F9: Various /var/log/messages errors....

Todd Denniston Todd.Denniston at ssa.crane.navy.mil
Fri Jul 11 13:35:16 UTC 2008


Dan Thurman wrote, On 07/10/2008 07:51 PM:
> Todd Denniston wrote:
>>
>> Dan Thurman wrote, On 07/10/2008 10:45 AM
>> > Ha.  No, no, not a knacker HD. It's a brand new SATA 750GB HD. I am
>> > installing
>> > "everything" for fun and then backtracking out any conflicts.  What I
>> > found is very
>> > interesting - LOTS of pitfalls and traps. Sorta like wading into a
>> > dungeon and dragons
>> > game. (Remember that old text-based-only game?)
>> >
>>
>> Have you picked _one_ of rsyslog|ntsyslog and `rpm -e theOtherOne`?
>> several daemons did not seem to work right at all until we did.
>>
> I picked rsyslog.  You mean syslog-ng?  I ran into that trap
> a long time ago.  That's one of `em!
>>
>> and as for the ifd handlers for pcsc, you only want to have ccid and 
>> the one
>> that someone put as a dependency of pcscd.  cyberjack seems to hyjack 
>> the ifd
>> connections until pcscd has no chance of working.
>>
> Hm.  I have all of pcsc selected and I also have ccid selected.
> Can you explain what I need to disable/choose between the
> two?  I attempted to remove all `smart card' programs until
> I realized how entrenched it seems - yum wants to remove
> alot of files I did not want removed so I left it alone.  There
> is one related to ifd and that is ifd-egate and I do not have
> that selected.
>>

for some reason they made the pcsc rpm depend on ifd-egate even though it is 
for ONE type of reader only, CCID controls a lot of readers and I dare say 
MOST recent readers. All the other ifd packages (other than egate and CCID) 
should be removed (not installed) if you don't know you need them, I have seen 
instances of pcscd taking 100% cpu with some of the others [cyberjack] 
installed but unused.

as far as why smart card is entrenched... well certain organizations and 
companies are REQUIRING PKI keys on self destroying/locking media for security 
reasons, because having only one thing that a user knows (password) between 
the bad guys and your data just is NOT good enough any more.

<SNIP>
>>
>> an `rpm -verify` on the package system-config-services comes in and 
>> any it
>> depends on may be in order.
>>
> ok, tried it and rpm returns nothing. Must be ok.
>

Most likely, but sanity checks are most times a good thing to do when you know 
you are operating in the box wall or on the other side of it, and things seem 
a bit strange. :)

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter




More information about the fedora-list mailing list