Re: patchlevels and FreeBSD source
Hi, [EMAIL PROTECTED] wrote on Tue, Nov 25, 2003 at 08:09:56PM -0500: [..] > 4.8-RELEASE-p15 for example) and then build world. The cvsup/buildworld > takes a long time. These steps are also difficult to automate. > > My question is: Is it possible that I update my cdrom image to the to > 4.8-RELEASE-p15 before install ? In other words, are the patches that > released as source diffs also available as downloadable cd images? [..] I see two possibilities: 1. CVSup and build the world on your install-server (or any other NFS server) pre installation, NFS export /usr/src and /usr/obj to all your clients. During post-install, mount these directories and call 'make installworld'. This should take much less time and effort. 2. If you really want a installable CD image, you need to build a release, cf. release(7). Beware, that make release is a complicated process, that consumes a lot of ressources and can take a long time. HTH, Daniel -- IRCnet: Mr-Spock - Der Schatten von Hasenfuss ist ziemlich dunkel - Daniel Lang * [EMAIL PROTECTED] * +49 89 289 18532 * http://www.leo.org/~dl/ smime.p7s Description: S/MIME cryptographic signature
Re: patchlevels and FreeBSD source
At 20:09 25/11/2003 -0500, [EMAIL PROTECTED] wrote: Presently I install my servers using a automated pxeboot method. The NFS image I choose is a copy of the freebsd 4.8-RELEASE cdrom. Post install I cvsup the plain 4.8-RELEASE server to RELENG_4_8 (taking the patchlevel to 4.8-RELEASE-p15 for example) and then build world. The cvsup/buildworld takes a long time. These steps are also difficult to automate. After installing the RELEASE, install FreeBSD Update (ports/security/freebsd-update), move its configuration file into the right place, and run `freebsd-update fetch && freebsd-update install`. Given a decent internet connection, this takes no more than a couple minutes, and is much easier than updating your install image every time security issues arise. Colin Percival ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: getpwnam with md5 encrypted passwds
Zitat von Q <[EMAIL PROTECTED]>: This was a stupid mistake ! Thanks > Change your crypt line to: > > if (!strcmp( crypt(pass,pwd->pw_passwd), pwd->pw_passwd) ) { > > Seeya...Q > > On Wed, 2003-11-26 at 11:30, [EMAIL PROTECTED] wrote: > > > Hi, > > > > i am trying to validate a given user password against my local passwd-file > with > > this piece of code : > > > > if (!( pwd = getpwnam ( user ))) { > > log(ERROR,"User %s not known",user); > > stat=NOUSER; > > } > > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { > > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user); > > stat = AUTHED; > > } > > > > The problem is, that my passwords are encrypted in md5-format, so the > strcmp > > fails always. Now i did not find any usable information on how to work this > out > > on FreeBSD, and how to be independent from the settings in the login-conf ? > > > (that i dont have to check whether its using crypt,md5 or blowfish) > > > > The code should be running on 4.x and 5.x > > > > Any ideas ? > > > > Kind regards > > > > Kai > > ___ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: patchlevels and FreeBSD source
On Wednesday 26 November 2003 17:40, Daniel Lang wrote: > 1. CVSup and build the world on your install-server (or any >other NFS server) pre installation, NFS export >/usr/src and /usr/obj to all your clients. >During post-install, mount these directories and call >'make installworld'. >This should take much less time and effort. This is probably the best solution for the problem (IMHO :) > 2. If you really want a installable CD image, you need to >build a release, cf. release(7). Beware, that make release >is a complicated process, that consumes a lot of ressources >and can take a long time. For "modern computers" this isn't really true any more. I have a 1Ghz K7 which does make release in 4 hours (after a buildworld) That doesn't include building ports which takes a fair amount longer, but that just depends what ports you actually want :) It takes up about 2.1Gb of space (including building about 300Mb worth of packages) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: getpwnam with md5 encrypted passwds
"[EMAIL PROTECTED]" wrote: > i am trying to validate a given user password against my local passwd-file with > this piece of code : > > if (!( pwd = getpwnam ( user ))) { > log(ERROR,"User %s not known",user); > stat=NOUSER; > } > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user); > stat = AUTHED; > } I know you have the fix for the crypt of the wrong field, but the proper thing to do is probably to use pan_authenticate() so that you are insensitive to the athentication method being used, rather than crypting and comparing it yourself. -- Terry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: patchlevels and FreeBSD source
On Tue, Nov 25, 2003 at 08:09:56PM -0500, [EMAIL PROTECTED] wrote: > My question is: Is it possible that I update my cdrom image to the to > 4.8-RELEASE-p15 before install ? In other words, are the patches that > released as source diffs also available as downloadable cd images? Currently, no, but I hope this to change in the near future. -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
AW: getpwnam with md5 encrypted passwds
