powerfail scsi messages in syslog

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=15842&admit=-682735245+1161469244473+28353475

ll /dev/dsk | grep 052200

0x1f052200
The First two hex digits (1f - 31 decimal) denote the major device number. If you do an lsdev, you will note that 31 is the scsi disk block device.

After that it decodes as follows the following hex digits:
05 - c5
2 - t2
2 - d2
00 - the last two minor device digits are driver specific
But yours is: SCSI Block Disk Device, c2t2d2

the last 6 digits are the minor number of the device.

OVO agent: opcagt error on start

hostname.root /$ /sbin/init.d/opcagt start
Error opcctla   (Control Agent)(21829) : Errors occurred during the read of the
ITO subagent registration file. (OpC30-1250)
Error parsing source file /var/opt/OV/conf/OpC/agtreg - syntax error in line 1. (OpC30-2604)
ERROR:   Problems with starting OpC Agent processes or none configured.

hostname.root /$ /var/opt/OV/conf/OpC/agtreg
hostname.root /$ /sbin/init.d/opcagt start
hostname.root /$
hostname.root /$

hostname.root /$ rm /var/opt/OV/conf/OpC/agtreg

hostname.root /$ /sbin/init.d/opcagt start
Error opcctla   (Control Agent)(22144) : Errors occurred during the read of the
ITO subagent registration file. (OpC30-1250)
Can't open configuration file '/var/opt/OV/conf/OpC/agtreg' for reading.
No such file or directory (OpC20-202)
ERROR:   Problems with starting OpC Agent processes or none configured.

hostname.root /$ rm /var/opt/OV/conf/OpC/agtreg
hostname.root /$
hostname.root /$

hostname.root /$ /opt/OV/bin/OpC/opcagtreg -add /opt/OV/bin/OpC/install/itoagt.reg
hostname.root /$ /sbin/init.d/opcagt start
OpC Agent processes successfully started.

lock / unlock account user id on HP-UX trusted system

/usr/lbin/getprpw useraccount
unlock / enable / reactivate:
/usr/lbin/modprpw -k useraccount

lock / expire password:
/usr/lbin/modprpw -e useraccount

Do not use a capital E, as it will expire the password on all user accounts.

nfs / rcp / CDE issue

This problem seems to keep happening since this box was upgraded to 11.11.  The rpc/nfs daemons seem to restart at 00:05.  Killed all fin_wait_2 connections and restarted nfs/rpc daemons.:

stuff=$(/usr/bin/printf "%.2x%.2x%.2x%.2x%.4x%.2x%.2x%.2x%.2x%.4x\n" \
$(/usr/bin/netstat -an -f inet | /usr/bin/grep FIN_WAIT_2 | \
/usr/bin/awk '{print $4,$5}' | /usr/bin/sed 's/\./ /g'))

for x in $stuff
do
/usr/bin/ndd -set /dev/tcp tcp_discon_by_addr $x
done


 /sbin/init.d/nfs.server stop ; /sbin/init.d/nfs.client stop ; /sbin/init.d/nfs.core stop
 /sbin/init.d/nfs.core start ; /sbin/init.d/nfs.client start  ; /sbin/init.d/nfs.server start


solution:  It was being caused by a cronjob stopping and starting rpc, but was not doing it correctly.

NFS exports to PC clients on EMC Celerra

Doing NFS exports to a PC client normally requires and authentication daemon running on the host system: pcnfsd on unix systems, just referred to as pcnfs on EMC Celerra   So it's more complicated than setting up NFS for Unix clients.

do a powerlink (powerlink.emc.com) search for: pcnfs celerra
look for a pdf document titled: Configuring NFS on Celerra
one of the appendixes: NFS Authentication for PC Clients

There's also a primus article regarding pcnfs: emc43806, below is the gist of the article:

# Set up a user account.
#     Open the /nas/server/server_x/netd file with a text editor, add pcnfs on a separate line, and save the file.
#     Where x is the number of the Data Mover.
#     Reboot the Data Mover.
#     Export a file system for the user(s) to access.
#     On the PC, launch the PC-NFS. Refer to the vendor's respective user manual for details on what is required
          at this point for setup and/or login.
#     Enter the username and password as required by the software package.

update DST for Linux and BSD (freebsd, openbsd, etc)

Here's a good article on how to update your timezone information files for the new Daylight savings time rules for 2007:  http://articles.techrepublic.com.com/5100-10877_11-6163042.html?part=rss&tag=feed&subj=tr

The proper file to download is tzdata2007 c.tar.gz   not the tzdata2007b.tar.gz noted in the article.

how to register nickname on IRC

IRC is useful, here's how to register a nickname (nick):
Command Line Warriors » Blog Archive » IRC Part two: Command line IRC with Irssi

remsh - There is no passwd entry for you

Doing an remsh or rlogin and receiving the following message:  "There is no passwd entry for you"   means that something in the local password file is screwed up.   In my case, a daemon was changing it's password entry and kept adding ....,  to the password field until it started to span multiple (10) lines in the password file.  Any system call that would search the passwd file would stop at the screwed up entry.  Removing and fixing the messed up entries solved the problem.

Some other symptoms of this include having a blank user name when doing the 'id' command:
$ id
uid=12345() gid=20(users)

vi session hung (old IBM version of vi)

$ vi

UNIX Visual Text Editor Front End Utility
Copyright (C) 1996,1997 IBM Global Services
A vi session is already in progress.

fix:
delete /var/adm/vi.lock

HP-UX hangs at boot

Boot problems:
panic: lv_fixrootlv: Stale extent array overflow

cause: volume group header and /etc/lvmtab out of sync when logical volumes are mirrored.
fix:

• boot into lvm maintenance mode: hpux -lm
• activate vg00: vgchange -a y vg00
• vgdisplay vg00 -- shows 3 current PV and 2 Active PV (or whatever the discrepancy is)
  
