FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 11-11-2008, 09:15 AM
"Kenneth Holter"
 
Default Using Penrose (or similar software) to solve our LDAP needs

Hello list.


We've been trying to deploy Red Hat Directory Server (RHDS) in our
organization, but are not so sure it's integration with Active Directory
(AD) suits our needs. Let me briefly outline our situation:

AD is well deployed within our organization, but we're in need of a
directory server for our Red Hat Linux servers. The directory server should
first and foremost allow for user authentication when connecting through
SSH, but other applications will also be integrated with the directory
server. The AD admins is not very keen on us Linux admins modifying or
installing applications on their AD boxes, so a directory server deployment
should take this into account. Also, we *probably* don't need to sync
passwords. Lastly, our linux directory server will be synced to a dedicated
"linux OU" on the AD side.

We've played around with RHDS for a while, but the integration with AD
(using Windows Sync) doesn't seem to meet our requirements. For example,
since attributes such as posix-stuff must be entered manually (or scripted)
on a per user basis, some of the benefits of syncing with AD seems
diminished, and it seems easier just managing everything on the RHDS side
alone without syncing with AD.

But since we very much would like to sync with AD, we thought we'd maybe go
for another directory server, hoping that syncing with AD will be
more seamless. We got pointed to Penrose (
http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear if
anyone have any experience with this software to see if it might be the
right choice for us.

So does anyone have enough experience with Penrose to advice us on whether
it might be a good solution for us? And is Penrose supported by Red Hat?

I've done some reading on the Penrose home page, and found some other issues
maybe someone can clear up:

- Is there support for unidirectional sync with AD (that is, sync users
from AD to Penrose, but not the other way around)? Maybe using Penrose as a
proxy or pass through authentication for AD might solve this.
- If integrated with AD, and still assuming a one way sync from AD to
Penrose, can one create new users directly on Penrose?

Any input on this subject will be greatly appreciate. And please comment
on other software products that may suit our needs.


Regards,
Kenneth Holter
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-11-2008, 10:44 AM
"Aaron Bliss"
 
Default Using Penrose (or similar software) to solve our LDAP needs

Kenneth
We are actually going through what you're going through right now, only
inverted. We have been using Sun's directory server for years, well
deployed throughout our organization and are just getting ready to deploy
AD. Since AD uses some attributes that are proprietary to AD (for example
the password field for an AD user is the unicodePwd attribute of an object,
whereas on any other ldap v2 and v3 directory server I've used a users'
password is stored in the objects userPassword attribute. There are other
examples of AD storing attributes in non-standard places as well. Also, as
you know, AD is not posix aware, meaning you either won't be able to
synchronize those attributes to whatever directory server you use, or you'll
be using your own attributes on the AD side of the house to populate the
posix attributes. Because of this, we are not trying to replicate all
attributes that a object has in our directory server to AD, but rather just
enough to make AD useful, which for us is essentially user authentication to
windows workstations and windows servers. Were using a tool called adtool
to populate and synchronize our ldap environment to AD (which means that if
you're going to synchronize passwords, you'll need to enable SSL on your
domain controllers). Since we are managing the replication, we control
exactly what is and isn't replicated from ldap to AD. Hope that helps.

http://anothersysadmin.wordpress.com/2008/08/19/howto-managing-active-direct
ory-users-under-linux-with-adtool/
http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.
htm

Aaron

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com]
On Behalf Of Kenneth Holter
Sent: Tuesday, November 11, 2008 5:16 AM
To: redhat-list@redhat.com
Subject: Using Penrose (or similar software) to solve our LDAP needs

Hello list.


We've been trying to deploy Red Hat Directory Server (RHDS) in our
organization, but are not so sure it's integration with Active Directory
(AD) suits our needs. Let me briefly outline our situation:

AD is well deployed within our organization, but we're in need of a
directory server for our Red Hat Linux servers. The directory server should
first and foremost allow for user authentication when connecting through
SSH, but other applications will also be integrated with the directory
server. The AD admins is not very keen on us Linux admins modifying or
installing applications on their AD boxes, so a directory server deployment
should take this into account. Also, we *probably* don't need to sync
passwords. Lastly, our linux directory server will be synced to a dedicated
"linux OU" on the AD side.

