Starting from version 4.1.x of MySQL and above, an authentication protocol based on a password hashing algorithm that is incompatible with that used by older MySql clients.

So the older mysql clients cannot talk to the newer MySql servers because of the disparity in authentication methods.

Any attempts to connect to it with an older client may fail with the following message:

Error (1250) : Client does not support authentication protocol requested by server; consider upgrading MySQL client 

I don’t want to recompiling php with the new mysql client libraries but what I did is reset the password to pre-4.1 style for each user that needs to use a pre-4.1 client program. This can be done using the SET PASSWORD statement and the OLD_PASSWORD()  function:

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
mysql> UPDATE mysql.user
    -> SET password=OLD_PASSWORD('yourpasswd')
    -> WHERE user='root'
    -> AND host='localhost';
Query OK, 1 row affected (0.07 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec)

My previous posting regarding smtp port 25 blocked by tmnet where TM will block OUTBOUND Simple Mail Transfer Protocol (SMTP) traffic or port 25 for all outgoing e-mails from streamyx dynamic IP addresses.

For those running qmail server, this is the way how to configure qmail-smtpd to listen on another port 587 instead of default port 25. In other word qmail-smtpd will listen on 2 different ports, 25 and 587.

First we copy /var/qmail/supervise/qmail-smtpd to /var/qmail/supervise/qmail-smtpd2 and edit the run script located in the qmail-smtpd2 directory and change the smtp port to 587.

# cd /var/qmail/supervise
# cp -rf qmail-smtpd qmail-smtpd2
# cd qmail-smtpd2
# vi run

Read more »

Do you know you can have a webmail for your own domain name which interface similar like gmail?
It’s powered by Google where email is more intuitive, efficient and useful.

To register : http://www.google.com/a/cpanel/domain/new and follow this instructions how to migrate from your existing boring webmail system to gmail like webmail.

Step 1: Choose a domain name, I use mazuhan.com as I sign up for my domain

Step 2: Sign up for Google Apps Standard Edition

To get started with Google Apps Standard Edition, you will need to fill out a few details about number of users, account administrator details and organization info.

Read more »

By default Centos 4 doesn’t have awstats.

Running yum install awstats, unable to detect awstats installation as it’s not default base and updates repositories from Centos.
In order to overcome this issue, I installed another repositories which is RPMForge.

Installing RPMForge is quite easy. In this case my Centos distro is Centos 4 version.

First we have to install yum-plugin-priorities

# yum install yum-plugin-priorities

To be able to use this plugin, we must enable plugins in our /etc/yum.conf file.

Read more »

I have web server which serving forum service and it’s powered with few linux web server boxes.

Time accuracy for the forum posting for each server is quite critical. If not, all posting from different server will be mess up.

To keep server time in sync for all servers I install NTP daemon and here is what the step taken on my Linux box :

1. Install the ntp service if it’s not already installed.

   # yum install ntp

2. Both UDP port 123 have to be open for incoming and outgoing on the firewall.
3. Find a reliable close ntp pool server. For default installation ntp server should be

   server 0.pool.ntp.org
   server 1.pool.ntp.org
   server 2.pool.ntp.org

Read more »

OpenSSH is a FREE version of the SSH and often it’s default ssh server for most linux distros.

To enhance sshd security, you can follow these quickest and easy method to better protect your linux box.

1. Secure your sshd_config

First of all you want to further secure your sshd_config file and can be found in /etc/ssh/ directory.

#cd /etc/ssh
#vi sshd_config

Disable root login:
Never login as a root and instead use normal user to login then become as root by issuing su command.

Now find the line PermitRootLogin , and if it’s says PermitRootLogin no then you already safe from root login, otherwise change from yes to no.

Change sshd port number:
Default sshd port number is 22. You can change it to any random 4 or 5 digit number. Example change to 2925

Find where it says: Port 22 and change it to Port 2925.

Binding to SSH version 2:
Find this line Protocol 2,1 and change it to Protocol 2 to allow access to ssh version 2. It’s more secure than ssh version 1.

Save the new changes and make it effect by issue this command

# /etc/rc.d/init.d/sshd restart

2. Use tcp wrappers

Second method is using tcp wrappers hosts.allow and hosts.deny files in /etc directory to only allow from trusted host to access ssh server.

Lets say your trusted host is 192.168.2.5, then your hosts.deny/hosts.allow example :

# vi /etc/hosts.allow
sshd: 192.168.2.5

#vi /etc/hosts.deny
sshd: ALL

Your can replace this with your specific ip or your trusted host ip. Save the changes you have made.

By implementing these methods, at least your sshd can be more protected instead of leaving you sshd server default installation wide open to outsider.

Normally after I finish installing the Linux OS in my machine, the first sport check I often go through is checking what are service daemons to be enable or disable during boot time. It’s due to Red Hat / Centos come with a lot of services that are pre-configured to run at boot. It’s also to determine that I’m not running unnecessary services that are simply sucking up my precious CPU time and my server resources.

To enable or disable linux daemons and services at boot time on Red Hat/Centos, in your linux console ( after become a su ), I just issue this command :

[root@xxxx xxxx]# setup

From Choose a Tool menu, select the System services –> Run Tool to access the Services menu as below.

The following is a list based on one of my testing machine and some of the services may not listed here.

Read more »

What are blogs you regularly visit? As making online money is major concern for problogger or semiproblogger, here is the list of blogs I read and visit them regularly.

• Liew CF
• Gobala
• lilian aka 5xmom
• salam pantai timur
• sabahan
• wang cyber

If you know any good blog, please post a comment ..

Web hosting preview for email solution
Email services in todays ICT world is one of must have for every company regardless of small, medium or enterprise the company is.

Linux and open source software is one of the best option in term of software costing, stability and reliability. Mail transfer agent (MTA) like Qmail, Sendmail, Posfix or Exim is among the popular one and I prefer to use  qmail to powered my email servers.

Why qmail?
Qmail is a sendmail replacement and is among the five most popular Unix mail servers on the Internet.

As the nature of open source, email server solution come with another handy software packages to complement with the qmail and it’s free of charge.

Qmail Ingredient
The installation and setup of a qmail based mail server requires list of softwares to work together and once again I remind you, all of the software listed below is free from software licensing fees.

Read more »

One of the system administrator daily task is to keep system up to date and my favorite tool is Yum.

What is yum?
Yum is a software package manager and it’s a tool for system administrator to install, update and remove RPM-based packages in linux box. Their ability to check the package dependencies make it easier for system adminisrator to apply patches and to maintain the system up to date.

Yum features include:
* Support for multiple repositories
* Simple configuration
* Dependency calculation
* Fast operation
* RPM-consistent behavior
* Package group support, including multiple-repository groups
* Simple interface

Usage: yum [options] < grouplist, localinstall, groupinfo,
localupdate, resolvedep, erase, deplist, groupremove, makecache,
upgrade, provides, shell, install, whatprovides,groupinstall,
update, repolist,groupupdate, info, search, check-update,
list, remove, clean, grouperase 

Read more »