> -Ursprüngliche Nachricht- > Von: Terry Lambert [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 26. November 2003 13:34 > An: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Betreff: Re: getpwnam with md5 encrypted passwds > > "[EMAIL PROTECTED]" wrote: > > i am trying to validate a given user password against my local passwd- > file with > > this piece of code : > > > > if (!( pwd = getpwnam ( user ))) { > > log(ERROR,"User %s not known",user); > > stat=NOUSER; > > } > > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { > > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user); > > stat = AUTHED; > > } > > I know you have the fix for the crypt of the wrong field, but the > proper thing to do is probably to use pan_authenticate() so that > you are insensitive to the athentication method being used, rather > than crypting and comparing it yourself. > Looks interesting ... is this method also usable, when i dropped my privs ? cheers ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: puc/sio driver - receives but doesn't send
From: "M. Warner Losh" <[EMAIL PROTECTED]> Date: Tue, 25 Nov 2003 23:24:29 -0700 (MST) > : Anybody have any ideas what might be wrong? > : > : And yes, the motherboard serial ports both work as expected using the > : same cables, etc. > > I know this is a long shot But maybe there's a cold solder joint > on the NetMOS dual UART board? Maybe broken driver IC. If you have a line checker gadget that can see line levels (TXD, RXD, etc.) with LED, you can check whether it really sending data on the cable. // Noriaki Mitsunaga // ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: getpwnam with md5 encrypted passwds
On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote: > > -Urspr?ngliche Nachricht- > > Von: Terry Lambert [mailto:[EMAIL PROTECTED] > > Gesendet: Mittwoch, 26. November 2003 13:34 > > An: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Betreff: Re: getpwnam with md5 encrypted passwds > > > > "[EMAIL PROTECTED]" wrote: > > > i am trying to validate a given user password against my local passwd- > > file with > > > this piece of code : > > > > > > if (!( pwd = getpwnam ( user ))) { > > > log(ERROR,"User %s not known",user); > > > stat=NOUSER; > > > } > > > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { > > > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user); > > > stat = AUTHED; > > > } > > > > I know you have the fix for the crypt of the wrong field, but the > > proper thing to do is probably to use pan_authenticate() so that > > you are insensitive to the athentication method being used, rather > > than crypting and comparing it yourself. > > > > Looks interesting ... is this method also usable, when i dropped my privs ? I think Terry meant pam_authenticate() (not pan), but to answer your question: no, when you drop your privileges, you do not have access to at least the system's password database (/etc/spwd.db, generated from /etc/passwd and /etc/master.passwd by pwd_mkdb(8)). If this will be any consolation, getpwnam() won't return a password field when you have dropped root privileges either. G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contains exactly threee erors. pgp0.pgp Description: PGP signature
Re: freebsd smp -> linux up
sadly, all ktrace shows is ktrace launching vmware (from 'ktrace vmware', shows sh reading and executing, and then ends with the vmware fork). is there a special way to ktrace linux binaries that i'm not aware of? -Anthony. On Tue, Nov 25, 2003 at 07:32:35PM +0100, Dag-Erling Smørgrav wrote: > Anthony Schneider <[EMAIL PROTECTED]> writes: > > is there a way to have linux emulation report that its kernel is running > > on a UP system even though the freebsd box it's running on is SMP? i > > would like to get vmware running on my smp -current box, but vmmon_smp.ko > > is "broken", and with vmmon_up.ko loaded i get a message about needing to > > be running on an smp linux kernel version 2.0 (2.2) or higher, even though > > linux emulation reports a 2.4 kernel. > > It would be interesting to know exactly what it needs that we don't > provide. I suspect it's something really trivial... do you see any > messages in syslog about unimplemented syscalls? Could you get a > ktrace or something? > > DES > -- > Dag-Erling Smørgrav - [EMAIL PROTECTED] pgp0.pgp Description: PGP signature
Re: freebsd smp -> linux up
Anthony Schneider <[EMAIL PROTECTED]> writes: > sadly, all ktrace shows is ktrace launching vmware (from 'ktrace vmware', > shows sh reading and executing, and then ends with the vmware fork). > > is there a special way to ktrace linux binaries that i'm not aware of? None is required; you just have to use either -d or -i for ktrace to trace children processes as well. I can never remember which one it is, so I use both :) DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: getpwnam with md5 encrypted passwds
[EMAIL PROTECTED] wrote: Hi, i am trying to validate a given user password against my local passwd-file with this piece of code : if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { The second argument to crypt here should be pwd->pw_passwd. Otherwise, this doesn't work even with DES-encrypted passwords. The first part of any encrypted password is the 'salt', which effectively indicates how that password is encrypted. You need to give the encrypted password to crypt so it knows which encryption to use for the plaintext. Tim Kientzle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: getpwnam with md5 encrypted passwds
