authpf and ksh at the same time?

[=?iso-8859-1?Q?Bj=F6rn_Ketelaars?=]

Hello,

I want to use authpf to authenticate users before allowing them out of the
gateway. If I understand correctly by using authpf as shell theyll lose
their regular shell-account (e.g. ksh). Is it possible to use ksh after
authentication by means of authpf? Or should I make 2 accounts for each
user; one with authpf as shell and another with ksh?

Kind regards,

Bvrn


-- 
Insanity in individuals is something rare - but in groups, parties,
nations and epochs, it is the rule.

Returned mail

[iBAHN-Atlanta-SMTP-Gateway]

--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED]Mailbox unknown or not accepting mail.
553 5.3.0 <[EMAIL PROTECTED]>... Addressee unknown, relay=[72.254.128.17]
Reporting-MTA: [EMAIL PROTECTED]
Final-Recipient: rfc822;[EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user ([EMAIL PROTECTED]).
--- The message cannot be delivered to the following address. ---

[EMAIL PROTECTED] 

Re: Simple bridge setup

[Johan Fredin]

On Mon, 16 May 2005, Greg Thomas wrote:
Default install of 3.6 with patches.  This is my first attempt at
setting up a bridge:
# cat /etc/bridgename.bridge0
add xl0
add xl1
up
# ifconfig -a
lo0: flags=8049 mtu 33224
   inet 127.0.0.1 netmask 0xff00
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
xl0: flags=8902 mtu 1500
   address: 00:50:04:7b:9a:2d
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
xl1: flags=8902 mtu 1500
   address: 00:b0:d0:dd:0b:75
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
bridge0: flags=41 mtu 1500
Am I missing something?  From reading the man pages I thought it was
as simple as creating the bridgename.bridge0 file, and rebooting or
brconfiging?  I'm getting ready to set up pf but obviously need some
connectivity through the bridge before I get to that point.
I suspect it's because the two network interfaces xl0 and xl1 aren't 'up'.
# ifconfig xl0 up
# ifconfig xl1 up
/Johan

Re: Simple bridge setup

[Janusz Gumkowski]

On Mon, May 16, 2005 at 05:36:56PM -0700, Greg Thomas wrote:
> Default install of 3.6 with patches.  This is my first attempt at
> setting up a bridge:
> 
> # cat /etc/bridgename.bridge0
> add xl0
> add xl1
> up
> # ifconfig -a
> lo0: flags=8049 mtu 33224
> inet 127.0.0.1 netmask 0xff00
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
> xl0: flags=8902 mtu 1500

That's it:  xl0 is down. xl1 also.
Do:  "echo up > /etc/hostname.xl0" and the same for xl1.


-- 
Janusz Gumkowski
http://www.am.torun.pl/~ja [EMAIL PROTECTED]

Re: Simple bridge setup

[Greg Thomas]

On 5/16/05, Greg Thomas <[EMAIL PROTECTED]> wrote:
> Default install of 3.6 with patches.  This is my first attempt at
> setting up a bridge:
> 
> # cat /etc/bridgename.bridge0
> add xl0
> add xl1
> up
> # ifconfig -a
> lo0: flags=8049 mtu 33224
>inet 127.0.0.1 netmask 0xff00
>inet6 ::1 prefixlen 128
>inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
> xl0: flags=8902 mtu 1500
>address: 00:50:04:7b:9a:2d
>media: Ethernet autoselect (100baseTX full-duplex)
>status: active
> xl1: flags=8902 mtu 1500
>address: 00:b0:d0:dd:0b:75
>media: Ethernet autoselect (100baseTX full-duplex)
>status: active
> pflog0: flags=0<> mtu 33224
> pfsync0: flags=0<> mtu 2020
> enc0: flags=0<> mtu 1536
> bridge0: flags=41 mtu 1500
> 
> Am I missing something?  From reading the man pages I thought it was
> as simple as creating the bridgename.bridge0 file, and rebooting or
> brconfiging?  I'm getting ready to set up pf but obviously need some
> connectivity through the bridge before I get to that point.
> 

As was pointed out to me privately I needed at the very least:

# cat /etc/hostname.xl0
up
# cat /etc/hostname.xl1
up

Greg

PGP5 complains of bad passphrase on -current

[Jim Razmus]

Would someone mind whacking me with a clue stick?  I am running a
-current machine as of April 22.  I rebuilt all ports using a ports tree
sync-ed at the same time.  Everything else works fine.  However, PGP5i
now complains that my pass phrase is wrong.  I experienced a similar
event when I made a round trip with my key rings between i386 and
sparc64.

Any hints?

Thanks,
Jim


OpenBSD 3.7-current (GENERIC) #5: Fri Apr 22 12:52:57 EDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) XP 3000+ ("AuthenticAMD" 686-class, 512KB L2 cache) 2.17 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0: AMD Powernow: FID
real mem  = 1073254400 (1048100K)
avail mem = 972816384 (950016K)
using 4278 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(7a) BIOS, date 04/17/03, BIOS32 rev. 0 @ 0xfb4a0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf74
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/208 (11 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xf800 0xd/0x800 0xd1000/0x3e00
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8235 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "Nvidia", unknown product 0x0326 rev 0xa1
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ahc1 at pci0 dev 11 function 0 "Adaptec AHA-2940AU" rev 0x01: irq 11
scsibus0 at ahc1: 8 targets
st0 at scsibus0 targ 0 lun 0:  SCSI2 1/sequential removable
st0: drive empty or not ready
sd0 at scsibus0 targ 5 lun 0:  SCSI2 0/direct removable
sd0: drive offline
cmpci0 at pci0 dev 14 function 0 "C-Media Electronics CMI8738/C3DX Audio" rev 
0x10: irq 11
audio0 at cmpci0
pciide0 at pci0 dev 15 function 0 "HighPoint HPT36x/37x IDE" rev 0x05: DMA
pciide0: using irq 12 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide0 channel 1 drive 0: 
wd1: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 12
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
pciide1 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd2 at pciide1 channel 0 drive 0: 
wd2: 16-sector PIO, LBA, 117800MB, 241254720 sectors
wd2(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide1 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  SCSI0 5/cdrom 
removable
atapiscsi1 at pciide1 channel 1 drive 1
scsibus2 at atapiscsi1: 2 targets
cd1 at scsibus2 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide1:1:0): using PIO mode 3, DMA mode 1
cd1(pciide1:1:1): using PIO mode 3, DMA mode 1
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x74: irq 10 address 
00:50:2c:05:79:bc
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x00606e, model 0x0008, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ff65 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
ahc1: target 5 synchronous at 10.0MHz, offset = 0xf
wd0: no disk label
dkcsum: wd0 matched BIOS disk 81
wd1: no 

