Re: cyrus-sasl2 setup failing

2003-06-05 Thread admin 
On Thu, 05 Jun 2003 05:54:45 +0200, Dirk Meyer wrote
> > Sendmail 8.12.9-sasl2 (compiled from /usr/ports/mail/sendmail-sasl)
> > cyrus-sasl-2.1.13 (compiled from /usr/ports/security/cyrus-sasl2-saslauthd)
> > 
> > A client is still not able to authenticate via SASL - looks like is it not
> > happy but I am not sure how to fix it.  Anybody got a clue what I am doing
> > wrong here?
> 
> > --- from the logs when some attempts to authenticate 
> > Jun  4 20:09:46 typhoon sm-mta[78399]: AUTH: available mech=NTLM LOGIN PLAIN
> > OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
> 
> > Jun  4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: AUTH failure (LOGIN):
> > no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed
> 
> > define(`confAUTH_OPTIONS', `A p y')dnl
> > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
> > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
> 
> checkpass failed, is the saslauthd started?


thanks for the quick response.

no, what should my saslauthd flags be since the sendmail configuration I am
asking for LOGIN PLAIN in my sendmail .mc - is this correct?

if [ -z "${sasl_saslauthd_flags}" ]; then
sasl_saslauthd_flags="-a pam"
fi




> do you needd the "A" Option?
> 
> from: /usr/local/share/sendmail/cf/README
> confAUTH_OPTIONSAuthOptions [undefined] If this option 
> is 'A'then the AUTH= 
> parameter for theMAIL FROM 
> command is only issuedwhen 
> authentication succeeded. [...] See doc/op/op.me 
> for details.
> 
> from: /usr/local/share/doc/sendmail/op.txt
> [no short name] List  of  options  for  SMTP
> AUTH  consisting  of  single characters with
> intervening white space or commas.
> 
> A   Use the AUTH= parameter for the MAIL FROM
> command only when authentication succeeded.
> This can be used as a workaround for broken
> MTAs that do not implement RFC 2554 
> correctly.a   protection from active (non-
> dictionary) attacksduring authentication exchange.
> c   require mechanisms which pass client 
> credentials,and allow mechanisms which can 
> pass credentialsto do so.
> d   don't permit mechanisms susceptible to passive   
>  dictionary attack.f   require forward 
> secrecy between sessions
> (breaking one won't help break next).
> p   don't permit mechanisms susceptible to simple
> passive attack (e.g., PLAIN, LOGIN), unless a
> security layer is active.y   
> don't permit mechanisms that allow anonymous login.
> 
> The first option applies to  sendmail  as  a
> client, the others to a server.  Example:
> 
> O AuthOptions=p,y
> 
> more links:
> http://www.sendmail.org/~gshapiro/
> http://www.sendmail.org/~ca/email/auth.html
> http://www.asp.ogi.edu/people/paja/linux/sendmail/
> http://blue-labs.org/clue/sendmail.php
> http://www.digitalanswers.org/sendmail/
> 
>  
> kind regards Dirk
> 
> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
> - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Canterwood/Springdale platform support questions

2003-06-05 Thread John Reynolds 
Hey all, after some googling, grepping, etc. I'm still at a loss to determine
if the forthcoming 5.1-RELEASE (or 5.x-RELEASE for that matter) will have
support for the recently released Canterwood/Springdale platforms--notably the
S-ATA functionality of ICH5?

I looked at the CVS repo and saw some comments and deltas in the ATA code which
added PCI Ids and a few other cursory mentions of S-ATA but I'm not expert
enough to know from reading the code if ICH5's S-ATA is supported or not.

Have there been any northbridge issues encountered by people? Have people tried
to install 5.x or 4.8-STABLE on a Canterwood/Springdale (i875/i865--perhaps one
of the Abit IC7 or Asus P4C800 moboards)? If so, what was the success level?

I'm in the market for a new system and am looking to see when/if support for
this platform will hit the tree and if it's already there if there are any
gotchas. Thanks!