• unmirror logical volumes:
• for i in 1 2 3 4 5 6 7 8 9
• do
• lvreduce -A n -m 0 /dev/vg00/lvol$i
• done
• vgreduce -f vg00
• now vgdisplay vg00 shows the same number of current and active PV

logname error in rlogin session on particular tty

when you rlogin and your tty is pts/0 (/dev/pts/0) you might get the following message when trying to execute logname:

logname: could not get login name

It appears that rlogind doesn't update /etc/utmp This of course appears to be intermittent if you have several clients doing rlogins, the first one that uses /dev/pts/0 will have the problem, the other will probably be fine. This is more of a problem if you are using the logname command in something like /etc/profile

Only noticed this on 11.23 (both IA and PA platforms). Both had PHNE_32818 installed. A possible fix is PHNE_33792, but I couldn't test it. A workaround is to use the variable $LOGNAME instead of the command logname.

get the timestamp formatted the way you want

ls in HPUX and most other *nix versions just plain sucks giving the output you need.  see the following section of the HPUX ls(1) man page:
           -l   (ell) List in long format, giving mode, number of links,
                owner, group, size in bytes, and time of last modification
                for each file (see further DESCRIPTION and Access Control
                Lists below).  If the time of last modification is greater
                than six months ago, or any time in the future, the year is
                substituted for the hour and minute of the modification
                time.  If the file is a special file, the size field


get the month day year Hour minute second of timestamp of a file (modification):

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=105260&admit=-682735245+1171602387200+28353475

I believe this uses the stat function.

finding hard links / hard link count in file systems

link column (second column) in ls -l output (hard link count):
a directory will always have a minimum of 2 links.  One for the directory itself and one for the . (current directory) inside the directory.
any additional subdirectories directly under the directory count as an addition link for the directory because of the .. (parent) directory entries inside each subdirectory.


to find hard links:
ncheck -F vxfs /dev/vg00/lvol6 | sort -n | awk '$1==prev{print last;print $0}{prev=$1;last=$0}'

HBA part number on HPUX systems

how to tell HBA part number in HP-UX using fcmsutil
fcmsutil /dev/<device>  ( find from ioscan -fnC fc )

Device ID  part number
0x001028   A5158A - 1GB
0x001029   A6795A - 2GB
0x002312   A6826A - 2GB dual port PCI-X

uncommon serviceguard errors - coredump, IP netmask

cmcheckconf coredumps when "gathering network configuration"

this is because one of the standby lan interfaces on one of the nodes has been plumbed (ifconfig plumb) or is assigned an IP of 0.0.0.0 in netconf.  unplumb the interface (see ifconfig), or remove it from netconf before running cmcheckconf or cmapplyconf.



Error: IP netmasks don't match, interface lan0 on node0
Error: IP netmasks don't match, interface lan0 on node1

but if your netmasks do match properly and currently in netconf, then the cluster binary file needs to be deleted and recreated from the ascii file.

get serial number of server hardware in Linux

In Redhat Enterprise or maybe other linuxes to poll the serial number of the server or workstation hardware from the bios using dmi:
dmidecode

May have to install the package from repositories.

cheat sheets for HTML, OSs, etc.

http://searchsmb.techtarget.com/general/0,295582,sid44_gci1076646,00.html?track=NL+383&ad=577659&asrc=EM&NLT=&940508=

HP Itanium systems - EFI ref guide

EFI reference guide: http://docs.hp.com/en/5991-1247/ch04s13.html  and  http://docs.hp.com/en/A5201-90017/index.html

configure IP aliases on AIX

Navigate in smit:
Communications Applications and Services
 TCP/IP
  Further Configuration
   Network Interfaces
    Network Interface Selection
     Configure Aliases

OR
smit inetalias

chdev -l 'en1' -a alias4=x.x.x.x,y.y.y.y

where x.x.x.x is the address and y.y.y.y is the netmask

fsadm error shrinking file system

HP-UX 11.00  - fsadm:  cannot shrink /dev/vg00/rlvol6 - upgraded fs - inodes are currently in use.

resolution: upgrade to 11.11 to get the new JFS 3.3 and related tools.

EMC Clariion array - using powerpath vs pvlinks

I think I've found the answer to whether or not we should use Pvlinks when configuring our volume groups in HP-UX - the answer being no.  It's only recommended to use alternate links when booting from a storage array, which we don't do on any of our HPUX hosts.

From the powerpath admin guide:

EMC recommends using LVM alternate links (PVLinks) when you
boot from a storage system. If the primary path fails, an automatic
switch to the alternate path occurs. If PowerPath is not installed,
using alternate links increases availability in the event of hardware
problems.
PowerPath uses alternate links as part of its boot/root failover
strategy, but not for load balancing, path prioritization, or other
PowerPath-related reasons. Thus, EMC recommends that you use
LVM alternate links when booting from a storage system. Otherwise,
EMC recommends disabling PVLinks when using PowerPath.

powerpath check force: "Cannot remove device that is in use"

removing some ports on a clariion on a HP-UX host running service guard, I received the following:
$ powermt check force
Warning: CLARiiON device path c13t2d3 is currently dead.
Cannot remove device that is in use: c13t2d3

Powerpath is pretty darn smart; the last port 0 linked to a disk device was part of the same lvm volume group as one of my cluster lock disks.  It wasn't even listed in as the lock disk for my cluster (in the cluster ascii file), but it was in the same volume group that the lock disk was in.

I had to stop the cluster services on the node, then powerpath allowed me to remove the connection.  This node of the cluster is currently the failover node, so I was able to bring er down without any impact.