Re: spamdb migration

[Bob Beck]

Yes, make sure the machine's idle first. the databases
are compatible

-Bob


* Rod.. Whitworth <[EMAIL PROTECTED]> [2005-05-16 19:22]:
> For a few weeks I have been running 3.7 release on a lab machine. Love
> it!
> 
> It is time for me to change my firewall from 3.6 to get the benefit of
> the updates that 3.7 has but I have one little question:
> 
> Can I copy /var/db/spamd to the new install so that I don't lose my
> grey/white data but can start using the spamtrap feature?
> 
> I suppose it would not be the end of the world if not but there are
> heaps of entries whitelisted that I'd rather not lose and, at any given
> moment, there may be a grey that is about to be promoted to white that
> would have to jump through the hoops again from the start.
> 
> Thanks,
> Rod/
> 
> From the land "down under": Australia.
> Do we look  from up over?
> 
> Do NOT CC me - I am subscribed to the list.
> Replies to the sender address will fail except from the list-server.
> 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

Re: spamdb migration

[Rod.. Whitworth]

On Mon, 16 May 2005 19:06:39 -0700 (PDT), Allie D. wrote:

>I have done it...you should be fine. I also dump my whitelisted IP's from
>my spamdb nightly and have had to whip together a quick shell script with
>spamdb -a in front of over 1K IP's and that's worked well as an additional
>method.
>-- 
>Allie D.
>Allnix,LLC.
>http://www.allnix.net
>PGP Public key:
>http://www.allnix.net/ads_public_key
>
>Rod.. Whitworth said:
>> For a few weeks I have been running 3.7 release on a lab machine. Love
>> it!
>>
>> It is time for me to change my firewall from 3.6 to get the benefit of
>> the updates that 3.7 has but I have one little question:
>>
>> Can I copy /var/db/spamd to the new install so that I don't lose my
>> grey/white data but can start using the spamtrap feature?



Thanks Allie. Your experience makes it worth trying.

I'll report after it's been done and running a few days. A success or
failure report may be helpful to others.

Rod/

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: spamdb migration

[Allie D.]

I have done it...you should be fine. I also dump my whitelisted IP's from
my spamdb nightly and have had to whip together a quick shell script with
spamdb -a in front of over 1K IP's and that's worked well as an additional
method.
-- 
Allie D.
Allnix,LLC.
http://www.allnix.net
PGP Public key:
http://www.allnix.net/ads_public_key

Rod.. Whitworth said:
> For a few weeks I have been running 3.7 release on a lab machine. Love
> it!
>
> It is time for me to change my firewall from 3.6 to get the benefit of
> the updates that 3.7 has but I have one little question:
>
> Can I copy /var/db/spamd to the new install so that I don't lose my
> grey/white data but can start using the spamtrap feature?
>
> I suppose it would not be the end of the world if not but there are
> heaps of entries whitelisted that I'd rather not lose and, at any given
> moment, there may be a grey that is about to be promoted to white that
> would have to jump through the hoops again from the start.
>
> Thanks,
> Rod/
>
> From the land "down under": Australia.
> Do we look  from up over?
>
> Do NOT CC me - I am subscribed to the list.
> Replies to the sender address will fail except from the list-server.

Re: DWL-520 WiFi Card with an Ultra5

[Kevin Elliott]

Johan SANCHEZ wrote:
> On Fri, 13 May 2005 19:57:25 -0800
> Kevin Elliott <[EMAIL PROTECTED]> wrote:
>
>
>> Hello,
>>
>> I've been working on setting up a Sun Ultra5 running OpenBSD 3.6 
Current  (Sparc64).  My plan is to use it as a router/wireless access 
point for my home network.  The card I'm using is a D-Link DWL-520 rev. 
B (Prism 2.5 chipset).  I checked the hardware compatibility list and it 
is listed.
>>
>> I get this with dmesg:
>>
>> # dmesg |grep wi0
>> wi0 at pci2 dev 3 function 0 "Intersil PRISM2.5" rev 0x01: ivec 
18wi0: init failed
>>
>> ifconfig doesn't work either:
>>
>> # ifconfig wi0 up
>> ifconfig: SIOCGIFFLAGS: Device not configured
>>
>> I asked someone over at freebsdforums.org and they said it sounded 
like the card hadn't been given "seen" by the hardware.  I know next to 
nothing about Sun hardware but a brief tour through the manuals didn't 
mention any special steps about setting up PCI cards.  My PCI ethernet 
card seems to be working fine as well.
>>
>> I also understand their might be some issue as to if the card is 
supported or not since it seems these days manufactures like to change 
chipsets without changing model numbers.  However it does seem to be a 
Prism 2.5-based card and it is listed as a compatible card... but then 
again... wireless...
>>
>> Anyway, I'm not to sure where to go from here but any help or ideas 
would be very welcome.  Thanks in advance.
>>
>>
>> I've also included my full dmesg output just in case someone might 
find it useful:
>>
>> -
>>
>> console is keyboard/display
>> Copyright (c) 1982, 1986, 1989, 1991, 1993
>> The Regents of the University of California.  All rights 
reserved.
>> Copyright (c) 1995-2004 OpenBSD. All rights reserved. 
http://www.OpenBSD.org
>>
>> OpenBSD 3.6-stable (GENERIC) #0: Sun May  1 12:07:28 AKDT 2005
>> [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
>> total memory = 536870912
>> avail memory = 480428032
>> using 3276 buffers containing 26836992 bytes of memory
>> bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0
>> mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 400MHz)
>> cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 400 MHz, version 0 FPU
>> cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K 
external (64 b/l)
>> psycho0 at mainbus0 addr 0xfffc4000
>> SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 2; PCI bus 0
>> DVMA map: c000 to e000
>> IOTDB: 29e8000 to 2a68000
>> pci0 at psycho0
>> ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
>> pci1 at ppb0 bus 1
>> ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01
>> auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 
72c000-72c003, 72f000-72f003
>> power at ebus0 addr 724000-724003 ipl 37 not configured
>> SUNW,pll at ebus0 addr 504000-504002 not configured
>> sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
>> sabtty0 at sab0 port 0
>> sabtty1 at sab0 port 1
>> comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 34
>> wskbd0 at comkbd0: console keyboard
>> com0 at ebus0 addr 3062f8-3062ff ipl 42, mouse: ns16550a, 16 byte fifo
>> lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 
34: polled
>> fdthree at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 
ipl 39 not configured
>> clock0 at ebus0 addr 0-1fff: mk48t59: hostid 80d15042
>> flashprom at ebus0 addr 0-f not configured
>> audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 
722000-722003 ipl 35 ipl 36: nvaddrs 0
>> audio0 at audioce0
>> hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: address 
08:00:20:d1:50:42
>> nsphy0 at hme0 phy 1: DP83840 10/100 media interface, rev. 1
>> hme0: using ivec 3021 for interrupt
>> vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c
>> wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0
>> pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: 
DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI
>> pciide0: using ivec 1820 for native-PCI interrupt
>> wd0 at pciide0 channel 0 drive 0: 
>> wd0: 16-sector PIO, LBA, 9779MB, 20028960 sectors
>> wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
>> atapiscsi0 at pciide0 channel 1 drive 0
>> scsibus0 at atapiscsi0: 2 targets
>> cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable
>> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
>> ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
>> pci2 at ppb1 bus 2
>> xl0 at pci2 dev 1 function 0 "3Com 3c905 100Base-TX" rev 0x00: ivec 
10, address 00:60:08:1c:53:7e
>> nsphy1 at xl0 phy 24: DP83840 10/100 media interface, rev. 1
>> wi0 at pci2 dev 3 function 0 "Intersil PRISM2.5" rev 0x01: ivec 
18wi0: init failed
>> : unable to read station address
>
>
>
> Hi
> i suggest you to enter the OBP console and type setenv 
local-mac-address to true Hope it helps
> ~~
>  http://www.chatou-informatic.com 
  Votre partenaire informatique  