On Wed, Nov 26, 2003 at 12:01:01PM -0800, [EMAIL PROTECTED] wrote: > Date: Wed, 26 Nov 2003 16:05:30 +0200 > From: Peter Pentchev <[EMAIL PROTECTED]> > Subject: Re: getpwnam with md5 encrypted passwds > To: Kai Mosebach <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="windows-1251" > > On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote: > > > -Urspr?ngliche Nachricht- > > > Von: Terry Lambert [mailto:[EMAIL PROTECTED] > > > Gesendet: Mittwoch, 26. November 2003 13:34 > > > An: [EMAIL PROTECTED] > > > Cc: [EMAIL PROTECTED] > > > Betreff: Re: getpwnam with md5 encrypted passwds > > > > > > "[EMAIL PROTECTED]" wrote: > > > > i am trying to validate a given user password against my local passwd- > > > file with > > > > this piece of code : ... > > > I know you have the fix for the crypt of the wrong field, but the > > > proper thing to do is probably to use pan_authenticate() so that > > > you are insensitive to the athentication method being used, rather > > > than crypting and comparing it yourself. > > > > Looks interesting ... is this method also usable, when i dropped my privs ? > > I think Terry meant pam_authenticate() (not pan), but to answer your > question: no, when you drop your privileges, you do not have access to > at least the system's password database (/etc/spwd.db, generated from > /etc/passwd and /etc/master.passwd by pwd_mkdb(8)). If this will be any > consolation, getpwnam() won't return a password field when you have > dropped root privileges either. If you will need to do authentication after your program drops privileges, your best course is probably to go through PAM, to install a separate daemon which implements a PAM-supported protocol and which runs with privileges, and then to enable that protocol as a PAM authentication method for your application. For example, you can install a RADIUS server bound to localhost which runs as root and authenticates against the master password file. Configure the necessary /etc files for pam_radius as described in its man pages, and then add "pam_radius" as an authentication method in /etc/pam.conf for your application. Now you do need to make your application go through the PITA required to be a PAM client, but it can at least authenticate without needing root privileges itself. I implemented this pretty recently, so I know the approach works, even if it may seem rather roundabout. (LDAP would be another PAM-supported option, but RADIUS seemed simpler to set up in a hurry.) -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] Tiki Technologies Lead Programmer/Software Architect Did you ever fly a kite in bed? Did you ever walk with ten cats on your head? Did you ever milk this kind of cow? Well we can do it. We know how. If you never did, you should. These things are fun, and fun is good. -- Dr. Seuss ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
healthd oddities
With my FreeBSD current system I decided to try healthd again, it didn't work with my previous motherboard. It seems to work with my new motherboard (Intel Serverworks of some sort, I can get a model number later if it matters), however all the numbers are just out of range. Pardon the HTML, but it's the easiest way to get them labeled: # healthdc -H 10.42.42.1 Content-type: text/html healthd 10.42.42.1 Chip Set Temperature255.0 CPU #0 Temperature 0.0 CPU #1 Temperature 0.0 CPU #0 Cooling Fan CPU #1 Cooling Fan Case Fan Cooling Fan CPU #0 Core Voltage4.08 CPU #1 Core Voltage4.08 3.3 Volt4.08 5 Volt6.85 12 Volt15.50 -12 Volt-14.16 -5 Volt-6.12 Note 3.3 volt is 4.08, 5 volt is 6.85, etc. The system is not over clocking or doing anything else wierd. They are enough out of range healthd warns on them by default to syslog. Anyone seen this before? Do I have a problem I didn't know I had? -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: healthd oddities
On Thursday 27 November 2003 10:00, Leo Bicknell wrote: > Note 3.3 volt is 4.08, 5 volt is 6.85, etc. The system is not over > clocking or doing anything else wierd. They are enough out of range > healthd warns on them by default to syslog. > > Anyone seen this before? Do I have a problem I didn't know I had? It's probably healthd not processing the data it gets properly, and also possibly the data being used with the wrong label. Unfortunately it seems really really difficult to discover how a motherboard is wired up in this regard automatically :( -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NFS Flags Oddity
FreeBSD (4.9-RC) doesn't appear to "export" schg flags over NFS. You've got to shell in locally to the machine to move the schg flags; ls -lao doesn't report them over NFS, but does list them locally. -- Kris Kirby, KE4AHR <[EMAIL PROTECTED]> TGIFreeBSD IM: 'KrisBSD' "BIG BROTHER IS WATCHING YOU!" This message brought to you by the US Department of Homeland Security ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NFS Flags Oddity
On Thursday 27 November 2003 16:43, Kris Kirby wrote: > FreeBSD (4.9-RC) doesn't appear to "export" schg flags over NFS. You've > got to shell in locally to the machine to move the schg flags; ls -lao > doesn't report them over NFS, but does list them locally. I didn't think flags were a concept NFS understood.. (And hence why you should NFS mount /usr/src & /usr/obj to install kernels, not mount the dest machine on the server and use DESTDIR=) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"