We've played around with RHDS for a while, but the integration with AD
(using Windows Sync) doesn't seem to meet our requirements. For example,
since attributes such as posix-stuff must be entered manually (or scripted)
on a per user basis, some of the benefits of syncing with AD seems
diminished, and it seems easier just managing everything on the RHDS side
alone without syncing with AD.

But since we very much would like to sync with AD, we thought we'd maybe go
for another directory server, hoping that syncing with AD will be
more seamless. We got pointed to Penrose (
http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear if
anyone have any experience with this software to see if it might be the
right choice for us.

So does anyone have enough experience with Penrose to advice us on whether
it might be a good solution for us? And is Penrose supported by Red Hat?

I've done some reading on the Penrose home page, and found some other issues
maybe someone can clear up:

- Is there support for unidirectional sync with AD (that is, sync users
from AD to Penrose, but not the other way around)? Maybe using Penrose as
a
proxy or pass through authentication for AD might solve this.
- If integrated with AD, and still assuming a one way sync from AD to
Penrose, can one create new users directly on Penrose?

Any input on this subject will be greatly appreciate. And please comment
on other software products that may suit our needs.


Regards,
Kenneth Holter
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-11-2008, 10:49 AM
"Aaron Bliss"
 
Default Using Penrose (or similar software) to solve our LDAP needs

P.S. I should have qualified this by stating that the AD schema can be
extended to include the object classes necessary to support posix
attributes, although it doesn't seem to be very straight forward:

Aaron

-----Original Message-----
From: Aaron Bliss [mailto:abliss@brockport.edu]
Sent: Tuesday, November 11, 2008 6:44 AM
To: 'General Red Hat Linux discussion list'
Subject: RE: Using Penrose (or similar software) to solve our LDAP needs

Kenneth
We are actually going through what you're going through right now, only
inverted. We have been using Sun's directory server for years, well
deployed throughout our organization and are just getting ready to deploy
AD. Since AD uses some attributes that are proprietary to AD (for example
the password field for an AD user is the unicodePwd attribute of an object,
whereas on any other ldap v2 and v3 directory server I've used a users'
password is stored in the objects userPassword attribute. There are other
examples of AD storing attributes in non-standard places as well. Also, as
you know, AD is not posix aware, meaning you either won't be able to
synchronize those attributes to whatever directory server you use, or you'll
be using your own attributes on the AD side of the house to populate the
posix attributes. Because of this, we are not trying to replicate all
attributes that a object has in our directory server to AD, but rather just
enough to make AD useful, which for us is essentially user authentication to
windows workstations and windows servers. Were using a tool called adtool
to populate and synchronize our ldap environment to AD (which means that if
you're going to synchronize passwords, you'll need to enable SSL on your
domain controllers). Since we are managing the replication, we control
exactly what is and isn't replicated from ldap to AD. Hope that helps.

http://anothersysadmin.wordpress.com/2008/08/19/howto-managing-active-direct
ory-users-under-linux-with-adtool/
http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.
htm

Aaron

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com]
On Behalf Of Kenneth Holter
Sent: Tuesday, November 11, 2008 5:16 AM
To: redhat-list@redhat.com
Subject: Using Penrose (or similar software) to solve our LDAP needs

Hello list.


We've been trying to deploy Red Hat Directory Server (RHDS) in our
organization, but are not so sure it's integration with Active Directory
(AD) suits our needs. Let me briefly outline our situation:

AD is well deployed within our organization, but we're in need of a
directory server for our Red Hat Linux servers. The directory server should
first and foremost allow for user authentication when connecting through
SSH, but other applications will also be integrated with the directory
server. The AD admins is not very keen on us Linux admins modifying or
installing applications on their AD boxes, so a directory server deployment
should take this into account. Also, we *probably* don't need to sync
passwords. Lastly, our linux directory server will be synced to a dedicated
"linux OU" on the AD side.

We've played around with RHDS for a while, but the integration with AD
(using Windows Sync) doesn't seem to meet our requirements. For example,
since attributes such as posix-stuff must be entered manually (or scripted)
on a per user basis, some of the benefits of syncing with AD seems
diminished, and it seems easier just managing everything on the RHDS side
alone without syncing with AD.