OpenBSD-binary-upgrade

[Han Boetes]

Hi,

>From the README:

OpenBSD-binary-upgrade is a script I wrote that automates the
upgrade of my OpenBSD system.

Of course there are lots of other ways to do that. The other
methods I recommend are using bsd.rd or using a CD. Both are
binary upgrade methods.

My script has the advantage over other methods that it minimizes
the downtime.


You can download OpenBSD-binary-upgrade here:

  
http://www.xs4all.nl/~hanb/software/OpenBSD-binary-upgrade/OpenBSD-binary-upgrade-20050517.tar.gz


For people who are familiar with the older version, I replaced
mergemaster with my own creation: mergeslave, which also updates
/etc etc. but in a non-interactive way.



# Han

Re: IKE Mode Config / IKECFG with isakmpd

[Sean Knox]

Toni Mueller wrote:
Hi,
On Sun, 15.05.2005 at 21:42:53 -0700, Sean Knox <[EMAIL PROTECTED]> wrote:
Is anyone using IKE mode config successfully with isakmpd? I'm trying to 

yes, I have no problems with it (using it for all roaming users).
Thanks Tony.--that gave me some more confidence to try again with a 
different client. I had no problem with IKECFG with our Windows users 
(Safenet Softremote). Seems to work well. Does anyone know if OpenSWAN's 
IKECFG works? (linux IPSEC client) Recent versions say there is 
experimental support.


213528.813268 Default x509_DN_string: d2i_X509_NAME failed
213528.813291 Default cfg_initiator_send_ATTR: cannot parse ID
213528.813315 Default exchange_run: doi->initiator (0x3c145980) failed

You somehow specified the name wrongly.
Unfortunately, I have no clue what the VPN Tracker client is actually 
sending. VPN Tracker also has problems using NAT-T, so I'm pretty 
confident it's mangling packets or sending something jackass, at least.



I don't see anything obvious in a packet capture, but I'm not sure what 
I'm looking for in this case.

Post an IKECFG section, and possibly a snippet from isakmpd.policy.
For reference, here are my IKECFG sections that seem to work (With 
Softremote clients, anyway):

isakmpd.conf IKECFG sections:
Flags   = IKECFG
...
[ufqdn/[EMAIL PROTECTED]
Address = 10.10.50.1
Netmask = 255.255.255.0
my isakmpd.policy is simple:
Keynote-version: 2
Comment: allow
Authorizer: "POLICY"
licensees: "DN:/C=US/ST=CA/L=San Francisco/O=obstacle9.com/CN=ob9 CA"
Conditions: app_domain == "IPsec policy" && esp_present == "yes" && 
esp_enc_alg != "null" -> "true";

spamdb migration

[Rod.. Whitworth]

For a few weeks I have been running 3.7 release on a lab machine. Love
it!

It is time for me to change my firewall from 3.6 to get the benefit of
the updates that 3.7 has but I have one little question:

Can I copy /var/db/spamd to the new install so that I don't lose my
grey/white data but can start using the spamtrap feature?

I suppose it would not be the end of the world if not but there are
heaps of entries whitelisted that I'd rather not lose and, at any given
moment, there may be a grey that is about to be promoted to white that
would have to jump through the hoops again from the start.

Thanks,
Rod/

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Simple bridge setup

[Greg Thomas]

Default install of 3.6 with patches.  This is my first attempt at
setting up a bridge:

# cat /etc/bridgename.bridge0
add xl0
add xl1
up
# ifconfig -a
lo0: flags=8049 mtu 33224
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
xl0: flags=8902 mtu 1500
address: 00:50:04:7b:9a:2d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
xl1: flags=8902 mtu 1500
address: 00:b0:d0:dd:0b:75
media: Ethernet autoselect (100baseTX full-duplex)
status: active
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
bridge0: flags=41 mtu 1500

Am I missing something?  From reading the man pages I thought it was
as simple as creating the bridgename.bridge0 file, and rebooting or
brconfiging?  I'm getting ready to set up pf but obviously need some
connectivity through the bridge before I get to that point.

