GNUDip软件安装和使用
2008-01-08 17:08
375 查看
1.原理
2.环境准备
1.Perl2.Bind8/Bind9(要有nsupdate指令)
3.Sendmail/Exim/qmail/Postfix(的sendmail指令)
4.MySQL/PostgreSQL(用作儲存帳號,本筆記不用,改用filesystem)
3.安装过程
3.1.安装GNUDip软件
解压后把gnudip目录拷贝到/usr/local下面。3.2.数据库脚本
Mysql启动使用/etc/rc.d/init.d下的脚本。安装GnuDip数据库脚本:
#mysql--user=root-fvp<gnudip.mysql
3.3.Gnudip配置
修改/usr/local/gnudip/etc/gnudip.conf,令GnuDIP可以成功更新DNS。把生成的密钥文件.key和.private都拷贝到/usr/local/gnudip/etc下.
#BINDnsupdatecommand
nsupdate=/usr/bin/nsupdate-v
nsupdate=-k/usr/local/gnudip/etc/Kgnudip-key.+157+xxxxx.private(就是剛才產生的keyfile)
3.4.启动
在/etc/xinetd.conf下面加入代码servicegnudip
{
flags=REUSE
socket_type=stream
protocol=tcp
wait=no
user=nobody
server=/usr/local/gnudip/sbin/gdipinet.pl//保证该文件的绝对路径
bind=0.0.0.0
}
4.WEB环境配置
4.1.配置Apache
Apache缺省配置文件:/etc/httpd/conf/httpd.conf1.Apache改为由nobody用户启动
#Userapache
#Groupapache(可不设置)
Usernobody
2.添加GnuDip的页面设置
Alias/gnudip/html//usr/local/gnudip/html/
<Location/gnudip/html/>
OptionsIndexes
ReadmeName.README
HeaderName.HEADER
RemoveHandler.pl
RemoveType.pl
AddTypetext/plain.pl
</Location>
ScriptAlias/gnudip/cgi-bin//usr/local/gnudip/cgi-bin/
4.2.确认Gnudip配置文件属性
确认一下/usr/local/gnudip/etc目录下文件owner是nobody,并且文件只nobody可读。4.3.添加WEB管理员
/usr/local/gnudip/sbin下运行./gdipadmin.plusernamepassword
4.4.访问WEB工具
重启Apache后就可以访问了.http://yourserver/gnudip/cgi-bin/gnudip.cgi?action=signup
如果页面报错,访问apache日志文件。
4.5.添加用户
cd/usr/local/gnudip/sbin目录里面然后执行./gdipadmin.pltest123456为gnudipserver添加用户
gdipuseradd.pl–ppassworduserdomain
也可以在管理界面上添加。
5.TCP协议
ASCIIis(ofcourse)usedforrepresentingprintablecharacters.TheclientmakesaTCPconnectiontotheappropriateportontheserverhost.Thisportisnormally3495,butaGnuDIPsitecouldchooseanotherport.
Assoonastheconnectionisestablishedtheserverwillsendarandomlygenerated10character"salt"string.Thisisusedinthefollowingalgorithmforhashingthepassword:
Digesttheuser'spasswordusing
Appendaperiod(".")andthesaltvaluetocreatealongercharacterstring.
Digestthislongercharacterstringandconvertittoitshexadecimalcharacterrepresentation.
TheupdatemessagecharacterstringisthentransmitedtotheGnuDIPserver.Thismustbeinoneoftheseforms:
user_name:hashed_password:domain:0:address
ThisrequeststhattheIPaddressprovidedberegisteredasthe(only)addressforFQDNuser_name.domain.
Inthemostcommoncase,theclientwouldpasstheaddressitdetectsatitsendoftheconnection.
Bydefault,forcompatibilitywithearlierreleasesofGnuDIP,theGnuDIPserverwillallowtheIPadddresstobeomitted.IftheIPaddressisnotprovided,theserverwritesanoticetothelog,andtheIPaddresstheserverdetectsattheotherendoftheconnectionisregisteredinstead.Notethatthesetwoaddresseswillbethesameunlesstheclientisbehindsomesortofproxy.Howeverasiteoperatormaychoosetooverridethisbackwardscompatibility,inordertodiscouragetheuseofoldclients.
