gpg: decryption failed: No secret key

I installed gpg2 on my Mac. I encrypted my file and then tested and was able to decrypt my file just fine. So, I deleted the original file after I created my encrypted file. Two days later, I go to decrypt my file and what do I get? I get the below error message. I can't believe this. Why can't it find my private key?

Mac-mini:~ user$ gpg2 -d myfile.gpg

You need a passphrase to unlock the secret key for
user: "user <user@hotmail.com>"
2048-bit RSA key, ID 4E4D9FAB, created 2012-09-12 (main key ID D3C64D14)

gpg: problem with the agent: End of file
gpg: encrypted with 2048-bit RSA key, ID 4E4D9FAB, created 2012-09-12
      "user <user@hotmail.com>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

I did a little googling and realized that the problem is the agent.

So, I figure, I will just look for the gpg-agent process and kill it. Here are the steps

Mac-mini:~ user$ ps -eaf | grep gpg
  501  3501     1   0 Wed04PM ??         0:02.62 gpg-agent --daemon --use-standard-socket
  501  7833  7603   0  7:12PM ttys000    0:00.00 grep gpg

and then...

Mac-mini:~ user$ sudo kill 3501

and then...

everything started working again!

How to setup ppolicy in OpenLDAP 2.3

STEP ONE - Prepare the environment
Install the openldap-servers-overlays RPM.

Edit slapd.conf and insert the following if it doesn't already exists...

include         /etc/openldap/schema/ppolicy.schema

modulepath      /usr/lib64/openldap

moduleload ppolicy.la


overlay ppolicy
ppolicy_default "cn=default,ou=ppolicy,dc=company,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext

STEP TWO - Install the password check module
Next step is to install a password checker module, if you want to use a password checker module. It's easy to say no, but I recommend that you do. Anyway, you can get the source from their repository at:
http://tools.ltb-project.org/projects/ltb/files

This was the only password checker module I found when I was googling for one and it seems to work quite well.

Once you extract everything, you will want to edit the Makefile. Set the path to your openldap header files. You probably don't have it installed. If you do, great. If you don't, you can either install the source RPM or you can grab the source from openldap here:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=summary

On this web page, just find the openldap version you need and click on it. Since I am running OpenLDAP v2.3, I clicked on OPENLDAP_REL_ENG_2_3.

On the next page, I clicked on the snapshot link for "Update dates for release  OPENLDAP_REL_ENG_2_3_43" since I am running v2.3.43

After you've extracted the source code, you need to execute "./configure" followed by "make depend"
That's it. You're done with the OpenLDAP package.

Back to the password checker. Now, I set LDAP_INC in the make file to the location where I extracted openldap source as follows:


LDAP_INC=-I/home/user/openldap-src/include \
         -I/home/user/openldap-src/servers/slapd

That's it. Now, you are ready to compile the module. See what the output is supposed to look like below. By the way, I got an error the first time I ran make. It was because crack/cracklib was not installed. I ran 'yum install cracklib-devel cracklib crack' and that resolved it.


ltb-project-openldap-ppolicy-check-password-1.1 $ make
rm -f check_password.o check_password.so check_password.lo
rm -f -r .libs
gcc -g -O2 -Wall -fpic -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH="\"/usr/share/cracklib/pw_dict\"" -DCONFIG_FILE="\"/etc/openldap/check_password.conf\"" -DDEBUG -c -I/home/user/openldap-src/include -I/home/user/openldap-src/servers/slapd  check_password.c
gcc -shared -o check_password.so check_password.o -lcrack
ltb-project-openldap-ppolicy-check-password-1.1 $ 

You now should have a check_password.o and check_password.so file. Copy or move these two files in to your module path. In my case, I copied them in to  /usr/lib64/openldap.

STEP THREE - Configure your server
Restart your openldap server.