Thanks,
Greg

OpenBSD Torrents available

[andrew fresh]

OpenBSD Users:

We have set up an site from which you can get OpenBSD Torrents.

The site is http://openbsd.somedomain.net.

The torrents are generated automatically on a server that is rsynced to 
ftp3.usa.openbsd.org every 4 hours.  We are also seeding current torrents from 
that server.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: monitor resolution too high 

3.7 AMD64 Install

[Country Joe]

Hello,

 amd64 install stops with :
 CD-ROM: 9F
 Loading /3.7/AMD64/CDBOOT
 probing: pc0 mem [638K 510M a20=on]
 disk: hd0+ cd0
 >> OpenBSD/amd64 CDBOOT 1.00
 
 
 wd0(pciide0:0:0): timeout
type: ata
c_bcount: 512
c_skip: 0
 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21
 
 reboot and :
 boot -c  .
 disable pciide .. continuing ..  (no wd* in dmesg) .
 
 then, of course, Install ends up with : No disk found
  
 Anything else I can try before going i386 install only ?
 
 thx for any hint.

Re: well that does it

[sbr]

a bunch of the talks were recorded in audio and a few in video too, i 
believe that guy from bsdmall was trying to collect them so he could 
distribute them somehow.

it was rather amusing with "mr. kamp" trying to defend his almostfreeBSD 
with an attack on open.

sbr.
On Sun, 15 May 2005, Chris Kuethe wrote:
On 5/15/05, Joel Dinel <[EMAIL PROTECTED]> wrote:
Oh, please. I was there, and I believe everyone's answer was 'Stop
trolling you damn trolling troll, this is a *technical* conference'.
Man, what a flamebait that was. At least I had a bit of fun watching
Henning and Beck rip our beloved Mr. Kamp a new one. Reyk's talk was
very enlightening.
Anyone got MP3's of that? :)
--
GDB has a 'break' feature; why doesn't it have 'fix' too?

NAT-PT for IPv6 -> IPv4

[eric]

Does anyone have experience with something to do NAT-PT on OpenBSD? I'm
looking for a package or port, but can't find much. Basically, I'd like to
free up some IPv4 addresses and dump NAT, so in the interim, NAT-PT looks
like a hopefully solution. 

Thanks for any comments.

Re: ssh

[J.C. Roberts]

On Mon, 16 May 2005 23:25:29 +0300, Kaj Mdkinen <[EMAIL PROTECTED]>
wrote:

>Is there any way to configure ssh to allow root access from private 
>network address.
>and at the same time allow ssh-access from outside for other users (not 
>root) ?

What part of the words "Do *NOT* login as root" have you failed to
understand?

Log in as a regular user. If you *need* root permissions for some
operation, then use sudo. If you absolutely *must* become root, then
use su.

JCR

Re: error messages

[Ryan Corder]

On Mon, 2005-05-16 at 22:34 +0200, Stefan Kell wrote:
> Hi,
> 
> I would change the sshd-port from 22 to something different. This way the
> attack would run into nirvana.

ListenAddress your.ip.address:new_port

> And of course disallow root access in sshd_conf.

PermitRootLogin no

ryanc

Re: error messages

[Stefan Kell]

Hi,

I would change the sshd-port from 22 to something different. This way the
attack would run into nirvana.

And of course disallow root access in sshd_conf.

Regards

Stefan Kell

On Mon, 16 May 2005, Kaj Mdkinen wrote:

> I  connect to my firewall with putty. How can I get rid of messages like
> these from
> appearing in my ssh terminal session? These appeared twice a second so
> it is wery hard to
> work with the console.
> (It was obviously someone trying to  get access to something?)
>
> May 16 18:30:05 localhost sshd[21201]: Failed password for root from
> 64.42.53.150 port 48385 ssh2
> May 16 18:30:06 localhost sshd[21201]: Received disconnect from
> 64.42.53.150: 11: Bye Bye
> May 16 18:30:08 localhost sshd[12553]: Failed password for root from
> 64.42.53.150 port 48446 ssh2
> May 16 18:30:08 localhost sshd[12553]: Received disconnect from
> 64.42.53.150: 11: Bye Bye
> May 16 18:30:11 localhost sshd[23351]: Failed password for root from
> 64.42.53.150 port 48543 ssh2
> May 16 18:30:11 localhost sshd[23351]: Received disconnect from
> 64.42.53.150: 11: Bye Bye
> May 16 18:30:14 localhost sshd[13243]: Failed password for root from
> 64.42.53.150 port 48628 ssh2

Re: ssh

[Juan Vera]

Kaj Mdkinen wrote:
Is there any way to configure ssh to allow root access from private 
network address.
and at the same time allow ssh-access from outside for other users (not 
root) ?

check AllowUsers on sshd_config(5)

Re: ssh

[Stuart Henderson]

--On 16 May 2005 23:25 +0300, Kaj MC$kinen wrote:
Is there any way to configure ssh to allow root access from private
network address. and at the same time allow ssh-access from outside
for other users (not root) ?
Setup sshd with different config on two ports, and use pf to rdr 
appropriately.

ssh

[=?ISO-8859-1?Q?Kaj_M=E4kinen?=]

Is there any way to configure ssh to allow root access from private 
network address.
and at the same time allow ssh-access from outside for other users (not 
root) ?

Re: error messages

[Frank Bax]

At 11:45 AM 5/16/05, Kaj Mdkinen wrote:
I  connect to my firewall with putty. How can I get rid of messages like 
these from
appearing in my ssh terminal session? These appeared twice a second so it 
is wery hard to
work with the console.
(It was obviously someone trying to  get access to something?)
May 16 18:30:05 localhost sshd[21201]: Failed password for root from 
64.42.53.150 port 48385 ssh2

Don't login as root.

Re: IKE Mode Config / IKECFG with isakmpd

[Toni Mueller]

Hi,

On Sun, 15.05.2005 at 21:42:53 -0700, Sean Knox <[EMAIL PROTECTED]> wrote:
> Is anyone using IKE mode config successfully with isakmpd? I'm trying to 

yes, I have no problems with it (using it for all roaming users).

> set my VPN Tracker client (Mac IPSec software) to obtain an IP via 

I have only Windows clients.

> IKECFG but one end isn't handling things correctly. Running an isakmpd 
> build from today. I assume this isakmpd log snippet is relevant:

I run stock isakmpd, or the -stable variant.