Inresponsetothismessage,theserverwillreturnoneof:
1
Thisindicatesaninvalidlogin.
0
Thisindicatesasuccessfulupdate.
user_name:hashed_password:domain:1
ThisrequeststhatanyIPaddresscurrentlyregisteredforFQDNuser_name.domainberemoved("offline"request).TheFQDNuser_name.domainwillnolongercorrespondtoanyIPaddress.
Inresponsetothismessage,theserverwillreturnoneof:
1
Thisindicatesaninvalidlogin.
2
Thisindicatesasuccessfuloffline.
user_name:hashed_password:domain:2
ThisrequeststhattheserverdeterminetheIPaddressitseesattheclientendoftheconnection,andregisterthatasthe(only)addressforFQDNuser_name.domain.ThisIPaddresswillalsobereturnedtotheclient.
Inresponsetothismessage,theserverwillreturnoneof:
1
Thisindicatesaninvalidlogin.
0:address
Thisindicatesasuccessfulupdateandprovidestheaddressthatwasregistered.
6.HTTP协议
TheHTTPversionoftheprotocolrequirestheclientissueanHTTPGETrequest,parsetheresponse,useMD5toobscurethepassword,issueasecondHTTPGETrequestandparsethatresponse.Wefirstgiveaconceptualoverview,thenaconcreteexample.IfaGnuDIPsiteoperatorfollowsthedefaultinstallationprocedure,thepathpartoftheURL(thepartafterthehostname)fortheHTTPupdateserverCGIscriptwillbe/gnudip/cgi-bin/gdipupdt.cgi.
InthefirstHTTPGETrequest,noquerystring(thepartofanURLafterthe"?")isprovided.Itisinterpretedasa"requestforasalt".Theresponsecontainsthreepiecesofdata:
arandomlygenerated10character"salt"string
a"timesaltgenerated"value
a"signature"
ThesevaluesarepassedinHTMLmetatags,asinthisexample:
<metaname="salt"content="XLCDgXvzSo">
<metaname="time"content="1002164730">
<metaname="sign"content="8278f108c83d822048ce0375bede5c15">
Eachmetatagwillbeonitsownlineandleftjustifiedontheline.Thewhitespacegapsbefore"name="and"content="willeachconsistofasinglespace.Thetagswillbeintheordershown.TherewillbenootherHTMLmetatagsintheresponse.
Thesaltisusedinthefollowingalgorithmforhashingthepassword:
Digesttheuser'spasswordusing
Appendaperiod(".")andthesaltvaluetocreatealongercharacterstring.
Digestthislongercharacterstringandconvertittoitshexadecimalcharacterrepresentation.
NowthesecondHTTPGETrequestisissued.Inthisrequestthequerystring(thepartofanURLafterthe"?")containsthefollowingparameters:
the"salt"fromthefirstresponse("salt=")
the"timesaltgenerated"valuefromthefirstresponse("time=")
the"signature"fromthefirstresponse("sign=")
theGnuDIPusername("user=")
theGnuDIPdomainname("domn=")
theMD5digestedpasswordcreatedabove("pass=")
theserver"requestcode"("reqc="):
"0"-registertheaddresspassedwiththisrequest
"1"-gooffline
"2"-registertheaddressyouseemeat,andpassitbacktome
theIPaddresstoberegistered,iftherequestcodeis"0"("addr=")
Arequestwitharequestcodeof"0"andanaddressof"0.0.0.0"willbetreatedasanofflinerequest.
Thisisanexampleofaquerystring:
salt=XLCDgXvzSo&time=1002164730&sign=8278f108c83d822048ce0375bede5c15&user=gnudip&pass=305dff8b78e694a02eafb0c19e48292f&domn=dyn.mpis.net&reqc=0&addr=192.168.0.4
Theresponsetothesecondrequestcontains:
thereturncode
"0"-successfulupdate
"1"-invalidlogin(orotherproblem)
"2"-successfuloffline
theIPaddressthattheserverregistered,forrequestcode"2"
ThesevaluesareagainpassedinHTMLmetatags,asinthisexample:
<metaname="retc"content="0">
<metaname="addr"content="24.81.172.128">
Eachmetatagwillbeonitsownlineandleftjustifiedontheline.Thewhitespacegapsbefore"name="and"content="willeachconsistofasinglespace.Thetagswillbeintheordershown.TherewillbenootherHTMLmetatagsintheresponse.