HP codewords

codewords used for optional additional pay software in  HP-UX are stored  here in the following format:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=647238&admit=-682735245+1165692579832+28353475

/var/adm/sw/.codewords

#CD_part_number Customer_Id IdType Codeword

manuall set speed and duplex during ignite

set speed and duplex for ignite, instead of relaying on auto-Negotiation:
http://docs.hp.com/en/B2355-91049/ch05s07.html

vgscan not working / ignite not recreating volume groups

I encountered a problem the other day with ignite not recreating the volume groups properly - it was caused by a component of service guard that was stuck on that machine.  For some reason (maybe because serviceguard was once installed on the box), the file /dev/slvmvg (serviceguard file for shared volume groups) also prevented vgscan from working.  Once I removed the file, vgscan created the volume groups without a problem.

gig card on hp-ux 11.00 doesn't keep speed/duplex setting

A 1000Base-T card in an 11.00 box was giving me grief.  the switch port was set to 100 full duplex, but the card kept staying at AUTO even though the speed/duplex was changed via sam and verified in the /etc/rc.config.d/hpgelanconf file; that, of course, cause collisions and a bunch of network errors because the card negotiated 100 half duplex.  There's a patch that fixes the issue:  28995   make sure the config file has the speed and duplex value in uppercase:

HP_GELAN_SPEED[0]=100FD

swinstall and rpc exception communications error

error when doing an swinstall:
       * Beginning Selection
ERROR:   RPC exception: "Communications failure (dce / rpc)" 11/24/06
         17:27:01 PST
ERROR:   A Remote Procedure Call to a daemon has failed.  Could not
         start a management session for "myhost:/".  Make sure the host
         is accessible from the network, and that its daemon, swagentd,
         is running.
       * Target connection failed for "myhost:/".
ERROR:   More information may be found in the daemon logfile on this
         target (default location is myhost:/var/adm/sw/swagentd.log).
       * Selection had errors.

fix by restarting swagentd:
/sbin/init.d/swagentd stop
/sbin/init.d/swagentd start

mkboot complains about logical volumes when none exist

$ mkboot /dev/dsk/c2t6d0
There appear to be non-boot logical volumes on this device.
Overwriting them could destroy all the data on this device
Should the logical volumes be overwritten [y/n]? y

solution:
because PV isn't marked as bootable.   pvcreate -B /dev/dsk/c2t6d0
or
PV belongs (or thinks it does) to a volume group already.  (tread lightly here!):
Fix by using the -f (force) option:  pvcreate -Bf /dev/dsk/c2t6d0 

upgrade vxfs online

update version 3 veritas JFS file system to version 4

vxupgrade -n 4 /mount_point

vxfsconvert -- offline version or to convert an HFS

my favorite vim settings

my vimrc is customized with these, my favorite settings and options for vim / gvim:

set ic
colorscheme torte
set nobackup
set showmatch

dmisp daemon on HP-UX hogging CPU

It's no longer used much anymore and there's a bug in it which will cause it to consume tons of cpu on the system.  Turn it off:

ps -ef | grep -i dmisp
/sbin/init.d/Dmisp stop
ch_rc -l -p START_DMI ; ch_rc -a -p START_DMI=0 ; ch_rc -l -p START_DMI

HP-UX support timeline

HPUX support end of life timeline:
http://www.hp.com/softwarereleases/releases-media2/history/slide2.html

HPUX support matrix

HP 9000 server models and OS support matrix:

http://h20338.www2.hp.com/hpux11i/cache/324537-0-0-0-121.html
http://h20338.www2.hp.com/hpux11i/downloads/public_hp-ux_systems_support.pdf

Google Toolbar shortcut - firefox 2

Customize Firefox (2), remove the History menu so that the google toolbar shortcut key will work. If the history menu is present, it overrides the keyboard shortcut for the google toolbar focus (alt - s). Use the instructions here: Geek to Live: Consolidate Firefox's chrome - Lifehacker

The History Menu used to be called the "go" menu, so use the #go-menu keyword

AVG free anti-virus

http://free.grisoft.com/doc/39791

requires update to Roxio Easy CD and DVD creator:  http://www.roxio.com/enu/support/mserr/cdr4_7.html

NFS / PCNFS / Hummingbird Maestro problems

NFS maestro PCNFS mounts on PC doesn't work for user. (invalid username or password)    UID of user is too big.  Either change the UID to less than 60002 or uidrange needs to be added to the pcnfsd.conf file.

     http://docs.hp.com/en/5991-1153/ch02s02.html
    If your PC NFS client software is assigning user IDs smaller than 101 or greater than 60002, set the uidrange in the /etc/pcnfsd.conf file to allow access to a different range of user IDs, as in the following example:
    
    cat /etc/pcnfsd.conf
    uidrange 101-9999999
    
    then:
    kill rpc.pcnfsd
    /usr/sbin/rpc.pcnfsd

difference between autoboot and autostart flags on HP 9000 hardware

difference between autoboot, and autostart flags in the PDC, BCH menu:

From: http://docs.hp.com/en/A7137-96003/A7137-96003.pdf (rp3410 rp3440 operations guide)

When the autostart flag is off, autoboots will be interrupted if a configuration change occurs
which causes reduced performance; thus requiring you to intervene prior to booting to the
internal system loader (ISL).
The auto boot will halt at the BCH prompt and you may continue booting by entering boot.

cron - run command last day of month

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=123030&admit=-682735245+1161911384666+28353475
Solves the problem of running a script on the last day of the month. Put 28-31 (for days) in your crontab and put this little section in for date determination.

#!/bin/sh

if test `TZ=MET-24 date +%d` = 01
then
exec command
else
exit 1
fi

pseudo swap on HPUX

explanation of pseudo swap in hp-ux:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=103008

gmail macros

Great keyboard navigation inside gmail using a greasemonkey script.: http://persistent.info/ do a search for gmail macros (or christmas)


Here's a google group that tracks the script and has some enhanced versions: http://groups-beta.google.com/group/gmail-power-users

logins man page

HP-UX 'logins' command displays user account info.  the -x option doesn't explain the last field reported:

PS 100506 7 175 -1

the last field is the number of days before the password expires to start warning the user.  see the warn option of passwd(1) man page and passwd(4).  The warn flag only works on trusted systems, so you'll see a -1 for non-trusted systems.

Remember that the system (at least on non-trusted boxes) will round to the nearest week, Thursday to be specific.  So the report of when the passwd was last changed is not the actual day it happened, unless it happened to fall on a Thursday.