> 213528.813268 Default x509_DN_string: d2i_X509_NAME failed
> 213528.813291 Default cfg_initiator_send_ATTR: cannot parse ID
> 213528.813315 Default exchange_run: doi->initiator (0x3c145980) failed

You somehow specified the name wrongly.

> I don't see anything obvious in a packet capture, but I'm not sure what 
> I'm looking for in this case.

Post an IKECFG section, and possibly a snippet from isakmpd.policy.


Best,
--Toni++

Re: error messages

[J.C. Roberts]

On Mon, 16 May 2005 18:45:29 +0300, Kaj Mdkinen <[EMAIL PROTECTED]>
wrote:

>I  connect to my firewall with putty. How can I get rid of messages like 
>these from
>appearing in my ssh terminal session? These appeared twice a second so 
>it is wery hard to
>work with the console.
>(It was obviously someone trying to  get access to something?)
> 
>May 16 18:30:05 localhost sshd[21201]: Failed password for root from 
>64.42.53.150 port 48385 ssh2
>May 16 18:30:06 localhost sshd[21201]: Received disconnect from 
>64.42.53.150: 11: Bye Bye
>May 16 18:30:08 localhost sshd[12553]: Failed password for root from 
>64.42.53.150 port 48446 ssh2
>May 16 18:30:08 localhost sshd[12553]: Received disconnect from 
>64.42.53.150: 11: Bye Bye
>May 16 18:30:11 localhost sshd[23351]: Failed password for root from 
>64.42.53.150 port 48543 ssh2
>May 16 18:30:11 localhost sshd[23351]: Received disconnect from 
>64.42.53.150: 11: Bye Bye
>May 16 18:30:14 localhost sshd[13243]: Failed password for root from 
>64.42.53.150 port 48628 ssh2

First of all, do not log in as root. Use sudo. And if you're smart,
disable root ssh access.

Second, the messages are the result of a brute force attack on your
system. They are most likely going after your root password since you
have ssh for it enabled. Add the offenders IP address to your pf block
list.

JCR

Re: error messages

[Dimitry Andric]

On 2005-05-16 at 17:45:29 Kaj Mdkinen wrote:

> I connect to my firewall with putty. How can I get rid of messages
> like these from appearing in my ssh terminal session? These appeared
> twice a second so it is wery hard to work with the console. (It was
> obviously someone trying to  get access to something?)

- Fix your syslog.conf
- Don't login as root, use sudo
- Add those script kiddies and worms to your blacklist(s)

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Just for those interested in different BSD like ( or so called ) Licences

[J.C. Roberts]

On Mon, 16 May 2005 12:11:09 +0530, Siju George <[EMAIL PROTECTED]>
wrote:

>http://news.com.com/India+eyes+own+open-source+license/2100-7344_3-5701861.html?tag=nefd.led
>
>
>Kind Regards
>
>Siju

Deepak B. Phatak  [EMAIL PROTECTED]   http://www.it.iitb.ac.in/~dbp/
"Hobbies: Giving unsolicited advice to unsuspecting individuals and
groups."

I hope I am neither the first nor the last person to give Deepak
Phatak a little "unsolicited advice" and let him know his actions are
only making the problem of open source licenses worse. In spite of all
those academic accomplishments, by creating yet another open source
license Deepak has missed the painfully obvious truth: The world needs
*FEWER* open source licenses.

At the moment, it is difficult enough to explain the differences of
the three most prevalent open source licenses (BSD, GPL and LGPL) to
ordinary people. The sad part is the FSF/GNU has intentionally made
the distinction difficult by using tactics out of Orwells 1984 in a
futile attempt to redefine the words "free" and "freedom" to further
their own agenda through deceit and obfuscation. I see nothing wrong
with them having the intention of forcing source code disclosure but
calling their legally forced requirements "free" or even "freedom" is
at best an immoral lie.

Once you get past the FSF/GNU's intentionally misleading lies, one
must then contend with all additional legal intricacies of Apache,
MOZILLA, Xfree, Sun Public License, and all the rest of the garbage
licenses out there in the open source world. The additional legal
intricacies caused by each additional license only serves to vastly
increases the costs and headaches involved with evaluating the open
source options. Creating "new" open source licenses only makes the
problem worse.

There are really only two types licenses in the world; the BSD license
that ensures your freedom to do whatever you want with the code and
proprietary licenses from the GNU, Microsoft and everyone else that
legally limit, remove and kill your freedom.

If someone wants to create yet another proprietary, limiting, nonsense
license for open source, they are of course free to do so but please
be smart enough to realize creating a new license only makes the
problem worse. Any person who chooses to make a problem worse is
either ignorant, stupid or malicious or some combination thereof. In
the case of Deepak, I hope he is simply not aware of the mistake he
has made and now extends the effort to correct the complication of the
problem he has caused.

Deepak here is the "unsolicited advice" you need to take to heart:

If you want to release free code, then put it under a BSD license and
make it truly free. If you want to sell proprietary code, then retain
your rights and sell the product of your efforts. Yes, you can do both
and many people do. On the other hand, if you want to make matters
worse in the open source world by further blurring the distinction
between the two and increasing the costs of those who must sort
through your added legal bullshit, then please stop. The world is much
better off without your misguided and detrimental contributions.

And yes, I'm just as guilty as you are of having the wild idea of
creating my own open source license. I am certain nearly every geek on
the planet has, at one time or another, had the misguided thought of
creating their own custom open source license that suits their
personal intents perfectly but in the end, when you realize the
detrimental effects, you'll finally realize it takes either stupidity
or malice to follow through with such a bad idea.

If you are not personally willing to pay the legal fees of every
company and organization that must higher lawyers in every
international jurisdiction to evaluate the ramifications of you new
license, then please be considerate enough to do the world a favor and
abandon the bad idea of creating yet another license.

JCR

Re: error messages

[Arnaud Bergeron]

On 5/16/05, Ryan Corder <[EMAIL PROTECTED]> wrote:
> On Mon, 2005-05-16 at 18:45 +0300, Kaj Mdkinen wrote:
> > I  connect to my firewall with putty. How can I get rid of messages like
> > these from
> > appearing in my ssh terminal session?
> 
> check your /etc/syslog.conf to see if errors, etc are being sent to
> specific users.  by default, *.errors, *.notice, auth.debug, and
> *.alert are sent to root and *.emerg syslog entries are sent to
> everyone.
> 
> ryanc
> 
> 
Or you could try working from another terminal, if you are not logged
in as root.

