INSTALL ======= Upgrading? Whenever you upgrade I suggest you upgrade both the client and server. Most times, however, you can get away without upgrading the client (it's usually a fairly static piece of code). I'll document any dependencies here, but check the CHANGES file for any new features added to the client if you're considering *not* upgrading. Version 8.1.3 - The '^Ec;' sequence won't work correctly with 8.1.2 (where it was introduced). Version 8.1.2 - The 'devicesubst' and 'execsubst' formats have changed from 8.1.1. It's fairly simple to update your config file to the new format...just check the conserver.cf manpage. Sorry for having to change things, but it's for a good reason (I should have though ahead when designing the original format). Version 8.1.0 - The client/server protocol has changed to better protect 8-bit data and to allow programs invoked with '^Ec|' not have to worry about accidentally sending the escape sequence to the server. Though it will look like things are mostly backward-compatible, don't count on it and just upgrade. Version 8.0.2 - I've added a '^Ec;' sequence to allow the client to signal the server as to when it's ready to see console data. Without this, verbose consoles will prevent clients from attaching (the client sees unexpected data). An 8.0.2 client should be compatible with an 8.0.1 server, but an 8.0.1 client is not compatible with an 8.0.2 server. Version 8.0.1 - There's a slight client/server protocol change to implement the new 'initcmd' console option. If you use this functionality with an 8.0.0 client, you'll run into a compatibility problem while the 'initcmd' command is running. Version 8.0.0 - The client/server protocol has been rearchitected. You *MUST* use an 8.0.0 client with an 8.0.0 server. No combination of client/server will work with pre-8.0.0 code. - Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires you to change your conserver.cf and conserver.passwd files because both of the file formats have changed. The conserver.cf file changes are so major that there is a convert program available in the conserver subdirectory. Just run './conserver/convert ' and it will attempt a conversion to the new format, sending it to stdout. Any errors will be printed to stderr. There are a couple of things you might need to adjust. First are the user access lists. If you are restricting users to certain consoles in your old conserver.passwd file, you'll need to move those restrictions into the new conserver.cf file. Restrictions are set with the 'ro' and 'rw' tags in the configuration file. Second are the 'access' blocks. What get produced by the convert program will be functionally equivalent to the old behavior, but you may be able to tune things to better suit your environment. The conserver.passwd file's console restrictions have moved, as described above. So to convert the conserver.passwd file, all you really need to do is something like: awk -F: '{print $1 ":" $2}' If you have comments or continuation lines in your file, you'll have to do a bit more cleanup to strip out the third field (which is what the awk command is intending to do). - Conserver no longer trusts reverse DNS information by default. If you use the --with-trustrevdns configure flag, you can re-enable the use of gethostbyaddr() [I don't recommended it, however]. If you are using domain names in access lists, you'll either need to change those to use hostnames and/or ip addresses/ranges or use the --with-trustrevdns flag. For example, if you have (in the 8.0.0 format): allowed conserver.com; # allow *.conserver.com then you'll need to worry about this change. If you only use full hostnames, you shouldn't have to do anything. Version 7.2.4 - If SSL support is compiled into the code, older versions of the client and server are, by default, incompatible because encrypted connections are a requirement. Use of the -E flag in the client and/or server can work around this (but I discourage this - please upgrade the clients and servers instead). Version 7.2.0 - The code related to broadcast messages in the client (-b) has changed. If you want the username to come across properly in the broadcast message, you'll need to make sure you upgrade to the 7.2.0 client. Version 7.1.1 - Both conserver.passwd and conserver.cf file parsing behaves the same now. Both use leading whitespace as a continuation line indicator - if you have leading whitespace on a line (aside from comments) you probably should remove it. Version 7.1.0 - The client/server protocol has changed. You *MUST* use a 7.1.0 client with a 7.1.0 and above server. A 7.1.0 client is *not* backward compatible with a pre-7.1.0 server. - Some of the flags in the client (-d, -D, and -r) and server (-n) have been given new identities to make the client and server flags more uniform. - The conserver.passwd file now uses the first username match to determine access rights - if you have multiple instances of a username in an existing password file, they must be combined into one to continue to work. Quickie Instructions - Download conserver (http://www.conserver.com/) and unpack - Run './configure' - Run 'make' - Run 'make test' - If all is well, run 'make