Get news? 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | About | Contact Want to help?

Linux-Kongress 2002
9th International Linux System Technology Conference
September 4-6, 2002 in Cologne, Germany

Home | Events | Program | Abstracts | Tutorials | BoFs | Fees | Exhibition | Location | Accommodations | Keysigning Party | Sponsors | Supporters | Reports and Photos | Papers and Slides | Call for Papers

Tutorials

Tutorials deliver in-depth information by experts on their subject. They are a great chance to learn something new, quite often from the developers themselves. You are treated to an afternoon of intense learning and will come away with a good understanding of the subject.

All tutorials are scheduled in parallel on Wednesday, September 4 from 12:30 to 18:00. Two coffee breaks are included, so there is a speaking time of about 4.5 hours. Participants will get printed documentation specially drawn up for these tutorials. See the fees page for information about prices. All tutorials are presented in English.

You have to decide which tutorial to take when you register as there are only limited seats available. We offer the following five tutorials:

T1: Debian Packaging Tutorial by Roman Hodek

The well-known Debian GNU/Linux distribution uses a rather sophisticated packaging system that allows for great flexibility. A distribution-wide policy document regulating various aspects of how packages work ensures that all components work well together and smoothly integrate into the system.

This tutorial should cover all aspects necessary to create and maintain Debian packages. Starting at the standard procedure of "debianizing" some piece of software, we will look at the contents of the various files in the debian/ subdirectory and their meanings. Next will be the process and the tools needed for building and uploading packages for inclusion in the distribution. The Debian policy will take influence at any point, explaining its requirements and why they are needed to make packages work together.

After that general part, we can have a look at more specific aspects like the various available packaging helper tools (debhelper, yada, etc.), the shared library dependency mechanism, build dependencies, generating multiple binary packages from one source, menu entries, advanced handling of configuration files, interaction with the build daemon, and much more as requested and time permits.

I hope the tutorial will be --at least after the basic part-- much driven by the audience. The experience with the last Debian tutorial in Augsburg (1999) showed that many people already come with specific questions about problems they currently have or recently had. I will offer my expertise to solve these and derive general guidelines for the rest of the audience if they ever come along a similar task.

The tutorial is intended for technicians who want to get an insight in how Debian packaging works, either because they want to contribute to Debian itself, work on Debian-derived distributions, or want to develop in-house local additions to Debian systems, or who are just curious how all that works. Also welcome are novice to mid-skilled Debian maintainers who want to learn more about some details and inner workings. A little experience with Debian at least from user perspective is surely helpful.

About the speaker:

I am a Debian developer since 1996 and maintain around 10 packages at the moment, but the number and which ones always greatly varied over time. I have debianized a number of packages and have seen most of the problems that can arise. I was also involved in some developments that touch packaging, for example the 2.0 source format, build dependencies, and a few more.

I was heavily involved in the m68k port of Debian, which was the first non-i386 architecture. In that process I debugged lots of portability problems in numerous packages, either in the upstream source or in the packaging itself.

I'm also the main author of the Debian build daemon, that is used by nearly all architectures in the meantime. In addition I still administer one of the m68k daemons and review the build logs. In that context I also debugged really many packaging bugs and learned a lot about all sorted of trouble that can happen...

Related links:

T2: Advanced Samba Configuration by Volker Lendecke

Samba is a freely available suite of programs that allows UNIX based machines to provide file and print services to Microsoft Windows PC's without installing any third party software on the clients. This allows users to access necessary resources from both PC's and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see 'configuring Samba servers' listed as a desired skill on many job descriptions for network administrators.

This tutorial shows Samba administrators the latest developments in the area of Windows NT domains and latest features of the upcoming Samba 3.0:

  • Connect Samba to a Windows NT domain
  • Import the NT user database into Linux using winbind
  • Administer a Linux/Samba NAS box from Windows NT Server Manager
  • Use the Samba 2.2 NT Printer Subsystem
  • Set up a Primary Domain Controller using Samba and OpenLDAP
  • Set up a Samba->Samba replicated Backup Domain Controller
  • Set up Samba 3.0alpha as an Active Directory Member Server

Target audience: This tutorial is intended for Samba administrators who wish to integrate their Samba machines more seamlessly into their NT/2000 environment. Familarity with Samba as a standalone server will be assumed.

About the speaker:

Volker Lendecke has sent his first fixes to Samba in February 1994. He has been Samba Team member since about 1996. His main contribution to Samba has been the first implementation of the SMB file system for Linux. Another contribution to the Samba project are his Samba course notes which are quite popular in Germany as an introduction to NetBIOS and Samba. Volker is a mathematician with a degree from the University of Goettingen, Germany. In 1997 he co-founded the Service Network GmbH, a security and network consulting company. There he does a lot of training and consulting, most of which currently is about Samba and Security.

Related links:

T3: The New Generation of Printing: CUPS and Foomatic by Till Kamppeter and Kurt Pfeifle

Printing is one of the most complicated day-to-day tasks happening in IT -- on all OS platforms...