-- 
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

Re: [Off Topic] metawire.org

[Mr.Slippery]

Constantine A. Murenin ([EMAIL PROTECTED]) dixit:
> On 16/05/05, Chris Kuethe <[EMAIL PROTECTED]> wrote:
> > They're closed.
> > 
> > http://marc.theaimsgroup.com/?l=openbsd-misc&m=110118752832400&w=2
> > 
> > On 5/16/05, Paolo Supino <[EMAIL PROTECTED]> wrote:
> > > Hi
> > >
> > >Does anyone knoe what happened to metawire.org?
> > >
> > > TIA
> > >
> > > Paolo
> 
> I thought it was re-opened a while back, was it not? 

Metawire has found a new home at secdog.com and it is back up and 
kickin' for quite a while now.

Unfortunately lately has accumulated a bit of downtime (to be honest),
reasons for this downtime being unknown to me at the moment.
The guys (ithe admin team and the community) can be reached on
irc.metawire.org in #metawire.

I am a proud user of their services and (again, to be honest) it was
this project that opened my eyes and made me decide to have a little
home server powered by puffy. 
-- 
|--|
Florin (Slippery) Iamandi

Re: [Off Topic] metawire.org

[Constantine A. Murenin]

On 16/05/05, Chris Kuethe <[EMAIL PROTECTED]> wrote:
> They're closed.
> 
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=110118752832400&w=2
> 
> On 5/16/05, Paolo Supino <[EMAIL PROTECTED]> wrote:
> > Hi
> >
> >Does anyone knoe what happened to metawire.org?
> >
> > TIA
> >
> > Paolo

I thought it was re-opened a while back, was it not? 

Constantine.

Re: error messages

[Ryan Corder]

On Mon, 2005-05-16 at 18:45 +0300, Kaj Mdkinen wrote:
> I  connect to my firewall with putty. How can I get rid of messages like 
> these from
> appearing in my ssh terminal session? 

check your /etc/syslog.conf to see if errors, etc are being sent to
specific users.  by default, *.errors, *.notice, auth.debug, and
*.alert are sent to root and *.emerg syslog entries are sent to
everyone.

ryanc

Re: [Off Topic] metawire.org

[Chris Kuethe]

They're closed.

http://marc.theaimsgroup.com/?l=openbsd-misc&m=110118752832400&w=2

On 5/16/05, Paolo Supino <[EMAIL PROTECTED]> wrote:
> Hi
> 
>Does anyone knoe what happened to metawire.org?
> 
> TIA
> 
> Paolo
> 
> 


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

error messages

[=?ISO-8859-1?Q?Kaj_M=E4kinen?=]

I  connect to my firewall with putty. How can I get rid of messages like 
these from
appearing in my ssh terminal session? These appeared twice a second so 
it is wery hard to
work with the console.
(It was obviously someone trying to  get access to something?)

May 16 18:30:05 localhost sshd[21201]: Failed password for root from 
64.42.53.150 port 48385 ssh2
May 16 18:30:06 localhost sshd[21201]: Received disconnect from 
64.42.53.150: 11: Bye Bye
May 16 18:30:08 localhost sshd[12553]: Failed password for root from 
64.42.53.150 port 48446 ssh2
May 16 18:30:08 localhost sshd[12553]: Received disconnect from 
64.42.53.150: 11: Bye Bye
May 16 18:30:11 localhost sshd[23351]: Failed password for root from 
64.42.53.150 port 48543 ssh2
May 16 18:30:11 localhost sshd[23351]: Received disconnect from 
64.42.53.150: 11: Bye Bye
May 16 18:30:14 localhost sshd[13243]: Failed password for root from 
64.42.53.150 port 48628 ssh2

Re: OpenBSD tested on students learning Unix

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Steve Shockley
> Sent: Friday, May 13, 2005 5:39 PM
> To: misc@openbsd.org
> Subject: Re: OpenBSD tested on students learning Unix
> 
> Will H. Backman wrote:
> > Just thought I would let the OpenBSD folks know that students in my
> > class found OpenBSD easy to use compared to other Unix-like
operating
> > systems.
> 
> Do you think that OpenBSD did things in a way that seemed more obvious
> to your students, or was it just better/accurate documentation?

Solaris docs were hard to find, Linux docs are always out of date or
apply to the wrong distro.  Darwin just does a lot of stuff in different
ways, such as Netinfo.  OpenBSD docs are good, and given that the course
was a command-line intro to the traditional Unix environment, OpenBSD's
lack of reliance on GUI tools was a major benefit.

Re: 3.6 + ClamAV install?

[Adam Papai]

Adam Papai wrote:
Regards.
I have a problem with ClamAV install to 3.6. None of the ClamAV sources 
build.
At last, with a little hacking I did it. :) I install it from 3_7 ports 
but I had to edit PLIST. :)

Thanks.
--
Adam Papai
Digital Influence Inc.
E-mail: [EMAIL PROTECTED]
Phone: +36 30 33-55-735

late me-too!

[=?iso-8859-2?Q?Mitja_Mu=BEeni=E8?=]

Got my 3.7 CD's today in Slovenia, EU. Wim did a great job while packing the
cd's - the UPS guy brought me a A4 sized cardboard box, filled with confetti
from somebody's shredder. Buried within were two CD-sets, each individually
wrapped in the usual padded KD85 envelope. It can't get better than that, I
guess. :)

The only real question now remains: who are the wizards standing around the
cauldron on the back of the box?

Way to go, team!


Mitja

Re: beginner, intermediate, and advanced scripting

[J.C. Roberts]

On Sun, 15 May 2005 13:53:33 -0500, <[EMAIL PROTECTED]> wrote:

>>there are times when it's actually worth the effort to ...
>Oh yes. Now, do you determine whether the trip is worthwhile
>by examining hammers or by examining the nails?
>(Language zealots all seem to have the problem
>of looking only at the hammers;)
>

You're too right about zealots only looking at the hammers but I also
consider it a mistake to only look at the nails (the problems that
need to be solved). When I make the choice (or often, get to make the
choice) of which tools to use my main concern is what is being built
rather than the tools used or the problems must be solved to build it.
If I see any chance the "what" will evolve into something bigger, my
main concern is if the tools used to solve the problem(s) will result
in maintainable and extensible code. -It's just the way I try to be
prepared for the inevitable mid stream or post facto requirement
changes made by those without a clue.