-Jr

-- 
John & Jennifer Reynolds  johnjen at reynoldsnet.orgwww.reynoldsnet.org
Sr. Physical Design Engineer - WCCG/CCE PDE jreynold at sedona.ch.intel.com
Running FreeBSD since 2.1.5-RELEASE.   FreeBSD: The Power to Serve!
"Unix is user friendly, it's just particular about the friends it chooses."
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cyrus-sasl2 setup failing

2003-06-05 Thread admin 
On Thu, 05 Jun 2003 05:54:45 +0200, Dirk Meyer wrote
> > Sendmail 8.12.9-sasl2 (compiled from /usr/ports/mail/sendmail-sasl)
> > cyrus-sasl-2.1.13 (compiled from /usr/ports/security/cyrus-sasl2-saslauthd)
> > 
> > A client is still not able to authenticate via SASL - looks like is it not
> > happy but I am not sure how to fix it.  Anybody got a clue what I am doing
> > wrong here?
> 
> > --- from the logs when some attempts to authenticate 
> > Jun  4 20:09:46 typhoon sm-mta[78399]: AUTH: available mech=NTLM LOGIN PLAIN
> > OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
> 
> > Jun  4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: AUTH failure (LOGIN):
> > no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed
> 
> > define(`confAUTH_OPTIONS', `A p y')dnl
> > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
> > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
> 
> checkpass failed, is the saslauthd started?
> do you needd the "A" Option?



wait I figured this out.  I changed the saslauthd flags to 

if [ -z "${sasl_saslauthd_flags}" ]; then
sasl_saslauthd_flags="-a getpwent"
fi

got the daemon running and things are fine now.

are there any security issues here.  looks liek I cannot send mail unless I
have SSL enabled on the client side.  SO I think I have things running properly.

- Noah


> 
> from: /usr/local/share/sendmail/cf/README
> confAUTH_OPTIONSAuthOptions [undefined] If this option 
> is 'A'then the AUTH= 
> parameter for theMAIL FROM 
> command is only issuedwhen 
> authentication succeeded. [...] See doc/op/op.me 
> for details.
> 
> from: /usr/local/share/doc/sendmail/op.txt
> [no short name] List  of  options  for  SMTP
> AUTH  consisting  of  single characters with
> intervening white space or commas.
> 
> A   Use the AUTH= parameter for the MAIL FROM
> command only when authentication succeeded.
> This can be used as a workaround for broken
> MTAs that do not implement RFC 2554 
> correctly.a   protection from active (non-
> dictionary) attacksduring authentication exchange.
> c   require mechanisms which pass client 
> credentials,and allow mechanisms which can 
> pass credentialsto do so.
> d   don't permit mechanisms susceptible to passive   
>  dictionary attack.f   require forward 
> secrecy between sessions
> (breaking one won't help break next).
> p   don't permit mechanisms susceptible to simple
> passive attack (e.g., PLAIN, LOGIN), unless a
> security layer is active.y   
> don't permit mechanisms that allow anonymous login.
> 
> The first option applies to  sendmail  as  a
> client, the others to a server.  Example:
> 
> O AuthOptions=p,y
> 
> more links:
> http://www.sendmail.org/~gshapiro/
> http://www.sendmail.org/~ca/email/auth.html
> http://www.asp.ogi.edu/people/paja/linux/sendmail/
> http://blue-labs.org/clue/sendmail.php
> http://www.digitalanswers.org/sendmail/
> 
>  
> kind regards Dirk
> 
> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
> - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvsup to 4.8 - kernel doesn't build

2003-06-05 Thread Scott Kupferschmidt 
Hello,

I think something changed in the kernel as it is no longer compiling after
I do a cvsup to 4.8-stable.  It seems it's a common problem looking on
line 47 of some .c files to include a file that does not exist.  I've
noticed this so far in the hifn and ubsec modules, trying to include
opt_hifn.h or opt_ubsec.h and causing the build to fail.

Can someone else verify this?  The solution I've been doing for now is
just removing that include line in the code and seems to be building fine
otherwise.

Sincerely,

Scott Kupferschmidt
ISPrime, Inc.
866.502.4678 ext. 3
AIM: Scott ISPrime - ICQ: 174337249

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Netwriting Masters 303

2003-06-05 Thread Ken Evoy 
~~
The Netwriting Masters... an intensive 5-Day e-mail 
course on how to write sales-clinching copy on the Net.
~~
If you have a friend who would benefit from taking this
course, please pass this on.  Or tell that person to receive
the 5-day course by sending a blank e-mail to...