ThisprotocolallowstheGnuDIPserverto"timeout"theprompt.Iftheresponsedoesnotcomewithin60seconds(forexample),itwouldbedenied.Thesignatureisgeneratedusingakeyknownonlytotheserver.Thisallowstheservertoknowthatthe"salt"and"timegenerated"valuearevalid,withouthavingtomaintainstateinformationontheserverside.
6.1.交互例子
======>REQUESTSALT
GET/gnudip/cgi-bin/gdipupdt.cgiHTTP/1.0
User-Agent:GnuDIP/2.3.3
Pragma:no-cache
Host:www.2mbit.com:80
<======
HTTP/1.1200OK
Date:Thu,04Oct200103:05:30GMT
Server:Apache/1.3.20(Unix)(Red-Hat/Linux)
Connection:close
Content-Type:text/html
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIPUpdateServer
</title>
<metaname="salt"content="XLCDgXvzSo">
<metaname="time"content="1002164730">
<metaname="sign"content="8278f108c83d822048ce0375bede5c15">
</head>
<body>
<center>
<h2>
GnuDIPUpdateServer
</h2>
Saltgenerated
</center>
</body>
</html>
======>REQUESTUPDATEPROVIDINGADDRESS
GET/gnudip/cgi-bin/gdipupdt.cgi?salt=XLCDgXvzSo&time=1002164730&sign=8278f108c83d822048ce0375bede5c15&user=gnudip&pass=305dff8b78e694a02eafb0c19e48292f&domn=dyn.mpis.net&reqc=0&addr=192.168.0.4HTTP/1.0
User-Agent:GnuDIP/2.3.3
Pragma:no-cache
Host:www.2mbit.com:80
<======
HTTP/1.1200OK
Date:Thu,04Oct200103:05:30GMT
Server:Apache/1.3.20(Unix)(Red-Hat/Linux)
Connection:close
Content-Type:text/html
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIPUpdateServer
</title>
<metaname="retc"content="0">
</head>
<body>
<center>
<h2>
GnuDIPUpdateServer
</h2>
Successfulupdaterequest
</center>
</body>
</html>
======>REQUESTSALT
GET/gnudip/cgi-bin/gdipupdt.cgiHTTP/1.0
User-Agent:GnuDIP/2.3.3
Pragma:no-cache
Host:www.2mbit.com:80
<======
HTTP/1.1200OK
Date:Thu,04Oct200103:05:55GMT
Server:Apache/1.3.20(Unix)(Red-Hat/Linux)
Connection:close
Content-Type:text/html
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIPUpdateServer
</title>
<metaname="salt"content="LNTVoHkDnW">
<metaname="time"content="1002164756">
<metaname="sign"content="ce0d8f34a8b4e1263208230fdce9b54d">
</head>
<body>
<center>
<h2>
GnuDIPUpdateServer
</h2>
Saltgenerated
</center>
</body>
</html>
======>OFFLINEREQUEST
GET/gnudip/cgi-bin/gdipupdt.cgi?salt=LNTVoHkDnW&time=1002164756&sign=ce0d8f34a8b4e1263208230fdce9b54d&user=gnudip&pass=05d5e9b575fd1b6a36412af5e2f59973&domn=dyn.mpis.net&reqc=1HTTP/1.0
User-Agent:GnuDIP/2.3.3
Pragma:no-cache
Host:www.2mbit.com:80
<======
HTTP/1.1200OK
Date:Thu,04Oct200103:05:56GMT
Server:Apache/1.3.20(Unix)(Red-Hat/Linux)
Connection:close
Content-Type:text/html
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIPUpdateServer
</title>
<metaname="retc"content="2">
</head>
<body>
<center>
<h2>