>>A Britt, a Scotsman, an Aussie, a Texan, a New Yorker and a Californian
>>were sitting in a bar...
>>-None of them could understand what the others were saying.
>Better scope than "America and England are divided by a common language".
>Since programming is an entropy reducing exercise, the style is used
>to obtain leverage on certain aspects of the problem (claimed advantages)
>at the expense of ignored and unknown aspects (unclaimed disadvantages).
>

I'm not one of those gifted vision, algorithm and architecture guys,
so my approach is simplistic brute force. I'll use anything and
everything to hack out a fast, dirty, rough draft solution to the
problem. Some times it takes me a few tries, kind of like
experimentation but once I figure out how to solve the problem, I can
then go back to square one, pick the applicable tools and do it right.

>>And perl is a dialect of LISP, isn't it?
>Methinks this is too much like the "high-level" and "low-level" bit about
>languages.
>The level is in the use of the language, not the language itself.
>I would guess that perl evolves to "do" LISP as opposed to "be" LISP.
>
>LISP suffers because it has exactly the right number of parentheses,
>too many, and none of them optional.

LOL!

Yes, the parentheses problem in lisp closures is notorious but I think
it's more of a human problem than a technical one. For example, when
you read perl code you see countless $, @ and ; characters all over
the place identifying variables and line endings but by some magic
your mind learns to kind of skip over them. In lisp you've got all
these parentheses, and a good chunk of them are stacked up at the end
of blocks. For some strange reason, it's tough to learn to just ignore
them and see the meaning. It may be a matter of practice or some
failing on my part (since I've worked in LISP based languages for
years) but I think the root of the problem is that they are just not
"natural" enough. When I type "teh" you somehow know it was just a
simple mistake. When I type "Micro$oft" you still recognize and
understand the pattern. The extensive bracketing in LISP based
languages results in patterns that are just not similar enough to the
common errors that we normally learn to "read through" when mentally
parsing the character patterns. Worse yet, it's tough to differentiate
between ")))" and "" even though the difference is very
important.

>LISP has an advatage in that it is possible to say exactly what it intended,
>without a lot of extraneous baggage going along for the ride.
>For any particular context, it is relatively easy to do something better
>than LISP.
>If the context is unknown (or worse if what is "known" is wrong)
>then LISP has the advantage. Aproximately.
>Hammer strikes nail. Hammer shatters. Nail just sits there.
>Nail is driven in eventually. Nail is driven in quickly and efficiently.
>How good does the hammer have to be so that the nail doesn't win?
>What I like about PHP is that it is possible to use it effectively,
>without taking the time required to learn PHP. The functions are irregular
>because PHP prefers not to get in the middle of the mess.
>This has of course the disadvantage that it will NOT stretch very far.
>(Which applies to any language, even LISP;)
>
>Composition of functions is associative.
>Gaining leverage on that fact tends to be rather lispy.
>I suspect that perl will employ a different tact (than LISP).
>Functional code, even straight-forward top-down brute force,
>is not as ineffecient as one might imagine.
>Any leverage will dominate the so-called language efficiencies.
>

I agree language efficiencies are a myth. Though one could argue, and
many do, that particular programming languages are "more efficient"
for particular classes of problems, when you get down to the business
reality of paying salaries and getting things done, the bulk of
efficiency is always in the practitioner. For example, I've got a
friend who is fluent in some 20 different human languages. She is
undoub

Re: 3.6 + ClamAV install?

[Janusz Gumkowski]

On Mon, May 16, 2005 at 02:08:21PM +0200, Adam Papai wrote:
> Regards.
> 
> I have a problem with ClamAV install to 3.6. None of the ClamAV sources 
> build.
> 
> I get this error:
> 
[...]

> What sould I do? Or what VirusScanner sould I use with Amavisd-new?
> 

Try:  env LDFLAGS="-lpthread" make


-- 
Janusz Gumkowski
http://www.am.torun.pl/~ja [EMAIL PROTECTED]

Re: 3.6 + ClamAV install?

[C. Bensend]

> I have a problem with ClamAV install to 3.6. None of the ClamAV sources
> build.

[ snip ]

> What sould I do? Or what VirusScanner sould I use with Amavisd-new?

I grab the -CURRENT port when it gets updated, and apply the new
patches by hand.  I then build it manually (don't try to build the
-CURRENT port on a non-CURRENT machine) and it works like a charm.

Keep in mind, there's some risk involved, as the patches are also
intended for a -CURRENT machine.  But, most of the changes necessary
are pretty straight-forward.

Benny


-- 
"You come from a long line of scary women." -- Ranger, "Three To
   Get Deadly"

Re: 3.6 + ClamAV install?

[j knight]

Adam Papai wrote:
Regards.
I have a problem with ClamAV install to 3.6. None of the ClamAV sources 
build.

For what it's worth, there is a clamav port/package in 3.7 
(ports/security/clamav). CDs can be ordered here 
http://www.openbsd.org/orders.html.

Undelivered Email to Classmates.com

[Classmates Member Services]

Please note you have attempted to reply to an automated email address.

If you need assistance, please visit our online help area at
http://www.classmates.com/help

Regards,

Classmates.com Member Care

3.6 + ClamAV install?

[Adam Papai]

Regards.
I have a problem with ClamAV install to 3.6. None of the ClamAV sources 
build.