But since we very much would like to sync with AD, we thought we'd maybe go
for another directory server, hoping that syncing with AD will be
more seamless. We got pointed to Penrose (
http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear if
anyone have any experience with this software to see if it might be the
right choice for us.

So does anyone have enough experience with Penrose to advice us on whether
it might be a good solution for us? And is Penrose supported by Red Hat?

I've done some reading on the Penrose home page, and found some other issues
maybe someone can clear up:

- Is there support for unidirectional sync with AD (that is, sync users
from AD to Penrose, but not the other way around)? Maybe using Penrose as
a
proxy or pass through authentication for AD might solve this.
- If integrated with AD, and still assuming a one way sync from AD to
Penrose, can one create new users directly on Penrose?

Any input on this subject will be greatly appreciate. And please comment
on other software products that may suit our needs.


Regards,
Kenneth Holter
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-12-2008, 08:24 AM
"Kenneth Holter"
 
Default Using Penrose (or similar software) to solve our LDAP needs

Thank you for your reply.

We thought about adding posix attributes (and other relevant attributes) on
the AD side so that everything could be controlled from AD. This would
greatly reduce our workload, as user administration on linux could be
carried out by existing windows user administration personell. But syncing
such attributes, however, doesn't seem to be supported by Windows Sync, so
as far as I can see we're still stuck with updating new users manually with
posix (and perhaps other) attributes.

So in our situation we're not in a place where we can filter out unwanted
attributes, but rather the attributes we need (assuming we have them created
there in the first place) can't be synced from AD to RHDS.



On 11/11/08, Aaron Bliss <abliss@brockport.edu> wrote:
>
> P.S. I should have qualified this by stating that the AD schema can be
> extended to include the object classes necessary to support posix
> attributes, although it doesn't seem to be very straight forward:
>
> Aaron
>
> -----Original Message-----
> From: Aaron Bliss [mailto:abliss@brockport.edu]
> Sent: Tuesday, November 11, 2008 6:44 AM
> To: 'General Red Hat Linux discussion list'
> Subject: RE: Using Penrose (or similar software) to solve our LDAP needs
>
> Kenneth
> We are actually going through what you're going through right now, only
> inverted. We have been using Sun's directory server for years, well
> deployed throughout our organization and are just getting ready to deploy
> AD. Since AD uses some attributes that are proprietary to AD (for example
> the password field for an AD user is the unicodePwd attribute of an object,
> whereas on any other ldap v2 and v3 directory server I've used a users'
> password is stored in the objects userPassword attribute. There are other
> examples of AD storing attributes in non-standard places as well. Also, as
> you know, AD is not posix aware, meaning you either won't be able to
> synchronize those attributes to whatever directory server you use, or
> you'll
> be using your own attributes on the AD side of the house to populate the
> posix attributes. Because of this, we are not trying to replicate all
> attributes that a object has in our directory server to AD, but rather just
> enough to make AD useful, which for us is essentially user authentication
> to
> windows workstations and windows servers. Were using a tool called adtool
> to populate and synchronize our ldap environment to AD (which means that if
> you're going to synchronize passwords, you'll need to enable SSL on your
> domain controllers). Since we are managing the replication, we control
> exactly what is and isn't replicated from ldap to AD. Hope that helps.
>
>
> http://anothersysadmin.wordpress.com/2008/08/19/howto-managing-active-direct
> ory-users-under-linux-with-adtool/
> http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory
> .
> htm
>
> Aaron
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:
> redhat-list-bounces@redhat.com]
> On Behalf Of Kenneth Holter
> Sent: Tuesday, November 11, 2008 5:16 AM
> To: redhat-list@redhat.com
> Subject: Using Penrose (or similar software) to solve our LDAP needs
>
> Hello list.
>
>
> We've been trying to deploy Red Hat Directory Server (RHDS) in our
> organization, but are not so sure it's integration with Active Directory
> (AD) suits our needs. Let me briefly outline our situation:
>
> AD is well deployed within our organization, but we're in need of a
> directory server for our Red Hat Linux servers. The directory server should
> first and foremost allow for user authentication when connecting through
> SSH, but other applications will also be integrated with the directory
> server. The AD admins is not very keen on us Linux admins modifying or
> installing applications on their AD boxes, so a directory server deployment
> should take this into account. Also, we *probably* don't need to sync
> passwords. Lastly, our linux directory server will be synced to a dedicated
> "linux OU" on the AD side.
>
> We've played around with RHDS for a while, but the integration with AD
> (using Windows Sync) doesn't seem to meet our requirements. For example,
> since attributes such as posix-stuff must be entered manually (or scripted)
> on a per user basis, some of the benefits of syncing with AD seems
> diminished, and it seems easier just managing everything on the RHDS side
> alone without syncing with AD.
>
> But since we very much would like to sync with AD, we thought we'd maybe go
> for another directory server, hoping that syncing with AD will be
> more seamless. We got pointed to Penrose (
> http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear if
> anyone have any experience with this software to see if it might be the
> right choice for us.
>
> So does anyone have enough experience with Penrose to advice us on whether
> it might be a good solution for us? And is Penrose supported by Red Hat?
>
> I've done some reading on the Penrose home page, and found some other
> issues
> maybe someone can clear up:
>
> - Is there support for unidirectional sync with AD (that is, sync users
> from AD to Penrose, but not the other way around)? Maybe using Penrose as
> a
> proxy or pass through authentication for AD might solve this.
> - If integrated with AD, and still assuming a one way sync from AD to
> Penrose, can one create new users directly on Penrose?
>
> Any input on this subject will be greatly appreciate. And please comment
> on other software products that may suit our needs.
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-19-2008, 08:44 PM
"Javier Palacios"
 