For long time Linux and Unix printing relied on technology of the 70ies, using the venerable "Line Printer Daemon". LPD originally was developed for ASCII-only text printers. Nowadays the printers are much different. They don't only print text: Colours, graphics, photos, different paper types, stapling, binding, and more are state-of-the-art. But still variations of this ancient terminal-based printing system, while not supporting all these options and difficult to maintain in networks, are in widespread usage.

Two developments from recent years make lives much easier, for users and system administrators alike:

  • the printer spooler CUPS (the Common Unix Printing System), including a network PostScript and image file RIP (Raster Image Processor) and
  • Foomatic from linuxprinting.org, a spooler-independent infrastructure for integration of printer drivers.

Both packages are highly beneficial for all users, whether there is only one printer at a home PC to be run, or hundreds in an enterprise network.

CUPS provides a very easy-to-use and flexible networking architecture: Printers set up on one server are automatically made available to all clients. No configuration is needed on clients. Changes on a server propagate to the clients within a minute. Client-side printer-setup is "Plug'n'Play", with "Zero Administration" rather than configuration marathons. Due to the IPP (Internet Printing Protocol) used by CUPS, being based on HTTP 1.1, common internet standards, like Basic and Digest Authentification, SSL, TLS, LDAP, SLP, ... are easily bolted into the framework.

CUPS gives every Linux or Unix desktop user instantaneous access to almost all conceivable device features (as paper size, input tray, output quality, stapling, ...). To this end it uses the PPD file ("PostScript Printer Description") concept.. The PPD file format specification has been developed and still is maintained by Adobe. There are two fundamentally different types of "PPD" files:

  • "Original" PPD files come with every PostScript printer and are provided by the manufacturer.
  • For non-PostScript printers they come with any CUPS driver or from the Foomatic system.

The original PPD files expect the PostScript printfile to be processed by the printer-builtin RIP (Raster Image Processor). They add the knowledge about device-specific printoptions and how they are controlled to the "normally" device-independent PostScript page description.

The PPD files for non-PS devices do by and large the same thing, but they additionally carry a call for a device-specific "filter" inside, which is executed *before* the PostScript job is sent to the printer. This filter is basically doing the same job as the builtin RIP of a PostScript printer would do -- but is doing it on the print server side, before the job enters the realm of the print device.

There is also a difference between the Foomatic and the "native" CUPS PPDs and drivers:

  • "Normal" CUPS drivers take as their starting point of work the generic "CUPS Raster" file format. CUPS Raster is generated in the first stage of the CUPS Rendering/RIP-ping process by the CUPS RIP from a PostScript input, with device-specific raster drivers working their way in a separate, second stage.
  • Foomatic CUPS drivers are standard Ghostscript "devices", which take off at an earlier stage, when the printfile is still in its PostScript stadium. They use exactly the same Rendering/RIP-ping procedure as any other Ghostscript-based software.

While Foomatic was originally "invented" to help provide more CUPS drivers, it has now developed beyond CUPS-only support. Foomatic nowadays is a database system which integrates *every* free software printer driver with every free spooler. It makes all the driver's options available for users, using concepts lifted from the CUPS codebase and utilizing those in other, more traditional spoolers.

Foomatic's main part is an XML database. The database contains entries for more than 800 printers. This includes their possible drivers and how they are supported. Their GhostScript command line and all user-suppliable options are documented.

To set up a printer with Foomatic is a straight-forward task:

  • surf to Linuxprinting.org;
  • select the printer model from a list;
  • read the documentation hints about the different drivers for that model;
  • choose one driver (there is always a recommended one based on the quality provided, even if it is slower than others);
  • select the spooler in use;
  • generate online a configuration file based on the previous selections (for CUPS this will be a PPD);
  • download configuration file and some helper files (cupsomatic, gs-wrapper) according to the documentation provided there.

A perfectly working printer for hi-res photo quality output can be configure within one minute (provided you've got a fast internet connection).

One can also install the complete Foomatic package. This way one can generate and maintain printer queues, handle jobs, and even print with the Foomatic scripts: The scripts provide a unique command line syntax for all spoolers. Foomatic thus takes the role of a printsystem meta-configurator, providing one interface to different print sub-systems (CUPS, LPRng, PDQ, BSD-LPD, PPR...)

Both CUPS and Foomatic form new printing standards. They are used or planned to be used in nearly every Linux distribution. They are ready-to-use on all Unix-based systems (like Mac OS X).

The tutorial will not be a boring "slides-only" talk. If you expect this, look for another one!

  • We will demonstrate how to set up printers with CUPS and Foomatic.
  • We will demonstrate networked printing with CUPS and Samba.
  • We will demonstrate the different graphical interfaces for printing.
  • We will demonstrate print queue administration, user quotas, and much more.

And all this will not only be explained in theory, but accompanied by many live demonstrations.