install' - Now set up config files, etc. (see below) Detailed Instructions - First thing to do is determine if you want different defaults. A './configure --help' will show you the basics. If you like all the defaults shown, you're set. If not, here are the conserver unique options: --with-port=PORT Specify port number [conserver] --with-base=PORT Base port for secondary channel [0] --with-master=MASTER Specify master server hostname [console] --with-ccffile=CFFILE Specify client config filename [SYSCONFDIR/console.cf] --with-cffile=CFFILE Specify config filename [SYSCONFDIR/conserver.cf] --with-pwdfile=PWDFILE Specify password filename [SYSCONFDIR/conserver.passwd] --with-logfile=LOGFILE Specify log filename [/var/log/conserver] --with-pidfile=PIDFILE Specify PID filepath [/var/run/conserver.pid] --with-maxmemb=MAXMEMB Specify maximum consoles per process [16] --with-timeout=TIMEOUT Specify connect() timeout in seconds [10] --with-trustrevdns Trust reverse DNS information --with-extmsgs Produce extended messages --with-rpath Use -R as well as -L for libraries --with-cycladests (deprecated - noop) Build for a Cyclades TS --with-uds[=DIR] Use Unix domain sockets for client/server communication [/tmp/conserver] --with-trust-uds-cred Trust UDS credentials obtained via socket --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support --with-openssl[=PATH] Compile in OpenSSL support --with-req-server-cert Require server SSL certificate by client --with-gssapi[=PATH] Compile in GSS-API support --with-striprealm retry username without @REALM with gss-api authentication --with-freeipmi[=PATH] Compile in FreeIPMI support --with-dmalloc[=PATH] Compile in dmalloc support --with-pam Enable PAM support --with-ipv6 (experimental) Use IPv6 for client/server communication Not surprisingly, some match the old conserver/cons.h items...here they are for reference: PORT or SERVICE - Socket used to communicate HOST - Hostname of console server CONFIG - Config file path PASSWD_FILE - Password file path MAXMEMB - Number of consoles per child process A couple of notes. First, --with-libwrap will add tcp_wrappers lookups to all socket connections in the server. --with-openssl will add encryption between the client and server when you connect to a console. --with-uds will cause the client and server to use unix domain sockets for their communication, eliminating the tcp communication they normally do (which means --with-master and --with-port are not used). --with-dmalloc should only be used to do memory allocation debugging and not used in production. - Run './configure'. This will detect system specific information. The --prefix option will redirect where things are installed. Other options are available as well...try './configure --help'. - Now run 'make'. Hopefully things will compile. - To test your binaries, run 'make test'. If there are problems, it should mean something is wrong, but check the output differences to make sure it wasn't a temporary failure. I tried to make the tests generic, but I may have missed something. - Once things build, you can run 'make install'. - If you'd like to build the autologin application, you'll need to run 'make autologin'. If you'd like it installed, use 'make autologin.install'. - Now that the binaries are in place, we need to set up the configuration files and such. + Does your conserver master hostname exist? This is the hostname specified with the --with-master option. By default the hostname is "console", so make sure it's in DNS, hosts files, or whatever. + If you used a symbolic name for the --with-port option (by default it uses "conserver", so the answer would be yes), you'll need to enter a definition in your services file (directly, via NIS, or whatever). Here's what we use: console 782/tcp conserver # console server If you used a number, you shouldn't have to worry about this step. + Next, make sure conserver runs during boot. The init script we use under Solaris is installed in /examples/conserver/conserver.rc. Use that or some form of it for your own /etc/init.d script or an entry in startup files (/etc/rc, /etc/rc.local, or whatever). + Now for the fun stuff. You need to create a conserver.cf and conserver.passwd file. Those are defined with the --with-cffile and --with-pwdfile settings. If you ever need to know what values were compiled into conserver, run 'conserver -V'. See the conserver.cf/INSTALL file for instructions on setup of these files. - That's it! Just start up the console server and enjoy! Other Information And Gotchas - Potential GCC bug Adam Morris reported a problem with the following line in console/console.c: if ((in_addr_t) (-1) == pPort->sin_addr.s_addr) { This tickles a GCC bug under HP-UX 11.11 using GCC 3.0.2 in 64-bit mode with optimization enabled (-O). The bug could possibly be provoked in other combinations as well. His fix is to change the line to: if ((in_addr_t) (-1) == inet_addr(pcToHost)) { It's also reported that newer versions of the compiler fix the issue, so if you happen to have problems with the client connecting to servers, you might be tickling this bug and you can upgrade the compiler, turn off the optimization, or apply this code change.