Gnome / KDE keyboard shortcuts

Linux Desktop manager: Gnome and KDE keyboard shortcuts
http://www.novell.com/coolsolutions/tip/2289.html

non-printable chars in filename

ls -al on a directory produced a "blank" file name.  to see the non-printable  character, pipe the output to more:

ls -al | more

The file show up as a DEL char (^?); so to delete or view the file do a control-v and ? for the filename.

configure HP-UX kernel

http://docs.hp.com/en/B2355-90675/ch06s02.html
Synopsis:

cd /stand/build
/usr/lbin/sysadm/system_prep -v -s system

make changes to the /stand/build/system file to add or remove whatever
/usr/sbin/kmsystem -S /stand/build/system -c Y driver-name

creates the /stand/build/vmunix_test
/usr/sbin/mk_kernel -s /stand/build/system

mv /stand/system /stand/system.prev
mv /stand/build/system /stand/system


updates /stand/vmunix and create a bacup /stand/vmunix -> /stand/vmunix.prev before.
/usr/sbin/kmupdate -- tells shutdown script to do the above.

determine bitness of HPUX

HP-UX 64 or 32 bit? :  getconf HW_CPU_SUPP_BITS

Sometime you need to determine this whether to install the 32 or 64 bit version of ODE.

password aging on non-trusted systems

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=605201
At the end of the encrypted password you add char1, char2.
char1 is the maximum number of weeks the password is valid and
char2 is the minimum number of weeks that must pass before the password can be changed. The following is a good guide: Value # of weeks
. 0
/ 1
0-9 2-11
A-Z 12-37
a-z 38-63
so for example if you wanted a user to change their password somewhere between 11 and 2 weeks you would put ,A9. (man 4 passwd)

problem changing password on trusted system (HPUX)

Try changing password on a HP-UX trusted system and get the followin:
Password cannot be changed.  Reason: Cannot access protected password entry.

This means the auth files in /tcb are out of sync with the /etc/passwd file.  Someone may be making changes manually to the /etc/password file (like adding user acocunts), but that doesn't update or create the appropriate entries in /tcb/files/auth

check it by running the authck -p  (or pwck -s) command to verify the trusted computing base /tcb  This doesn't fix the problem, you'll have to delete (from /etc/passwd) and add again (via sam or useradd) or use the pwconv command.

HPUX trusted system

How to determine whether HP-UX system is trusted or not:
/usr/lbin/getprdef
or look for /tcb

No manual entry for man

error message when trying to get standard man pages: No manual entry for XXXX

I figured out why the normal man pages don't work on some systems.  The file /etc/MANPATH overrides the MANPATH variable when /etc/profile runs.  So to fix it just add the "normal" man page locations to /etc/MANPATH:

/usr/share/man:/usr/contrib/man:/usr/local/man:

resizing terminal and fixing

eval $(ttytype -s)
or
eval $(resize)    -- xterms

HP 9000 servers model numbers

Good reference to use between the 'model' command and the 'standard' name for the server model:
http://www.openpa.net/systems/

ITO / OVO Openview java client

HP ITO, OVO Openview Operations java client for windows, command line options:

C:\Program Files\Hewlett-Packard\HP VP Java Console>
"C:\Program Files\Hewlett-Packard\HP VP Java Console\ito_op.bat" -help
started with the server hostname as the first parameter.
You can also select from the following parameters:
 -user "username"    ... "username" for login
 -passwd "password"  ... "password" for login
 -server "hostname"  ... default server for login (same as first parameter)
 -display "hostname" ... sets display hostname for X applications
 -nowin              ... starts JavaGUI without a DOS window
 -plugin             ... starts JavaGUI as plugin
 -trace              ... enables tracing
 -nosec              ... disables secure JavaGUI
 -help               ... displays this page

My normal run string:
"C:\Program Files\Hewlett-Packard\HP VP Java Console\ito_op.bat"  -server my_server_name -nowin -user myuseraccount

Veritas NetBackup tips

http://networktechnologist.com/tips-netbackup.html

fsadm - fails with error extending file system

Encountered on HP-UX 11.00:

/$ fsadm -F vxfs -b 20448M /directory
vxfs fsadm: cannot open /directory/lost+found/.fsadm - errno 2

ls /directory   --- no lost+found there.

man mklost+found

cd /directory

/directory$ mklost+found
creating slots...
removing dummy files...
done
drwxr-x---   2 root       sys           4096 Aug 21 09:34 /directory/lost+found

now fsadm succeeds

sendmail/mail command drop_privileges error on HP-UX

problem with HPUX sendmail, conversation and solution follows:

$ echo hi | mailx -s "test" myemail@mydomain.com
$ drop_privileges: setuid(0) succeeded (when it should not)

$ ll /usr/sbin/sendmail
-r-sr-sr-t   1 nonroot    mail       1339392 Aug 26  2004
/usr/sbin/sendmail

should be owned by root:mail

$ /sbin/init.d/sendmail stop
No sendmail server running
$ /sbin/init.d/sendmail start
drop_privileges: setuid(0) succeeded (when it should not)
451 4.0.0 can not chdir(/var/spool/mqueue): Permission denied


$ chown root /usr/sbin/sendmail
$ ll /usr/sbin/sendmail
-r-sr-sr-t   1 root       mail       1339392 Aug 26  2004
/usr/sbin/sendmail
$ /sbin/init.d/sendmail start
/etc/mail/aliases: 7 aliases, longest 9 bytes, 88 bytes total
sendmail

how to erase disk in HP-UX

HPUX (or any *nix):
http://unix.derkeiler.com/Mailing-Lists/HP-UX-Admin/2006-06/msg00035.html


I like the concept of destorying all luns, creating a big one and doing a dd of /dev/zero over the raw disk special file.

convert dos unix format in VIM

Here's a vim tip to convert unix to dos or vice-versa.  VIM doesn't have an option in it's file / Save As dialog box.
http://www.vim.org/tips/tip.php?tip_id=145

:set fileformat=dos    or unix or mac
:w

Install IE in Linux using wine easily

http://www.warrenguy.com/docs/ubuntu-linux/installing-internet-explorer-6.html  Describes the process which uses the ies4linux script: http://www.tatanka.com.br/ies4linux/index-en.html

synergy with PCs

Interesting open source project: http://synergy2.sourceforge.net/  Synergy allows you to have multiple PCs all on each own monitor using just one keyboard and mouse.

sendmail error sending mail on HP-UX

Sending mail on hpux
/etc/mail/sendmail.cf: line 691: fileclass: can not open /etc/mail/sendmail.cw: World writable directory

The permissions on /etc are incorrect -  Changed it to the HP-UX standard 555 (r-xr-xr-x) by: chmod 555 /etc  Ran a test: echo test | mailx me@mycorp.local  Received email successfully, no error message.