GnuDIPUpdateServer
</h2>
Successfulofflinerequest
</center>
</body>
</html>
======>REQUESTSALT
GET/gnudip/cgi-bin/gdipupdt.cgiHTTP/1.0
User-Agent:GnuDIP/2.3.3
Pragma:no-cache
Host:www.2mbit.com:80
<======
HTTP/1.1200OK
Date:Thu,04Oct200103:06:59GMT
Server:Apache/1.3.20(Unix)(Red-Hat/Linux)
Connection:close
Content-Type:text/html
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIPUpdateServer
</title>
<metaname="salt"content="FWhclL9QKf">
<metaname="time"content="1002164819">
<metaname="sign"content="db1bb954db78f1fbe9749e063f770636">
</head>
<body>
<center>
<h2>
GnuDIPUpdateServer
</h2>
Saltgenerated
</center>
</body>
</html>
======>REQUESTUPDATEWITHADDRESSSEENBYSERVER
GET/gnudip/cgi-bin/gdipupdt.cgi?salt=FWhclL9QKf&time=1002164819&sign=db1bb954db78f1fbe9749e063f770636&user=gnudip&pass=ce2fe5f986d7e2f31060aeb35d4b9c2e&domn=dyn.mpis.net&reqc=2HTTP/1.0
User-Agent:GnuDIP/2.3.3
Pragma:no-cache
Host:www.2mbit.com:80
<======
HTTP/1.1200OK
Date:Thu,04Oct200103:07:00GMT
Server:Apache/1.3.20(Unix)(Red-Hat/Linux)
Connection:close
Content-Type:text/html
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIPUpdateServer
</title>
<metaname="retc"content="0">
<metaname="addr"content="24.81.172.128">
</head>
<body>
<center>
<h2>
GnuDIPUpdateServer
</h2>
Successfulupdaterequest
</center>
</body>
</html>
7.命令集
添加普通用户#gdipuseradd.pl-h
usage:gdipuseradd.pl{-h|[-ppassword][-memail]userdomain}
usage:AddGnuDIPuser"user"withindomain"domain"with
usage:password"password"and(optionally)E-mailaddress"email".
usage:-h:Printthisusagemessage.
usage:-p:Specifycleartextpassword.ThestoredpasswordwilltheMD5
usage:hashofthisvalue.Passwordisdisabledifnotspecified.
usage:-m:SpecifyE-mailaddress.
若用户已经存在,返回信息如下:
User"user.domain"alreadyexists
若用户不存在,返回信息如下:
Addeduser"user.domain"
修改普通用户
#gdipusermod.pl-h
usage:gdipusermod.pl{-h|
usage:[-memail][-ppassword][-xrawpassword]
usage:[-w{YES|NO}][-y{YES|NO}][-r]
usage:userdomain}
usage:ModifyGnuDIPuser"user"withindomain"domain".
usage:-h:Printthisusagemessage.
usage:-m:SpecifyE-mailaddress.
usage:-p:Specifycleartextpassword.Thestoredpasswordwill
usage:theMD5hashofthisvalue.
usage:-x:Specifythehashedpassword.Thiswillbestoredas
usage:passwordhashvaluewithoutanychange.
usage:-w:Allow("YES")ordisallow("NO")wildcards.
usage:-y:Allow("YES")ordisallow("NO")MXrecords.
usage:-r:RemoveallDNSinformation.
普通用户删除
#gdipuserdel.pl-h
usage:gdipuserdel.pl{-h|userdomain}
usage:DeleteGnuDIPuser"user"withindomain"domain".
usage:-h:Printthisusagemessage.
查询普通用户信息
#gdipuserget.pl-h
usage:gdipuserget.pl{-h|userdomain}
usage:DisplayGnuDIPuser"user"withindomain"domain".
usage:-h:Printthisusagemessage.
