Table of Contents
Advertisement
Chapter 8. Maintenance
8.8. Automating Synchronization
Manually synchronizing the RHN Satellite Server repository with Red Hat Network can be an ar-
duous task. In addition, staff levels tend to be highest at peak usage times. For this reason, Red Hat
encourages you to automate synchronization in late evening or early morning to better balance load
and ensure quick synchronization. Further, Red Hat strongly recommends synchronization occur ran-
domly for best performance.
This automation can be set easily by the addition of a simple cron job. To do this, edit the crontab as
root:
crontab -e
This opens the crontab in a text editor, by default Vi. Another editor can be used by first changing the
variable, like so:
EDITOR
Once opened, use the first five fields (minute, hour, day, month, and weekday) to schedule the syn-
chronization. Remember, hours use military time. Edit the crontab to include random synchronization,
like so:
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null 2>/dev/null
This particular job will run randomly between 1:00 a.m. and 3:30 a.m. system time each night and
redirect
and
stdout
. Options other than
satellite-sync
port/Sync Options for the full list of options. Once you exit from the editor, the modified crontab is
installed immediately.
8.9. Implementing PAM Authentication
As security measures become increasingly complex, administrators must be given tools that simplify
their management. For this reason, RHN Satellite Server supports network-based authentication sys-
tems via Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system
administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating
the need for remembering multiple passwords.
RHN Satellite Server supports, LDAP, Kerberos, and other network-based authentication systems
via PAM. To enable the Satellite to use PAM and your organization's authentication infrastructure,
complete the following tasks.
Set up a PAM service file (usually
adding the following line to
pam_auth_service = rhn-satellite
This assumes the PAM service file is named
Enable a certain user to authenticate against PAM. Do this by clicking the Use PAM Authentication
button on the User Details page.
As an example, to authenticate
/etc/pam.d/rhn-satellite
#%PAM-1.0
auth
required
auth
sufficient
auth
required
account
required
export EDITOR=gedit
from
stderr
cron
--email
/etc/pam.d/rhn-satellite
/etc/rhn/rhn.conf
against Kerberos one could put the following in
:
/lib/security/pam_env.so
/lib/security/pam_krb5.so no_user_check
/lib/security/pam_deny.so
/lib/security/pam_krb5.so no_user_check
.
to prevent duplicating the more easily read message from
can also be included. Refer to Section 6.1.2 Im-
:
.
rhn-satellite
) and have the Satellite use it by
53
Advertisement
Table of Contents