Default Using Penrose (or similar software) to solve our LDAP needs

On Wed, Nov 12, 2008 at 10:24 AM, Kenneth Holter <kenneho.ndu@gmail.com> wrote:
> Thank you for your reply.
>
> We thought about adding posix attributes (and other relevant attributes) on
> the AD side so that everything could be controlled from AD. This would
> greatly reduce our workload, as user administration on linux could be
> carried out by existing windows user administration personell. But syncing
> such attributes, however, doesn't seem to be supported by Windows Sync, so

It is possible, and not too difficult, to directly use the AD from linux without
replication or similar things. Have a look at
http://kad.wiki.sourceforge.net/ActiveDirectoryIntegration

Javier Palacios

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-20-2008, 06:28 AM
"Kenneth Holter"
 
Default Using Penrose (or similar software) to solve our LDAP needs

I'm sure this could be done, but due to policies within our organization we
need to set up our "own" LDAP server.


On 11/19/08, Javier Palacios <javiplx@gmail.com> wrote:
>
> On Wed, Nov 12, 2008 at 10:24 AM, Kenneth Holter <kenneho.ndu@gmail.com>
> wrote:
> > Thank you for your reply.
> >
> > We thought about adding posix attributes (and other relevant attributes)
> on
> > the AD side so that everything could be controlled from AD. This would
> > greatly reduce our workload, as user administration on linux could be
> > carried out by existing windows user administration personell. But
> syncing
> > such attributes, however, doesn't seem to be supported by Windows Sync,
> so
>
> It is possible, and not too difficult, to directly use the AD from linux
> without
> replication or similar things. Have a look at
> http://kad.wiki.sourceforge.net/ActiveDirectoryIntegration
>
> Javier Palacios
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-20-2008, 08:30 PM
"Ezra Taylor"
 
Default Using Penrose (or similar software) to solve our LDAP needs

Hello Kenneth:
Centrify is a product I've read about. All
of your users will exists on AD. A user can change his/her password
using the client that exists on the Linux host or do it on a Windows
box as you usually would.