Hereisademonstrationoftheiruse:
#gdipuseradd.pl-ptestpass-mrob@demo.comrobdyn.yourhost.com
Addeduser"rob.dyn.yourhost.com"
Afterlogginginas"rob.dyn.yourhost.com"andsettingtheIPaddress:
#pingrob.dyn.yourhost.com
PINGrob.dyn.yourhost.com(127.0.0.1):56octetsdata
64octetsfrom127.0.0.1:icmp_seq=0ttl=255time=0.2ms
64octetsfrom127.0.0.1:icmp_seq=1ttl=255time=0.1ms
---rob.dyn.yourhost.compingstatistics---
2packetstransmitted,2packetsreceived,0%packetloss
round-tripmin/avg/max=0.1/0.1/0.2ms
#gdipuserget.plrobdyn.yourhost.com
Retrieveduser"rob.dyn.yourhost.com"
MXbackup=NO
wildcard=NO
password=179ad45c6ce2cb97cf1029e212046e81
forwardurl=
allowmx=NO
MXvalue=
autourlon=
level=USER
currentip=127.0.0.1
username=rob
allowwild=NO
updated=2002-05-2420:43:01
domain=dyn.yourhost.com
email=rob@demo.com
#gdipusermod.pl-mdummy@yourhost.comrobdyn.yourhost.com
Updateduser"rob.dyn.yourhost.com"
#gdipuserget.plrobdyn.yourhost.com
Retrieveduser"rob.dyn.yourhost.com"
MXbackup=NO
wildcard=NO
password=
forwardurl=
allowmx=NO
MXvalue=
autourlon=
level=USER
currentip=127.0.0.1
username=rob
allowwild=NO
updated=2002-05-2420:44:15
domain=dyn.yourhost.com
email=dummy@yourhost.com
#gdipuserdel.plrobdyn.yourhost.com
User"rob.dyn.yourhost.com"hasbeendeletedandremovedfromDNS
#pingrob.dyn.yourhost.com
ping:unknownhostrob.dyn.yourhost.com
The"parameter=value"linesprintedbygdipuserget.plgotostandardoutput.Alloftheothermessagesfromthesecommandsgotostandarderror.
Thereturncodesare:
0-Success
1-Usernotfoundoralreadyexists,asappropriate
2-Usererrororconfigurationerror-message(s)issued
8.客户端gdipc的使用
下载gnudip-2.3.5-gdipc-sa.exe8.1.配置:
C:/gdipc/gdipc-c其中,
Username:服务器分配的用户名
Domain:服务器指定的域名
Password:服务器设定的口令
可以选择TCP或HTTP模式。
配置写入文件:gdipc.conf.txt
[Note]:
用户的动态域名=[Username].[Domain]
8.2.运行
C:/gdipc/gdipc相关文章推荐
- Linux(CentOS)中常用软件安装,使用及异常——Zookeeper, Kafka
- 使用非官方软件在windows上安装libsvm
- 64位操作系统下使用YUM下只安装纯净64位软件包的设定
- 安装程序制作软件“Smart Install Maker”使用教程
- Linux(CentOS6.x)下使用yum软件管理工具安装LNMP(Nginx+PHP+Mysql)环境并配置虚拟主机vhost
- 使用zap文件安装软件
- Ubuntu下使用源码文件安装软件(二)
- 软件安装——linux使用教程(三)
- Ubuntu16.04下使用wine安装软件时汉字显示为方块的解决办法
- 在 Linux 上安装和使用恶意软件检测工具 LMD
- 云端是一个软件平台,拥有丰富的资源。在云端使用软件,无需安装,一点,下载,直接使用。
- win7安装 git软件,如何使用git上传本地代码
- 更新机器 后,软件的安装和程序的使用问题总结
- RedHat 安装软件源“Unable to read consumer identity”解决:使用非注册的软件源
- 在Centos中yum安装和卸载软件的使用方法(转)
- 使用apt-get install安装软件时,提示could not get lock /var/lib/dpkg/lock
- Mac入门(三)使用brew安装软件
- 实验:基本的系统安全控制 实验环境 某公司新增了一台企业级服务器,已安装运行RHEL 6操作系统,由系统运维部、软件开发部、技术服务部共同使用。由于用户数量众多,且使用时间不固定,要求针对账号和
- Memcached使用文档安装软件及例子
- [Linux][入门系列]CentOS 的基础使用-yum使用手册(下):yum安装高版本软件