X error running Openview

when running the Openview (ovw) Xclient on HPUX that's pointing to the X11 server in Cygwin (Cygwin/X), you may get the following errors:
ovw: Xt Warning: Missing charsets in String to FontSet conversion
ovw: Xt Warning: Unable to load any usable fontset


fix it by changing the startxwin.bat file to add the -fp (font server) parameter to the run line.  Point to the server that has Openview installed on it as the font server:
%RUN% XWin -multiwindow -clipboard -silent-dup-error -fp tcp/ovoserver.mycompany.com:7000

what to do about dns outages - plan ahead

What are you supposed to do when your broadband provider's DNS servers are foobarred? First, at the very least you need to know the IP of another DNS server you can point to; great one to try is OpenDNS For instance: standard cable modem - router running dhcp on the lan side. For some reason dns queries don't work, do an nslookup, queries time-out. In Windows: Since you're typically using dhcp client it's a PINA to change this via the ncpa gui, so do it through netsh.

eth0 = the name of my interface. Since most of you are lazy and don't name your connections (like a *nix admin would), your's is probably "Local Area Connection".

netsh int ip set dns eth0 static 208.67.222.222
and where the IP is a DNS server.

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: resolver2.opendns.com
Address: 208.67.220.220

Recover deleted files

Another undelete/recovery tool:  http://www.z-a-recovery.com/

remote shell error on HP-UX

remsh (remote shell) into a trusted system, got this error:
remshd: Login disallowed (audit error)

Do an /usr/sbin/authck -pv
Check for duplicates in /etc/password  if duplicates are found, then remove them via vipw.

flash format screen capture

Useful for tutorials or how-to videos in that flash is install on almost all PCs out there.  Here is a description from the website: "Wink is a Tutorial and Presentation creation software, primarily aimed at creating tutorials on how to use software (like a tutor for MS-Word/Excel etc). Using Wink you can capture screenshots, add explanations boxes, buttons, titles etc and generate a highly effective tutorial for your users."

http://www.debugmode.com/wink/

sed (text/replace) in Windows

use sed for Win32 to modify text/configuration files on the fly:
http://www.cornerstonemag.com/sed

Listing open ports and associated program in HPUX

netstat in linux has the -p option for listing the
program/application/PID that is using a port. You can't list open
ports like that in HP-UX, but you can use the lsof command to list
them:

# lsof -i tcp:200

ITRC forum link

Ubuntu keyboard shortcuts / keybindings and other things

http://ubuntu.wordpress.com/2006/01/30/defining-keyboard-shortcuts-for-commands/

http://gnome-hacks.jodrell.net/hacks.html?id=14

hyper mod4

xev

xmodmap

xosd

gksudo

http://lineak.sourceforge.net/

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-x-clients.html

speed up Windows XP for benchmarking

For benchmarking, and to force background processing of idle tasks:
rundll32.exe advapi32.dll,ProcessIdleTasks

http://www.microsoft.com/whdc/system/sysperf/benchmark.mspx#EFF

pipe standard error with standard output

With the posix shell (maybe other shells like korn), to pipe not only standard output, stdout, but also standard error, stderr, use the following:

first_command 2>&1 |  next_command_in pipe

See the following:  http://www.linuxdevcenter.com/pub/a/linux/lpt/13_01.html

HP-UX EMS alerts with EMC

See the following email thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=405726&admit=-682735245+1151047006669+28353475

In HPUX, if you get serious severity alerts coming from disk_em EMS monitor on EMC disks/luns, it's because the version of OnlineDiags does not work with EMC LUNs that identify themselves as using HP03 firmware.  Can be fixed by adding the hardware paths to the EMC array in: /var/stm/data/tools/monitor/disabled_instances  like this:
/storage/events/disks/default/1_0_8_0_0.1.22*
/storage/events/disks/default/0_0_8_0_0.1.16*
Then run 'monconfig' and select 'enable monitoring' to re-read the config file.

trouble viewing EMC LUNs on HP-UX

On HPUX, using EMC Clariion CX700 and powerpath, if you can't see the LUNs just created by a storage administrator, then do the following:

/etc/ioscan -f
/etc/insf -eC disk
/sbin/powermt config
/sbin/powermt set policy=co
/sbin/powermt save
/sbin/powermt display dev=all


here's a very thorough version:
/etc/ioscan -f
/etc/insf -eC disk
/sbin/init.d/agent stop
/sbin/init.d/agent start
/opt/Navisphere/bin/navicli register
/sbin/powermt config
/sbin/powermt set policy=co
/sbin/powermt check
/sbin/powermt save
/sbin/powermt display dev=all


in some cases you may have to delete the /etc/powermt.custom before doing the powermt config command.....

error starting stm in HPUX

HP-UX 11.00 error when starting stm:

-- Error --
The UUT status file
(/var/tmp/stm27188/servername.domain.com/data/uut_status) representing the new device map from the Unit Under Test (UUT) could not be successfully loaded into memory.  The most recent device map for the Unit Under Test (UUT) could not be built successfully.  This means operations apparently available, based on this old map, may not be, and might fail. Please refer to the Map Log and/or the System Activity Log on that system for more details.

-- Information --
Aborting all open command files.


Solution: restart diagnostic daemons:
/sbin/init.d/diagnostic stop
/sbin/init.d/diagnostic start

create vmware .vmx virtual machines

Create virtual machines for VMware Player online and free - easyvmx http://www.easyvmx.com/

comments in password file

In HP-UX, comments can be used in the password file, although I don't think anyone would recommend it. It may be in violation of SOX requirements as well; be careful. That having been said, I've found the following when using comments in the passwd file of HPUX (very well may apply to other *nix flavors):

3 requirements:
* 7 total fields - exactly 6 colons must be in every line
* uid must be numeric or valid
* gid must be numeric or valid

You should check your /etc/passwd file using the pwck command if you are in doubt of the integrity of the file.

Some symptoms to look out for if your password file is screwed up:
$ /bin/su - user123
su: Unknown id: user123

$ passwd
Invalid login name.