On Tue, Nov 11, 2008 at 5:15 AM, Kenneth Holter <kenneho.ndu@gmail.com> wrote:
> Hello list.
>
>
> We've been trying to deploy Red Hat Directory Server (RHDS) in our
> organization, but are not so sure it's integration with Active Directory
> (AD) suits our needs. Let me briefly outline our situation:
>
> AD is well deployed within our organization, but we're in need of a
> directory server for our Red Hat Linux servers. The directory server should
> first and foremost allow for user authentication when connecting through
> SSH, but other applications will also be integrated with the directory
> server. The AD admins is not very keen on us Linux admins modifying or
> installing applications on their AD boxes, so a directory server deployment
> should take this into account. Also, we *probably* don't need to sync
> passwords. Lastly, our linux directory server will be synced to a dedicated
> "linux OU" on the AD side.
>
> We've played around with RHDS for a while, but the integration with AD
> (using Windows Sync) doesn't seem to meet our requirements. For example,
> since attributes such as posix-stuff must be entered manually (or scripted)
> on a per user basis, some of the benefits of syncing with AD seems
> diminished, and it seems easier just managing everything on the RHDS side
> alone without syncing with AD.
>
> But since we very much would like to sync with AD, we thought we'd maybe go
> for another directory server, hoping that syncing with AD will be
> more seamless. We got pointed to Penrose (
> http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear if
> anyone have any experience with this software to see if it might be the
> right choice for us.
>
> So does anyone have enough experience with Penrose to advice us on whether
> it might be a good solution for us? And is Penrose supported by Red Hat?
>
> I've done some reading on the Penrose home page, and found some other issues
> maybe someone can clear up:
>
> - Is there support for unidirectional sync with AD (that is, sync users
> from AD to Penrose, but not the other way around)? Maybe using Penrose as a
> proxy or pass through authentication for AD might solve this.
> - If integrated with AD, and still assuming a one way sync from AD to
> Penrose, can one create new users directly on Penrose?
>
> Any input on this subject will be greatly appreciate. And please comment
> on other software products that may suit our needs.
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
Ezra Taylor

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-21-2008, 06:03 AM
"Kenneth Holter"
 
Default Using Penrose (or similar software) to solve our LDAP needs

Thanks, I'll google it and see if it's something that might solve our needs.


We're still experimenting with Red Hat Directory Server hoping that we'll
find a good solution using this software, though.

On 11/20/08, Ezra Taylor <ezra.taylor@gmail.com> wrote:
>
> Hello Kenneth:
> Centrify is a product I've read about. All
> of your users will exists on AD. A user can change his/her password
> using the client that exists on the Linux host or do it on a Windows
> box as you usually would.
>
> On Tue, Nov 11, 2008 at 5:15 AM, Kenneth Holter <kenneho.ndu@gmail.com>
> wrote:
> > Hello list.
> >
> >
> > We've been trying to deploy Red Hat Directory Server (RHDS) in our
> > organization, but are not so sure it's integration with Active Directory
> > (AD) suits our needs. Let me briefly outline our situation:
> >
> > AD is well deployed within our organization, but we're in need of a
> > directory server for our Red Hat Linux servers. The directory server
> should
> > first and foremost allow for user authentication when connecting through
> > SSH, but other applications will also be integrated with the directory
> > server. The AD admins is not very keen on us Linux admins modifying or
> > installing applications on their AD boxes, so a directory server
> deployment
> > should take this into account. Also, we *probably* don't need to sync
> > passwords. Lastly, our linux directory server will be synced to a
> dedicated
> > "linux OU" on the AD side.
> >
> > We've played around with RHDS for a while, but the integration with AD
> > (using Windows Sync) doesn't seem to meet our requirements. For example,
> > since attributes such as posix-stuff must be entered manually (or
> scripted)
> > on a per user basis, some of the benefits of syncing with AD seems
> > diminished, and it seems easier just managing everything on the RHDS side
> > alone without syncing with AD.
> >
> > But since we very much would like to sync with AD, we thought we'd maybe
> go
> > for another directory server, hoping that syncing with AD will be
> > more seamless. We got pointed to Penrose (
> > http://docs.safehaus.org/display/PENROSE/Home), and I' thought I'd hear
> if
> > anyone have any experience with this software to see if it might be the
> > right choice for us.
> >
> > So does anyone have enough experience with Penrose to advice us on
> whether
> > it might be a good solution for us? And is Penrose supported by Red Hat?
> >
> > I've done some reading on the Penrose home page, and found some other
> issues
> > maybe someone can clear up:
> >
> > - Is there support for unidirectional sync with AD (that is, sync users
> > from AD to Penrose, but not the other way around)? Maybe using Penrose
> as a
> > proxy or pass through authentication for AD might solve this.
> > - If integrated with AD, and still assuming a one way sync from AD to
> > Penrose, can one create new users directly on Penrose?
> >
> > Any input on this subject will be greatly appreciate. And please comment
> > on other software products that may suit our needs.
> >
> >
> > Regards,
> > Kenneth Holter
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Ezra Taylor
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 08:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org