/kerberos/


wget http://web.mit.edu/kerberos/dist/krb5/1.15/krb5-1.15.tar.gz 
tar zxvf krb5-1.15.tar.gz
cd krb5-1.15

cd src &&

sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
    -e "s@-lpython2.5]@&,\n  AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
    -i configure.in &&

sed -e 's@\^u}@^u cols 300}@' \
    -i tests/dejagnu/config/default.exp &&

sed -e '/eq 0/{N;s/12 //}' \
    -i plugins/kdb/db2/libdb2/test/run.test &&

autoconf &&
./configure --prefix=/usr            \
            --sysconfdir=/etc        \
            --localstatedir=/var/lib \
            --with-system-et         \
            --with-system-ss         \
            --with-system-verto=no   \
            --enable-dns-for-realm &&
make

make check

make install &&

for f in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
         kdb5 kdb_ldap krad krb5 krb5support verto ; do

    find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;    
done          &&

mv -v /usr/lib/libkrb5.so.3*        /lib &&
mv -v /usr/lib/libk5crypto.so.3*    /lib &&
mv -v /usr/lib/libkrb5support.so.0* /lib &&

ln -v -sf ../../lib/libkrb5.so.3.3        /usr/lib/libkrb5.so        &&
ln -v -sf ../../lib/libk5crypto.so.3.1    /usr/lib/libk5crypto.so    &&
ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&

mv -v /usr/bin/ksu /bin &&
chmod -v 755 /bin/ksu   &&

install -v -dm755 /usr/share/doc/krb5-1.15 &&
cp -vfr ../doc/*  /usr/share/doc/krb5-1.15

怎样把域名转移即.IO域名的注册局

2017年1月19日 由 Amon 没有评论 »

.IO域名的注册管理局,他们新注册价格£60,续费£30,可以用Paypal或信用卡支付。

网址:http://www.nic.io/renew

直接用域名注册邮箱写信给 nic.io 申请重发密码,再直接变更数据和续费,再更改密码,这样就拥有所有权限了。

先去(http://www.nic.io)查 Whois 资料,查看管理者电邮地址。

A. 如果是那种隐藏用邮箱,那本方法可能就没用。
B. 如果是自己的邮箱,就可以申请重发登入密码:http://www.nic.io/mailpass

然后去管理接口变更数据以及DNS设置:http://www.nic.io/admindomain

到这一步,就可以完全掌控自己的.IO域名了, 没必要再通过原注册商续费。

在 nic.io续费完成之后,也要记得更改密码。

价格政策:

Nic.io目前的价格是:首年按 £60 ($100),以后按 £30 ($50)。如果申请有注册商账号,根据注册量有最多50%的折扣。

For GBP 60 (approx US$ 100) for year one and GBP 30 (approx US$ 50) per year thereafter. Registrars and bulk purchasers qualify for a huge 50% discount off year one prices.

1. 非欧盟居民 Non – EU residents £30.00
2. 欧盟居民 EU residents £30.00 + VAT @ 20% = £36.00 (VAT number–>VA部/增值税号码是所有欧盟国家的需要)

怎样注册.PL域名

2017年1月18日 由 Amon 没有评论 »

.PL是波兰(Poland)的国家域名。

参考:http://www.iisp.com/domain/intro_pl.php

参考:https://member.expireddomains.net/article/new-domain-list-deleted-pl-domains-16199.html

删除列表:https://member.expireddomains.net/domains/expiredpl/

I couldn’t find a Droplist for .pl, so I had to create my own and it took me a while to understand how the Drop for .pl Domains works, but I think I got it now. Something I had to wrap my head around is that Domain Tasting is still a thing for .pl Domains, so almost 100% of .pl Domains that drop get tasted.
This is how I think it works:

  • If a Domains gets deleted by the owner, the domain goes into [DELETE_BLOCKED] for 5 days and can’t be renewed anymore.
  • If a Domain doesn’t get paid at the billing date, the Domain goes into [BLOCKED] for 30 days or for NASK Domains 90 days. This is the redemption period and in this state the domain can be renewed.
  • After [DELETE_BLOCKED] or [BLOCKED] the Domain drops and can be registered/tasted [RESERVED]. It will stay a maximum of 14 days in [RESERVED] state.
  • If it doesn’t taste good, it gets the [BOOK_BLOCKED] status for 90 days. After 90 days the domain drops again and can’t be tasted anymore.

I check the domains after [DELETE_BLOCKED] and [BLOCKED]. If the Domain is available, it will be release. If the Domain gets registered/tasted, I keep the Domain in the pending delete list and check it again at the end of [BOOK_BLOCKED].

The Deleted .pl Domains List gets updated every hour, because .pl Domains drop at the exact time you can find in the whois under “expiration date”.

怎样部署正向保密 forward-secrecy

2017年1月18日 由 Amon 没有评论 »

【介绍】

刚才测试本站SSL证书的安全评级:

工具:https://www.ssllabs.com/ssltest/

有一项结论:

The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.

参考:https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy
参考:https://imququ.com/post/sth-about-switch-to-https-2
参考:https://imququ.com/post/ecc-certificate.html

参考:http://www.wdlth.com/335/migrating-ssl-certificate-from-sha1-to-sha256/

保证SSL配置通过Forward Secrecy(正向保密)和FIPS(联邦信息处理标准)且启用OCSP stapling(在线证书协议装订)。

【部署】

参考:https://www.sslchina.com/deploying-forward-secrecy/
参考:https://www.airscr.com/archives/1491.html

需要以下两步:

1.配置你的服务器,以灵活地从SSL客户端提供的列表中选择最理想的组件。

2.将ECDHE 和 DHE组件置于你的列表顶端。(顺序很重要,因为ECDHE组件更快,只要客户端支持,你肯定愿意用它。)

弄清楚需要启用哪些组件并把他们置顶是需要慎重对待的,因为不是所有浏览器(设备)都支持全部的正向保密组件。此时,你可能需要从那些已支持正向保密的网站(如谷歌)中寻找灵感。

简言之,下面是一些你可能想要启用并置顶的组件:见注释(3)

TLS_ECDHE_RSA_WITH_RC4_128_SHA [已更新] RC4不再推荐
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

为使这一过程更简单,我采用了模拟握手。它可以了解主要浏览器的性能并决定就哪些组件进行协商,然后告诉你协商一致的组件是否支持正向保密。

WordPress插件:White Label Branding

2017年1月13日 由 Amon 没有评论 »

官网:https://codecanyon.net/item/white-label-branding-for-wordpress/125617
截屏:https://codecanyon.net/item/white-label-branding-for-wordpress/screenshots/125617

来源:http://freedownloadnu.com/white-label-branding-for-wordpress-v4-1-6-75841-2/
下载:http://www79.zippyshare.com/v/0SpSN823/file