The password file is read from top to bottom, so if one account works, but others don't check the location of the comment/bad entries and where they relate in position to the account in question.

verify OV agent status

verify your OpenView (OV) agent is working properly:
opcagt -status

Get Phyisical RAM on HP-UX

in HPUX to get the phyisical / real memory, you can do one of the following:

grep Physical /var/adm/syslog/syslog.log

Replacing a Mirrored HP-UX Boot Disk

Replacing a Mirrored HPUX Boot Disk

Reduce any logical volumes that have mirror copies on the faulty disk so that they no longer mirror onto that disk. (note: lvdisplay -v /dev/vgXX/lvol* will show the lvols)

# lvreduce -m 0 /dev/vgXX/lvolX /dev/dsk/cXtXd0 (for 1 way mirroring)

Reduce the volume group.

# vgreduce /dev/vgXX /dev/dsk/cXtXd0

Stop I/O's going to drive

# pvchange -a n /dev/dsk/c0t2d0

---> Replace the drive.

# pvchange -a y /dev/dsk/c0t2d0

Initialize the disk for LVM.

# pvcreate -f –B /dev/rdsk/cXtXd0

Set boot switch for no quorum and add offline diagnostics (if available to drive)

# mkboot –a "boot vmunix –lq" /dev/dsk/c0t2d0

# mkboot –b /usr/sbin/diag/lif/updatediaglif2 –p ISL –p HPUX –p LABEL –p AUTO /dev/rdsk/cXXtXd0.

Extend the volume group.

# vgextend /dev/vgXX /dev/cXtXd0

Lvextend the mirrors back onto the replaced drive.

# lvextend -m 1 /dev/vgXX/lvolX /dev/dsk/cXtXd0 & (for 1 way mirroring) Do this for each lvol on the system. The & allows you to run the task in the background. You can check on the progress using the lvdisplay –v /dev/vg00/lvolXX.

After running the mkboot and lvextend commands, do an lvlnboot -Rv to relink the disk into the

Boot Data Reserved Area of all the physical volumes in the volume group.

# lvlnboot -Rv

allowing backspace and @ in login prompt on HPUX

The backspace, @ (at sign), and # (pound character) don't work at the login prompt on HPUX systems. In HP-UX the default kill and erase values are set to @ and # respectively, you can change them via /dev/ttyconf by creating a custom startup script. See the following ITRC threads and the section labeled "Control Character Default Assignments" on the man page for stty: http://docs.hp.com/en/B2355-60127/stty.1.html

See termio(7) for the default values of control characters: http://docs.hp.com/en/B2355-60127/termio.7.html

like this: stty erase ^H kill ^U intr ^C susp ^Z < /dev/ttyconf

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=430766
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=181001

using WS_FTP to automate file xfers

Some notes:

• Many options in WS_FTP are now user-specific, i.e. the changes made to the options are only reflected in that current user's profile.

• PGP support is now included in V9, but I'd rather do the encryption/decryption outside of ws_ftp and use the 'gpg' tool instead. By default, ws_ftp will try to decrypt and verify every file downloaded with a .pgp extension. This option must be turned off. Go into the options under the PGP section and uncheck the "Always decrypt & verify encrypted and signed".

• If WS_FTP needs to be reinstalled, make sure you go in and out of the application and verify the options that you changed are still intact.

• I had to connect to each site to make sure the connections were still good. In the process of doing so I needed to click "Trust this connection" on any of the SSH connections because a new fingerprint was generated.

• Each user profile has a registry setting pointing to the application data directory. After the upgrade this initially pointed to the user's specific profile, so we had to change it back to the following:

[HKEY_CURRENT_USER\Software\Ipswitch\WS_FTP]

"DataDir"="C:\\Documents and Settings\\All Users\\Application Data\\Ipswitch\\WS_FTP"

• Since we typically use the 'local_assigned' user account and he's not an admin on windowBox1, we needed to change some registry permissions in order to allow some options to be read and customized. We changed the security on the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch] -- added WindowsGroup1 group with 'Full Control'

• The speed of uploads on SSH servers dropped in half in v.9.01. Add "sftppipefraction=150" to the sftp/ssh site's section in ws_ftp.ini to gain full speed. Without this, every lifemasters transfer failed.

WS_FTP Pro notes v8: (some of this applies to v9 as well)

http://www.ipswitch.com/

Installation:

During the install it will ask about "shared" and "personal" sites. The only option we want selected is the "Allow users to create or modify shared sites". The reason for this is that it simplifies where the site data is held. Shared sites go into the "all users" profile directory. "Personal" sites go to the individual user profile, which means if switching from one user account to another, the ws_ftp.ini file would have to be copied over as well. The registry settings this affects are recorded below.

[HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\WS_FTP]

"DataDir"="C:\\Documents and Settings\\All Users\\Application Data\\Ipswitch\\WS_FTP"

"AllowPersonalSites"=dword:00000000

"AllowModifySharedSites"=dword:00000001

Directories and files:

shared sites (shared by all users) stored in:

C:\Documents and Settings\All Users\Application Data\Ipswitch\WS_FTP\Sites\ws_ftp.ini

Predefined Sites stored in: predef.ini

MySites are stored in: original.ini

Any folders created will generate an .ini file based on the folder name. The ini file will contain any sites created under that folder.

Log files stored (usually over-wrote each time WS_FTP is called from the command line):

C:\Documents and Settings\All Users\Application Data\Ipswitch\WS_FTP\Logs

You can copy sections of an .ini file from one computer to another but the password may have to be re-entered on the destination computer because of the way WS_FTP encrypts the password field.

Must use fully qualified path because the command line instance will bring us to the root directory. Otherwise it will default to /usr/bin on some systems.