[EMAIL PROTECTED]
~~
Refer to this course over and over again as you refine your
NETwriting skills and become an effective e-persuader. Print
each e-mail out, pour yourself a beverage of choice, bring
along a pen to jot down some ideas, and take it all to your
favorite sofa. This is serious -- your online words must
SELL. Go for best learning results -- get comfortable. :-)  
~~
Thu Jun 05 01:24:48 2003 
Netwriting Masters 303
~~

Welcome back!

Notice the firm footing?  You have a MWR, a good sense of
the key components of an effective sales site, and a
detailed thumbnail sketch of your ideal customer.

And it only took two days!  Perfect.

Now to build towards THE SALE! (or whatever your MWR is!)

--

"There is no such thing as an uninteresting subject;  the
only thing that can exist is an uninterested person." 
-- G. K. Chesterton (1874-1915)

Great sales copy grabs a reader's attention and holds it by
intensifying her interest in what is being presented.
It d-r-a-w-s the reader down the page and over to the next
and so on right to your order page.

As long as the information is realistic, relevant and
answers the question, "What's in it for me?", the reader
will continue to scroll.  For as long as it takes.

Slip even once, though, and the mouse finger clicks.

Your words alone increase the perceived value of your
product or service

... And persuade your reader to become a customer.

--

What you write has to reflect your knowledge and passion
about what you are selling (or PRE-selling if you are an
affiliate).

Insincerity, unsureness and a lack of enthusiasm will easily
be detected "between-the-lines."  Hype, as we both know, is
in a (sub)class of its own... fatal.

So become the expert on your product or service.  

"Isn't that obvious?"  Yes and no...

You know your product from *YOUR* perspective, for sure. 
But you must know it inside and out, from every possible
angle...

o Ask for opinions from other people.  Do they see it the
same way?  Have they discovered a new dimension?

o Compare it with your competition.  How does it measure up?

o Look at what's happening in the marketplace.  Where is its
position?  Is there movement?

Be a real sleuth.  Uncover as much detail as you can --
positive and negative.

And then...

You guessed it!  Get out that pencil and paper again (yes,
your keyboard and word processor will do!).

Write down all the features (i.e., what your product does or
is) of your product or service.  This will be a very long
and objective list if you spread your sleuthing net far
enough.

...

...

...

Finished?  No feature left unexamined?

Great job!

Now bring out that thumbnail sketch of your customer and put
it beside your just completed features list.

Imagine that your ideal customer is examining those
features.  Will she be persuaded by what she sees?  Will the
features immediately trigger a "must-have" reaction?

Sadly... no.  At least not for the majority of customers.

And why not?

Because most folks don't have the imagination to immediately
see "what's in it for them" just by seeing features.  People
buy with their emotions, not with their logic.

So you have to transform that list of features into a list
of benefits.  Only benefits tap emotions by answering
"what's in it for them."

This is important, so please allow me to repeat...

>  Only benefits answer THE critical question...
>  "What's in it for me?"

--

So make the change.  Do the transformation.

Take that thumbnail sketch and BECOME the customer.  Work
through the features and figure out how each one benefits
you, the customer.

Don't rush.  Really become your customer.  Get the mindset
right.

Here are some examples to get you started...

o Does a certain feature save time, especially if someone is
presently over-extended at work?

*That's a benefit.

o Does a key feature encourage a child to read, just for 
the fun of it?

*That's a benefit.

o Does another feature provide independence, a chance to make 
decisions for oneself?

*That's a benefit.

In short...

Features are elements of a product (or service) that *DO*,
or that *ARE*.  Benefits are the results that *DO FOR YOUR
CUSTOMER."  They connect at an emotional level by delivering
a gain or curing a pain.

Let your benefits list grow and grow.  You can never have
too many.  All benefits add to the perceived value of your
product or service in your customer's mind.