The approach to the workshop is flexible. Participants will be able to ask for emphasis on certain topics at the beginning of the session. They might even bring their laptops and get help to setup their printing system or troubleshoot some weird problem....

Target audience: Everybody -- experienced network administrators as well as "home-only" users.

Required skills: None -- but danger! Your knowledge about traditional Unix printing might look very obsolete after attending this session...

 

About the speakers:

Till got to the free software with contributions to X-CD-Roast as Unix/Linux system administrator in a university. First own project was the X Printing Panel (XPP) which lead him to get employed by MandrakeSoft in Paris, where he is responsible for the printing infrastructure of Mandrake Linux. His main project now is maintaining Foomatic and the printer database on www.linuxprinting.org, on which he did a lot of improvements, as entering descriptions of the GhostScript command lines of all drivers, adding PPR support, implementing spooler-agnostic printer admin/usage scripts, simplifying the installation, ... He is also in the Printing Working Group of FreeStandards.org and gave several talks and presentations on free-software-related events.

Kurt wrote the first-ever articles appearing in German on CUPS for Linux-Magazin while he was still a Linux-Greenhorn, early in 2000. Till happened to read those, which prompted him to start developing XPP as a GUI frontend to CUPS. After Kurt had donated his author's fee to KDE in the vain attempt to bribe them into writing a KDE frontend for CUPS, their empire stroke back and intertwined him into its own framework of documentation writing, website maintainance, release-dates and showcase events. While money didn't work originally, happily some developers a little time later started qtcups and kups on their own motivation, which now has evolved into the complete network printing framework, making KDE ready for Enterprise desktop printing requirements. Kurt's job as a system specialist, working for Danka Deutschland, one of the biggest manufacturer-independent vendors of digital printing solutions (hardware and software), should make him a reliable judge for this positive verdict.

While Till (Paris) and Kurt (Stuttgart) happen to meet in online-Forums quite regularly, this is their first joint tutorial as instructors. Let's hope they get along well [;-)]

Related links:

T4: IPsec in action: Secure Wireless Networks by Ralf Spenneberg

This tutorial will be an introduction to IPsec. To provide a real world example we will cover the setup of an Encrypted Wireless Linux Access Point using FreeS/wan.

Wireless local area networks are popping up everywhere. Unfortunately securing these networks is almost impossible. They do not provide any physical borders like traditional networks. Using strong antennas, the signals can be picked up several miles away.

The hardware manufacturers of the wireless cards invented the Wired Equivalent Privacy (WEP) encryption mechanism. WEP can be used using 40 and 104 Bit keys. This encryption mechanism has flaws which allow the retrieval of the encryption key by passively sniffing the traffic. Once the key is retrieved the traffic can be decrypted. This attacks are very likely, since the mandatory tools are available as Open Source software.

This tutorial will address the problem using the IPsec protocol to ensure the security of the transmitted information.

The following topics will be covered and shown live:

  • Introduction to IPsec and its protocols.
  • Setup of IPsec using FreeS/wan.
  • Setup of opportunistic encryption for Linux clients.
  • Using x509 certificates for the authentication in heterogenous networks.
  • Configuring Linux as an IPsec gateway.
  • Setup of a Wireless Linux Access Point.
  • Testing the access point with Linux and Windows clients.

The intended audience of this short course are Linux/UNIX Administrators wishing to implement a secure wireless solution using Linux. Experiences using IPsec are helpful but not mandatory. Knowledge of Linux and the TCP/IP protocol is required.

The level of the material is INTERMEDIATE.

About the speaker:

The Author has used Linux for the last 8 years. Since 1996 he worked as a scientific assistant at the Center for Molecular Biology of Inflammation at the University of Münster. There he worked on several bio-informatics projects and was the head of the network administration and security group. The last 3.5 years he worked as a freelancer in the Linux/UNIX field. Most of the time he provides Linux/UNIX training. His specialty is network administration and security (firewalling, VPNs, intrusion detection). He has developed several training classes used by Red Hat and GfN.

T5: Hands-On Tutorial for NSA Security Enhanced Linux by Russell Coker

The start of the tutorial will be about using SE Linux, the limitations on a root account will be demonstrated on a test server. Everyone will have root access, but be prevented from damaging the system or interfering with other users.

After that phase every group of three people will have administrative access to a SE Linux machine and be taught how to change SE settings, and write new security policy files.

About the speaker:

I have been a Debian developer for several years.

My paid work is usually running ISPs although I am currently working on Linux appliances for Internet use.

In the past I have worked as a C/C++ programmer.

I used to spend a lot of time writing benchmark programs, but now that Linux is reliable enough that I can't kill it, and hardware is cheap and fast enough that I don't usually have to wait excessively I have been less interested in that area.

Now I believe that security is an area where improvement is needed.

Last year at OLS I spent some time talking to Peter A. Loscocco, and became convinced of the value of SE Linux. Now I plan to install it on my servers as soon as I get it packaged for Debian...


Comments or Questions? Mail to contact@linux-kongress.org Last change: 2005-09-17