File specifications for uploading/downloading can be wildcarded. ( * or . )

command line example

NOTE: Trailing slash must be used for destination directory....

cd "%programfiles%\ws_ftp pro" &

wsftppro -s ftp://anonymous:test@ftp.ipswitch.com/pub/msdos/vmenu.zip -d local:c:\

ascii

cd "%programfiles%\ws_ftp pro" & wsftppro -s amisys:~/bin/list.sh -d local:c:\ -ascii

binary

cd "%programfiles%\ws_ftp pro" & wsftppro -s amisys:~/bin/list.sh -d local:c:\ -binary

auto

cd "%programfiles%\ws_ftp pro\wsftppro" & wsftppro -s amisys:~/bin/list.sh -d local:c:\

-lower lowercases the filename (only works when uploading TO a remote host, not downloading from a host)

WARNING: Using the command line, be careful that when downloading, the remote file name must be in the EXACT case in order to download the correct file.

The WS_FTP scheduler is just another front-end to the Win2k task scheduler.

GNUpg, gpg, encryption notes

Public Key Cryptography:

http://www.wvu.edu/~lawfac/mmcdiarmid/digital%20signatures.htm - older reference, but pretty easy to understand

http://www.lugod.org/presentations/pgp/ - good introduction and beginners guide

http://www.linuxjournal.com/article.mydivision?sid=4828 GPG the Best Free Crypto You Aren't Using, Part I of II

http://www.linuxjournal.com/article.mydivision?sid=4892 GPG the Best Free Crypto You Aren't Using, Part II of II

http://computer.howstuffworks.com/question571.htm

http://computer.howstuffworks.com/encryption.htm

gpg usage: http://www.rhce2b.com/clublinux/RHCE-38.shtml

GPG notes:

http://www.gnupg.org/ - GNU Privacy Guard

If the --output option is not specified, gpg will usually write contents to stdout (the screen). You can also do file redirection to route the output to a file. The exception to this is the default decryption option:

gpg [filename]

The above syntax will decrypt the file to the original unencrypted filename. You can add other options to this command.

You encrypt with someone's public key, they decrypt with their secret key. Give your public key out to those that want to send you encrypted files/messages. Then only you (or anyone that has your secret key, which should be no one but you) can decrypt and view the file.

[name] = name, email or identifier of key. email addr is usually the best one to use because it's usually the most unique identifier.

files:

gpg.man -- man page for gpg (lists all switches)

gpg.conf -- found in c:\gnupg (see readme.w32), contains all config options

If you receive the following when decrypting a file, then there is probably a compatiblity problem with the other user's signature, usually nothing to worry about: "WARNING: message was not integrity protected". To prevent the message from appearing use the --no-mdc-warning in the gpg command line or put the following in the gpg.conf file: no-mdc-warning

On the Windows platform, be sure to include the following option in gpg.conf or on the command line:

--no-mangle-dos-filenames

The Windows version of GnuPG replaces the exten­

sion of an output filename to avoid problems

with filenames containing more than one dot.

This is not necessary for newer Windows versions

and so --no-mangle-dos-filenames can be used to

switch this feature off and have GnuPG append

the new extension. This option has no effect on

non-Windows platforms.

NOTE: Any options specified in the configuration file(gpg.conf) should NOT have the double dashes at the beginning of them.

gpg.conf example file:

no-mdc-warning

no-mangle-dos-filenames

load-extension lib\idea

Generating a new key pair:

gpg --gen-key

The default way we have been creating the keys is:

kind of key you want: (1) DSA and ElGamal (default)

keysize: 2048

expiration: 0 -does not expire

"Real name": mycompany

email: mydivision-{vendor}@mycompany.com where {vendor} is the vendor's name.

comment: mydivision - mycompany (usually)

Displaying/listing keys:

list all secret keys on the system:

gpg --list-secret-keys

list all public keys on the system:

gpg --list-keys

Importing keys:

to import an exported public or secret key into the appropriate keyring on this system:

gpg --import keyfile_to_import

Exporting:

use --armor option if sending key via email or if vendor requires ASCII armored data.

to export a public key; don't specify a name if you want to export all:

gpg --output filename.key --export [name]

to export a secret key; don't specify a name if you want to export all:

gpg --output filename.key --export-secret-keys [name]

Always export any keys before using them. This keeps a backup of all keys in case you screw up (you probably will too!). You can use the following as a template, replacing {vendor} with the vendor's name, and paste the text directly to the shell.

gpg --output mydivision-{vendor}@mycompany.com-public.asc --armor --export mydivision-{vendor}@mycompany.com

gpg --output mydivision-{vendor}@mycompany.com-public.key --export mydivision-{vendor}@mycompany.com

gpg --output mydivision-{vendor}@mycompany.com-secret.asc --armor --export-secret-keys mydivision-{vendor}@mycompany.com

gpg --output mydivision-{vendor}@mycompany.com-secret.key --export-secret-keys mydivision-{vendor}@mycompany.com

NOTE: In some cases the vendor can't use certain algorithms such as AES192, AES256, etc. In these cases you will need to edit the key after generating it and export the key in order to disable or restrict use of the particular "problematic" algorithms. Instructions below:

gpg --edit-key [name]

setpref S3 S2 S1 H2 H3 Z2 Z1 (This string was used for Express-Scripts because of their requirment)

(do a setpref xx xx; or whatever algorithms/options you want included. Include all options except the ones you want to disable.)

updpref

save

List the algorithms/options on the key:

gpg --edit-key keyid showpref quit (long verbose format)

gpg --edit-key keyid pref quit (short terse format)

List of options/preferences to use on keys:

s2 = 3des

s3 = cast5

s4 = blowfish

s7 = aes

s8 = aes192

s9 = aes256

s10 = twofish

s1 = idea (if you use it, otherwise leave out)

h3 = ripemd160

h2 = sha1

h1 = md5

z2 = zlib

z1 = zip

z0 = no compression

Encryption:

When encrypting a file, you can use multiple -r (recipient) options if needed. To decrypt the file, the secret key pair that corresponds to the public key used to encrypt the file will be needed.

