Friday, July 18, 2008

My Most Recent IT Reality

I work on a Toshiba Tecra laptop from home. In 2004, Sun Microsystems gave me this machine and onto it loaded their proprietary iWork (now referred to as OpenWork) Client. They also gave me a brand new, shrink-wrapped and all, installation disk (which I put away so I wouldn't lose). I've been happily punching in (using IPsec Punchin VPN) with this computer using the Java Desktop System version of Solaris 10 and a GNOME environment for four years now.

Two years ago, the Northern California Punchin servers were moved, upgraded, and updated and everyone who used the servers was asked to download and install the new Punchin software. Acchh, I didn't need to, I decided; I'll just punchin to Broomfield or South Carolina or even...Australia! (I've been there you know.) You see, in order to install new software on my laptop, I have to get a one-time root password. You call IT and they give it to you over the phone. But you have to call IT - and my previous experiences with IT had not always been the most, how shall I say, productive. So I decided that, as long as I could punchin somewhere, I was OK.

A few weeks back I started having screen redraw issues. The Broomfield server is notorious for going down and, although I did use other servers when necessary, I noticed ghosting, hanging, and just plain waiting when I opened a session and tried to do something. So I decided it was time to take the plunge and upgrade my Punchin packages.

So I dialed IT and found, after reaching an actual person, that the gentleman I spoke with was adamant in his refusal to give me a one-time password. After ten minutes of explanation on my part (and I know how to explain) he still said he couldn't do it. But, maybe his manager could. She got on the line and told me that my laptop and configuration was no longer supported.

Excuse me. I have a Sun-purchased laptop with a Sun-designed operating system and Sun software of all kinds and you are telling me that that you can't give me a one-time password because my configuration is no longer supported?

No, I can not. But you don't need root password to install those packages. You can use the iWork Update Tool.

Uh...the Update Tool is pointing to a version that is a year old. I want to install the latest version from 2008.

Well, I can't give you a one-time root password but I'm sending you a link that might be helpful.

I have this link already but I can't use it because I don't have root access - which I can get with a one-time root password.

They changed the procedure.

OK. I think we are through here then.

What do you want me to do with the ticket? (Gotta fix the ticket.)

Do what you want with it. It wasn't able to solve my problem so it doesn't matter to me. Thank you. Goodbye. (I'm from New York.)

She called me back in a few minutes to inform me that my ticket had been passed over to GRC deviation. I wanted to say What the hell is GRC deviation? but I just thanked her and hung up. I have yet to hear from GRC deviation.

Here's a mid-entry musical moment. It's Todd Rundgren and there's no movement in the video; just some musical accompaniment as you continue reading.



Not knowing how to begin to obtain root access, I rolled up my sleeves to find out. And who did I turn to in this dire hour but the super heroes over at the ipsec-punchin-interest alias, a mailing list for those who need information regarding the Punchin client. Man, I was shooting email off left and right all day long.















7:19 amSend first email to the ipsec'ies telling them that IT said I did not need to have root access to install these new Punchin packages. Was that correct?
7:25 amReceive a reply telling me to get a second opinion. An ipsec'ie wrote, "This is clearly wrong and shows a complete lack of understanding of Solaris packaging, let alone Punchin."
8:00 amSend my second opinion in an email to IT Services Feedback - from whom I still have not heard. (UPDATE 6/16: Received an email this morning telling me I could use the iWork Update Tool - oh? - if the iWork Client was supported - ooohhhh. ...if you wish to keep the the current iWork install, you will need to take over control of the root password and remove the One Time Password scheme [ITotpclient package - see 9:12 AM] that is currently in place... I could not find clear instructions on how to [due this]. There was an action item in the email for a cc'ed recipient to write something up on how to do this.)
9:12 amLearn from ipsec'ie that I need to remove the ITotpclient package using my original installation disk. Uh oh.
11:00 amFind the installation disk (brand, new, shrink-wrapped and all) and, deep in the bowels of a separate email thread also from the same alias, the reason my laptop would not boot from it (internal only link). It's a Toshiba thing that I was able to conquer by turning on the laptop and pushing the F12 button.
11:05 amGet root access via installation disk and attempt to change the root password by using passwd.
11:06 ampasswd fails.


Unexpected failure, Password database unchanged
Permission denied.

An ipsec'ie responds, "As opposed to an expected failure. You've got a strange system there."
12:27 pmDefine my final 2 options:

  • Modify the root password in the shadow file

  • Modify my user permissions in the user_attr file
2:05 pmReceive email regarding modification of the shadow file - it might be too risky. Decide the last option which would allow me to emulate root by prepending each command I execute with pfexec was the safest bet.
2:27 pmDon't ask me how, don't ask me why. For the umpteenth time, I boot from the installation disk to try to get the hard drive mounted using the installation disk root account. I leave the room to make a sandwich before I pass out and come back to a screen I had never seen before. I get to the same installation disk root account from a different way and, lo and behold, I am now able to mount the hard disk.
2:30 pmRemove one-time root password package, ITotpclient.
2:38 pmChanged the user_attr file by adding SOFTWARE INSTALLATION and PRIMARY ADMINISTRATOR to my profiles thus, giving me the power to emulate root and add or remove packages.
2:47 pmLog into the actual laptop. Check that user_attr still had my permissions defined. Lookin' good.
3:05 pmAttempts at removing the older Punchin packages fail until I realize the ones I had on my computer had different names from the names used in the procedure I was following. Successfully remove the two packages. (Duh.)
3:17 pmSearch to ultimately find that the pkgadd error I was getting was due to the lack of room in the default /var/spool directory. (Don't ask me.) Point the command to my own /Download directory and, good golly Miss Molly, the packages successfully add. Omigod, is Punchin installed?
3:29 pmFind myself punched in to a Santa Clara server and send a note to the ipsec'ies thanking them for their help.


Most of the questions I asked of the ipsec'ies had nothing to do with Punchin but the info kept coming. I spent the day sending out emails with Subjects like SUCCESS A LITTLE and Root in Shadow File? and the ipsec'ies were there to witness, cheer, and, most of all, help. So, in admiration and more thanks, here's a cheer from the 80s for those on the ipsec-punchin-interest alias: Toni Basil and Mickey. Whenever you hear the titular name, replace it with ipsec-ie.

I'll let you know if all this solved my initial redraw problems.



No comments:

Post a Comment