Import the below in to your openldap server. The values I have are for testing purposes. You will need to modify it for your use.

dn: cn=users,ou=ppolicy,dc=company,dc=com
cn: users
objectclass: top
objectclass: device
objectclass: pwdPolicy
objectclass: pwdPolicyChecker
pwdallowuserchange: TRUE
pwdattribute: userPassword
pwdcheckmodule: check_password.so
pwdcheckquality: 2
pwdexpirewarning: 0
pwdfailurecountinterval: 0
pwdgraceauthnlimit: 0
pwdinhistory: 2
pwdlockout: TRUE
pwdlockoutduration: 600
pwdmaxage: 0
pwdmaxfailure: 4
pwdminage: 30
pwdminlength: 8
pwdmustchange: TRUE
pwdsafemodify: FALSE

Edit /etc/ldap.conf and insert or modify the following:

pam_password clear

pam_lookup_policy yes

Note: You need to NOT hash the password on the machine in order to allow openldap to be able to read the password. That way, the password history will be honored. If you set "pam_password md5" or anything other than clear, password history will not be honored. Don't worry about security though, just make sure you are using TLS. Also, don't worry about openldap storing the password in the clear because by default it doesn't. It should store it in SSHA like below. I took this screen shot using phpldapadmin "show internal attributes".

Create the configuration file for password checker at /etc/openldap/check_password.conf

The content of the conf file is fully explained at the LTB site:

http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password

Hmong Yaj Secret Chicken Soup Recipe

I learned how to make this when I was just a little boy.

First, you get a pot of water, then you add your chicken (my favorite is the cornish game hen. you can find it in the frozen food area in most grocery stores).

Add a lot of lemon grass that you've cut in to halves (or large enough to sit in the pot but easy enough to remove later). The trick is to smash the lemon grass a few times to release the flavor but not enough so you can't easily remove it (you're not going to eat the lemon grass). Now, add some salt and let the water boil to cook the chicken.

As the blood is released, it will collect at the top of the water as a brown substance. If that bothers you, just skim it off.

Before you serve it, taste it. If it doesn't have enough salt, add some more. Hopefully, you did not add too much salt. Remove the lemon grass.

Finally, right before you serve it, add some crush black pepper.

So, here it is again...

1 x cornish game hen (or any chicken you want to use)
lots of lemon grass (use as much as you would like the lemon grass flavor)
some salt
some pepper

Installing Puppet-dashboard on Centos 5.7

I got puppet-dashboard up and going fairly quickly so I thought I share. The puppet site provides many different ways.

For me, I wanted to stick with RPMs.

I began by enabling the epel repo from fedora (since I was already using EPEL, otherwise I could have added the puppetlabs repo). (http://fedoraproject.org/wiki/EPEL) It's a pretty simple install if you want to use it and you don't already have it.
~# rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Now, begin by installing the third party dependencies like Apache, Ruby, RubyGems, MySQL, Ruby-MySQL.
~# yum install mysql-server httpd httpd-devel
   (run this to get it going after the install mysql_secure_installation)
   (but start it up first; i.e. 'service mysqld start')

~# yum install --enablerepo=epel ruby ruby-devel rubygems rubygem-rack rubygem-rails rubygem-rake ruby-mysql

Then, use the epel repo to perform the installation.~# yum --enablerepo=epel puppet-dashboard

After the installation, you have to configure the database.yml file.
~# updatedb
~# locate database.yml
/usr/share/puppet-dashboard/config/database.yml
~# vi /usr/share/puppet-dashboard/config/database.yml


I commented out everything except the following.
production:
  database: dashboard
  username: dashboard
  password: somesecretpassword
  encoding: utf8
  adapter: mysql


Get a working settings.yml file
~# locate settings.yml
/usr/share/puppet-dashboard/config/settings.yml.example
~# mv /usr/share/puppet-dashboard/config/settings.yml.example /usr/share/puppet-dashboard/config/settings.yml

Create the DB
log in to your mysql server and run the following...

CREATE DATABASE dashboard CHARACTER SET utf8;
CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'somesecretpassword';
GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';

Create the tables
cd /usr/share/puppet-dashboard/config/
rake RAILS_ENV=production db:migrate

That's it! Puppet-dashboard is installed and configured but we still need to tell puppet server and puppet agent that we want reporting.

Add the following to [master] (puppet 2.6+)
reports = http, store

Add the following to [agent] (puppet 2.6+)
report = true

You can start using it by typeing the following (like the web page says)
sudo -u puppet-dashboard /usr/share/puppet-dashboard/script/server -e production

On a browser, go to http://$host:3000 and it should show up.

However, at one point or another, you'll want to install either passenger or thin. I went with passenger. I went to their website and followed their RPM installation instructions and it did not work. The link was dead so I ended up using gem to perform the installation. "gem install passenger"


Since, I'm using apache, I ran...
~# passenger-install-apache2-module

The script suggested to install the following since I didn't have it already installed.
~# yum install gcc-c++ curl-devel openssl-devel zlib-devel httpd-devel apr-devel apr-util-devel