The following example will create an encrypted file with a .gpg extension.

gpg -r info@claimsnet.com --encrypt-files encrypt-test.txt (preferred method)

gpg --ouput ouput_filename -r [name] --encrypt filename_to_encrypt

for interactive prompt asking which key to use to encrypt:

gpg --ouput ouput_filename --encrypt filename_to_encrypt

When using a key to encrypt for the very first time, you will see text similar to the following:

gpg: checking the trustdb

gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/7

gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0

Decryption:

to decrypt a file: (must have secret key that matches the public key that was used to encrypt the file

gpg filename_to_decrypt -- decrypt file and write to original filename (preferred method)

or

gpg --ouput output_filename --decrypt filename_to_decrypt

if you don't have the secret key for an encrypted file you'll get the error: "gpg: decryption failed: secret key not available"

signing a key:

gpg --local-user mydivision-claimsnet@mycompany.com --sign-key info@claimsnet.com

-- it will ask for level of trust. Choose the highest level of trust. (3)

after you receive someone's public key (whom you trust) you can sign it. If you don't you'll get the following message every time you try to encrypt something with their public key:

gpg --output encrypt-test.pgp -r info@claimsnet.com --encrypt encrypt-test.txt

gpg: C458F397: There is no indication that this key really belongs to the owner

1024g/C458F397 2001-02-28 "Claimsnet.com Inc. <info@claimsnet.com>"

Primary key fingerprint: 1254 FD28 5BF7 DF69 CD02 9072 4155 8840 575F 950E

Subkey fingerprint: 0164 29BF CEB1 96B6 91AC FF76 CE41 BAAA C458 F397

It is NOT certain that the key belongs to the person named

in the user ID. If you *really* know what you are doing,

you may answer the next question with yes

Use this key anyway? n

gpg: encrypt-test.txt: encryption failed: unusable public key

After you sign the recipient's key when encrypting a file you won't get the error message.

marking keys as trusted (need to do this when we import our keys into new keyring file):

gpg --edit-key mydivision-esi@mycompany.com

Command> trust

Your decision? 5

Do you really want to set this key to ultimate trust? y

Command> quit

Changing the passphrase of the secret key (in case of lost/stolen key):

gpg --editkey mydivision-esi@mycompany.com

Command> passwd

Enter passphrase: ****

Enter the new passphrase for this secret key.

Enter passphrase: *******

Repeat passphrase:*******

Command> save

Deleting/removing keys no longer needed:

Recommend exporting the keys first before deleting them.

delete secret key:

gpg --delete-secret-keys [name]

delete a public key:

gpg --delete-keys [name]

delete both secret and public key pair:

gpg --delete-secret-and-public-key [name]

--delete-secret-and-public-key name

Same as --delete-key, but if a secret key

exists, it will be removed first. In batch mode

the key must be specified by fingerprint.

AUTOMATION:

to automate/batch decrypt files use the following options. MAKE SURE that the gnupg directory is secured well and keep the "passphrase-file" in the same directory or another secure directory.:

--passphrase-fd n

Read the passphrase from file descriptor n. If

you use 0 for n, the passphrase will be read

from stdin. This can only be used if only

one passphrase is supplied. Don't use this

option if you can avoid it.

ex:

type passphrase-file | gpg --passphrase-fd 0 [filename_to_decrypt]

Signatures:

Signatures are basically good for verifying the authenticity of message/file/whatever.

clearsign (good for emailing), example:

hp.txt contents (in courier new font) before signing:

This is a test file...

gpg --local-user mydivision-abf@mycompany.com --clearsign hp.txt

after signing it will create a file named: hp.txt.asc:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

This is a test file...

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.4 (MingW32)

iD8DBQFAfUxLl6vRH9ZI4QMRAtgiAKCLxmq7CTTsgmpd1EiZgpxgubwBTwCeO3+A

cFMS25BXJHSobsWcLql+sR8=

=BFyt

-----END PGP SIGNATURE-----:

verify signature (must have public key in keyring to do this):

gpg --verify hp.txt

in the case of a detached signature, by putting the signature file first:

gpg --verify file.sig file

Log of session running of gen-key (bold ours):

C:\>gpg --gen-key

gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc.

This program comes with ABSOLUTELY NO WARRANTY.

This is free software, and you are welcome to redistribute it

under certain conditions. See the file COPYING for details.

Please select what kind of key you want:

(1) DSA and ElGamal (default)

(2) DSA (sign only)

(4) RSA (sign only)

Your selection? 1

DSA keypair will have 1024 bits.

About to generate a new ELG-E keypair.

minimum keysize is 768 bits

default keysize is 1024 bits

highest suggested keysize is 2048 bits

What keysize do you want? (1024) 2048

Requested keysize is 2048 bits

Please specify how long the key should be valid.

0 = key does not expire

<n> = key expires in n days

<n>w = key expires in n weeks

<n>m = key expires in n months

<n>y = key expires in n years

Key is valid for? (0) 0

Key does not expire at all

Is this correct (y/n)? y

You need a User-ID to identify your key; the software constructs the user id

from Real Name, Comment and Email Address in this form:

"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: mycompany

Email address: mydivision-mckession@mycompany.com

Comment: mydivision - mycompany

You selected this USER-ID:

"mycompany (mydivision - mycompany ) <mydivision-mckession@mycompany.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? e

Email address: mydivision-othercorp@mycompany.com

You selected this USER-ID:

"mycompany (mydivision - mycompany ) <mydivision-othercorp@mycompany.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

++++++++++.++++++++++.+++++++++++++++++++++++++++++++++++..++++++++++.+++++...++

+++.+++++.++++++++++.+++++.+++++..+++++....+++++++++++++++++++++++++.+++++......

.........>+++++......>+++++............<+++++.................>+++++.<+++++.....

................................................................................

................+++++

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

++++++++++++++++++++++++++++++...++++++++++++++++++++.+++++.+++++..+++++++++++++

++.+++++++++++++++.+++++++++++++++.+++++.+++++++++++++++.++++++++++.....+++++.++

+++>.+++++.+++++>+++++..........................................................

...................................+++++^^^

public and secret key created and signed.

key marked as ultimately trusted.

pub 1024D/51CF3CC5 2004-04-23 mycompany (mydivision - mycompany ) <mydivision-othercorp@p

revea.com>

Key fingerprint = 9982 34EB 114A 6A4D 8EC5 9FB8 98A8 F30F 51CF 3CC5

sub 2048g/DF7989E4 2004-04-23

getting a public key from a keyserver:

gpg --keyserver http://pgp.mit.edu --search-keys dd9jn@gnu.org