I get this error:
/root/clamav-0.83/clamscan/../shared/output.c:116: undefined reference 
to `pthread_mutex_lock'
output.o(.text+0x14d):/root/clamav-0.83/clamscan/../shared/output.c:123: 
undefined reference to `pthread_mutex_unlock'
output.o(.text+0x1cd):/root/clamav-0.83/clamscan/../shared/output.c:134: 
undefined reference to `pthread_mutex_unlock'
output.o(.text+0x308):/root/clamav-0.83/clamscan/../shared/output.c:162: 
undefined reference to `pthread_mutex_unlock'
output.o(.text+0x3c7):/root/clamav-0.83/clamscan/../shared/output.c:185: 
undefined reference to `pthread_mutex_unlock'
../libclamav/.libs/libclamav.so.1.8: undefined reference to 
`pthread_cleanup_pop'
../libclamav/.libs/libclamav.so.1.8: undefined reference to `pthread_create'
../libclamav/.libs/libclamav.so.1.8: undefined reference to 
`pthread_cleanup_push'
../libclamav/.libs/libclamav.so.1.8: undefined reference to `pthread_join'
collect2: ld returned 1 exit status
*** Error code 1

Stop in /root/clamav-0.83/clamscan (line 294 of Makefile).
*** Error code 1
Stop in /root/clamav-0.83 (line 354 of Makefile).
*** Error code 1
Stop in /root/clamav-0.83 (line 219 of Makefile).
What sould I do? Or what VirusScanner sould I use with Amavisd-new?
--
Adam Papai
Digital Influence Inc.
E-mail: [EMAIL PROTECTED]
Phone: +36 30 33-55-735

Re: well that does it

[Per Engelbrecht]

Theo de Raadt wrote:
on the topic, after reyk's talk andphk bullshitting, greg lehey let us 
know that "phk is not speaking for freebsd".

At the presentation.
In the crowd.
So who is speaking for FreeBSD?
Is it phk and all the freebsd developers sending me hate mail for
exposing this?
Like Scott Long?  No wonder.
Is it all the paid freebsd developers?
I think you did the right thing by going public with this - at least for 
all of us not attending BSDcan05. No sane or mature *BSD 
user/developer/whatever can or will condole that kind of misplaced (in 
any respect) outburst.
There's only one developer looking really stupid now and he's not from 
our community!

Yes it would be nice if Greg Lehey being who he is, would make a public 
that_was_not_FreeBSD_talking announcement. That would be the appropriate 
thing to do, but I think that even within the FreeBSD community the vast 
majority have nothing left for ridiculous statements like the one phk 
made - except for a few "small people" maybe.

respectfully
/per
[EMAIL PROTECTED]

How can i mount an external USB hard disk? (part 2)

[=?ISO-8859-1?Q?Jo=E3o_Salvatti?=]

Hi all, I have a OpenBSD 3.6 server box, on a Pentium 3.0 HT, 80 GB SATA HD
AND
1Gb RAM. I've bought a 120Gb HD for backup purposes only, I shut my machine
down, plugged it in, and when it started the OS detected a newly connected
device as it follows:

umass0 at uhub4 port 4 configuration 1 interface 0
umass0: Genesys Logic USB TO IDE, rev 2.00/0.02, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:  SCSI0 0/direct fixed
sd0: 114498MB, 114498 cyl, 64 head, 32 sec, 512 bytes/sec, 234493056 sec
total

But when I run disklabel -e sd0, as I've seen on OPenBSD's web site in
"Adding
extra disks in OpenBSD", the process gives none output information. Instead,
it
remains apparently blocked. When I run the same command to check informations
for my internal HD, it gives me the following output:
- Show quoted text -

[EMAIL PROTECTED]:/# disklabel wd0
# using MBR partition 3: type A6 off 63 (0x3f) size 234436482 (0xdf93782)
# /dev/rwd0c:
type: ESDI
disk: ESDI/IDE disk
label: ST3120827AS
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 234441648
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#size   offsetfstype   [fsize bsize   cpg]
 a:  4095441   634.2BSD 2048 16384   328   # (Cyl.0*- 4062)
 b:   614880  4095504  swap# (Cyl. 4063 - 4672)
 c: 2344416480unused0 0# (Cyl.0 - 232580)
 d: 10240272  47103844.2BSD 2048 16384   328   # (Cyl. 4673 - 14831)
 e: 10240272 149506564.2BSD 2048 16384   328   # (Cyl. 14832 - 24990)
 f:   614880 251909284.2BSD 2048 16384   328   # (Cyl. 24991 - 25600)
 g: 208630737 258058084.2BSD 2048 16384   328  # (Cyl. 25601 -
232575*)

Thjis is how I run the same command to check informations from my new HD:

[EMAIL PROTECTED]:/# disklabel -e sd0

Does anyone know what's happening? My kernel's dmesg is attached.
Thanks for now!

--
Joco Salvatti

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of mydmesg]

Re: Just for those interested in different BSD like ( or so called ) Licences

[Dunceor .]

On 5/16/05, Shawn K. Quinn <[EMAIL PROTECTED]> wrote:
> On Mon, 2005-05-16 at 12:11 +0530, Siju George wrote:
> > http://news.com.com/India+eyes+own+open-source+license/2100-7344_3-5701861.html?tag=nefd.led
> >
> >
> > Thankyou so much
> 
> My gut reaction: This can't be good.
> 
> --
> Shawn K. Quinn <[EMAIL PROTECTED]>
> 
> 

Shouldn't the right path to take be LESS licences and not a djungle of
several licences? I don't see anything good come out of it either.

Re: Just for those interested in different BSD like ( or so called ) Licences

[Shawn K. Quinn]

On Mon, 2005-05-16 at 12:11 +0530, Siju George wrote:
> http://news.com.com/India+eyes+own+open-source+license/2100-7344_3-5701861.html?tag=nefd.led
> 
> 
> Thankyou so much

My gut reaction: This can't be good.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

[Off Topic] metawire.org

[Paolo Supino]

Hi
  Does anyone knoe what happened to metawire.org?

TIA
Paolo

network problem

[RJ45]

Hello,
is there any way to tune the network parameters inside the kernel like 
buffers allocated into memory ?

I have a OpenBSD box (3.6) used as a WiFi gateway and it manages MANY 
VLANs and AP and from time to time the kernel crashes with a page fault 
error.
Is there any specific parameter to tune in hte kernel ?
NMBCLUSTER is no longer supported option right ?
thanks

Rick

problem with http server

[RJ45]

Hello,
I use openbsd as a WiFi gateway using it's own apache http
embedded in the system.
Often with many web browsers this happens:
[Mon May 16 10:53:02 2005] [error] [client 172.27.106.240] Invalid method 
in request \\x80g\\x01\\x03

but actually I can;t understand why...
How can I Tell httpd to accepte these requests anyway ?
thanks
Rick