The higher t

Problem compiling the C/C++ reference for Kdevelop

2003-06-05 Thread Jon Noack 
> (find / | grep libqt resulted in libqt-mt.so, but no libqt.so)

I remember seeing something about this in the archives over at 
http://freebsd.kde.org.  We compile the multi-threaded version of the 
library; thus the -mt.  Not sure on the best way to fix it, but you try 
symlinking libqt.so to libqt-mt.so for the build and see what happens...

Hope that helps,
Jon
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

gcc (<3.2.3) implicit struct copy exploit

2003-06-05 Thread Konrad Heuer 

URL: http://archives.neohapsis.com/archives/bugtraq/2003-05/0331.html

Are there any opinions out there regarding the question how far this
concerns FreeBSD 4-STABLE?

Thanks for any reply.

Best regards
Konrad

Konrad Heuer ([EMAIL PROTECTED])  ___  ___
GWDG   / __/__ ___ / _ )/ __/ _ \
Am Fassberg   / _// __/ -_) -_) _  |\ \/ // /
37077 Goettingen /_/ /_/  \__/\__//___//
Germany


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

shutdown -p now and 5.0-RELEASE

2003-06-05 Thread Kjell Midtseter 
After I moved from 4.8 to 5.0 (installed from scratch, 
not upgraded) 'shutdown -p now' will not work.

After issuing 'shutdown -p now' I get the following messages:
Power system off using ACPI...
ACPI power-off failed - timeout
Hit any button to restart

My kernel config file contains:
# Power management support (see NOTES for more options)
device  apm
(In 4.8 I used to have: device apm0)

My rc.conf contains:
apm_enable="YES"

>From dmesg.boot:
FreeBSD 5.0-RELEASE-p7 #0: Thu May 29 20:30:44 CEST 2003
CPU: VIA C3 Samuel 2 (799.74-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x678  Stepping = 8
  Features=0x803035
..
acpi0:  on motherboard
ACPI-0625: *** Info: GPE Block0 defined as GPE0 to GPE15
Using $PIR table, 6 entries at 0xc00fdf10
acpi0: power button is handled as a fixed feature programming model.
Timecounter "ACPI-fast"  frequency 3579545 Hz
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
acpi_cpu0:  on acpi0
acpi_button0:  on acpi0
acpi_button1:  on acpi0
..
acpi_cpu: CPU throttling enabled, 2 steps from 100% to 50.0%


Help appreciated, Kjell

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Re: Submited (004756-3463)

2003-06-05 Thread security-alert 
-BEGIN PGP SIGNED MESSAGE-

 You should only receive this automatically generated response
 once per day.

 Thank you for your recent mail message to the Hewlett-Packard
 Software Security Response Team ([EMAIL PROTECTED]), which
 handles reports of security vulnerabilities in HP products.
 Messages sent here are monitored during working hours (US Pacific Time)
 by several members of the HP Software Security Response Team (SSRT).

 We will reply to your message to confirm that we are investigating
 the report and if necessary to request additional information.

 If your message concerns a non-security issue or any PC issue,
 security  related or not, we will forward your message to the
 appropriate HP entity.

  o  Security patches and bulletins are freely available from the
  HP IT Resource Center:
  http://itrc.hp.com

  o  HP Tru64, HP OpenVMS, and other pre-merger Compaq related
  Security Bulletins are posted to the HP website within
  24 hours of release to
  www.hp.com   Use the SEARCH IN feature box, enter SSRT
 (or specific SSRT number) in the search window.

 Please encrypt sensitive information with our PGP key.
 Please send e-mail to [EMAIL PROTECTED] with the
 subject 'get key' (without the quote marks) and the
 PGP key will be sent to you.

 Thank you,

 HP Software Security Response Team (SSRT)
 [EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: 2.7.1

iQCVAwUBPf+86kb+N2sIuD1FAQHCdgP/YwT89SY1T0F/LO3RPOrr618ATE0PD0fh
C92DnNBiwtrt7WnI36VixKZEM7LHdB6ps5iX5YlfAc3eUmVRuxCLyQsGTkwl2hqx
sMmC1sc0HwG5O5UD1ei13gCv3sxXFhMoMtKn2ozE2lK12M9oZ7mGw1T3aY7Y1XpV
P9BN1zVcH1s=
=zJBb
-END PGP SIGNATURE-
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

<    1   2