Re: build go projects with current: bad system call (core dumped)
On 6/1/23 08:33, Thomas Huber wrote: > Hi @misc, > > I face a problem with -current when building golang projects. > This worked fine on 7.2 and I think it stopped working with 7.3 release. > Now I try it on -current. > > I get the following error: > "go: error obtaining buildID for go tool compile: signal: bad system call > (core dumped)" Update the 'sys' dependency to the latest version. > > The Projects I´m trying to build are the nats-server[1] and natscli[2]. > go version go1.20.4 openbsd/amd64 > > Maybe someone on this list has a clue... > Thanks Thomas (the u2k20 host) > > -- > [1] https://github.com/nats-io/nats-server > [2] https://github.com/nats-io/natscli
Re: Username and/or password lengths for OpenIKED with EAP MSCHAP-V2
On 3/10/23 15:42, J Doe wrote: > On 2023-03-05 17:19, A Tammy wrote: > >> >> On 3/5/23 16:49, J Doe wrote: >>> Hello, >>> >>> I was wondering if there is a limit to the number of characters that >>> the username and/or password can be when using EAP MSCHAP-V2 in >>> OpenIKED. >>> >>> In particular, I was wondering if either OpenIKED enforced a limit or >>> whether MSCHAP-V2 has a limit based on the underlying authentication >>> scheme ? >>> >>> Thanks, >>> >>> - J >>> >> A quick 30s look into the source code shows - >> https://github.com/openbsd/src/blob/master/sbin/iked/chap_ms.h#LL30C2-L30C32 >> >> >>> #define MSCHAP_MAXNTPASSWORD_SZ 255 /* unicode chars */ >> >> a good point for you to start looking :) >> >> Cheers, >> Aisha > > Hi, > > Thanks for your response ... Ordinarily, I would assume that the > maximum password size would then be 255 ASCII characters, but is the > size different because the comment notes it's for Unicode characters ? > > Thanks, > > - J > I don't know :) You should try to read the source code, that's not the only variable in that file, maybe the other ones are the actual password/username size.
Re: Username and/or password lengths for OpenIKED with EAP MSCHAP-V2
On 3/5/23 16:49, J Doe wrote: > Hello, > > I was wondering if there is a limit to the number of characters that > the username and/or password can be when using EAP MSCHAP-V2 in OpenIKED. > > In particular, I was wondering if either OpenIKED enforced a limit or > whether MSCHAP-V2 has a limit based on the underlying authentication > scheme ? > > Thanks, > > - J > A quick 30s look into the source code shows - https://github.com/openbsd/src/blob/master/sbin/iked/chap_ms.h#LL30C2-L30C32 > #define MSCHAP_MAXNTPASSWORD_SZ 255 /* unicode chars */ a good point for you to start looking :) Cheers, Aisha
Re: Universal Media Server on OpenBSD
On 2/10/23 05:58, kasak wrote: > Hello misc! > > If somebody interested, i've successfully launched UMS on OpenBSD 7.2. > Wooo, Great work! > Here it is: > > > pkg_add mediainfo mplayer ffmpeg jdk%17 > > useradd -L daemon -s /sbin/nologin -d /var/ums -m -s /var/empty _ums > > ftp > https://github.com/UniversalMediaServer/UniversalMediaServer/releases/download/13.2.0/UMS-13.2.0-x86_64.tgz > > doas tar -xzvf UMS-13.2.0-x86_64.tgz -C /usr/local -s /-13.2.0// > > after that, create rc file for headless mode: > > /etc/rc.d/ums: > > - > > #!/bin/ksh > > JAVA_HOME="/usr/local/jdk-17" > JAVA="$JAVA_HOME/bin/java" > UMS_MAX_MEMORY=1280M > PMS_JARS="update.jar:ums.jar" > PMS_HOME=/usr/local/ums > > daemon="$JAVA -Xmx$UMS_MAX_MEMORY -Xss2048k -Dfile.encoding=UTF-8 > -Djava.net.preferIPv4Stack=true -Djna.nosys=true -classpath $PMS_JARS > net.pms.PMS console" > daemon_user="_ums" > daemon_execdir="$PMS_HOME" > > . /etc/rc.d/rc.subr > > rc_bg="YES" > rc_reload="NO" > rc_cmd $1 > > - > > > It seems working just fine. > > Do we need a port for it? I wanted to create a port, but it is pretty > difficult to me. Maybe if it is needed, I should dig into it? > Ports are nice to have, then it is accessible to lot more people. Here are two similar Java ports which you can use to create a port for UMS - https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/jitsi/videobridge/ and https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/jitsi/jicofo/ Looking forward to the port, Aisha
Re: VPN for a newbie
On 11/2/22 21:02, Odd Martin Baanrud wrote: > Hello, > > I’m planning to set up a VPN. > The problem is, I get confused about all the features and possibilities, so I > really don’t know where to start. > > I’m running OpenBSD on my router, and a Debian-server behind it, providing > several public services, off course using nat/rdr with PF. > > My first goal is to get a setup where I can use my laptops etc to connect to > my router/server at home, both for tunnelling, and accessing the services on > my Debian machine. this can be done with bare wireguard. > Then, I want to try a setup where 2 private networks connect to each other > via internet. this can be done with tailscale which uses wireguard under the hood (but that is irrelevant) - pkg_add tailscale - or headscale if you want to run your own central server https://tailscale.com/ https://github.com/juanfont/headscale aisha > > Where do I start? > Which services need to run, and where? > Is there a good starting point somewhere for my scenarios? > > Regards, Martin >
Re: Questions about the code commit review process
On 10/29/22 18:28, i...@tutanota.com wrote: > Hi, > > What is the code commit review process in OpenBSD? A developer with commit > access, does his code get reviewed by other developers before a release, and > if so, is that an internal requirement? Code gets reviewed before committing and approvals are given by an 'ok' from other developers. The 'ok's are noted in the commit messages. aisha > > Thanks. > > Kind regards. >
Re: Supposed way to have a login without password but still able to login via ssh?
On 9/26/22 16:03, Antoine Jacoutot wrote:
> On Mon, Sep 26, 2022 at 09:58:13PM +0200, Florian Obser wrote:
>> Set the password hash to 13 * using vipw(8) or usermod -p.
>>
>> I wonder if we document that somewhere.
> We do, in passwd(5).
>
> Similarly, login accounts not allowing password authentication but
allowing other authentication methods, for example public key
authentication, conventionally have 13 asterisks in the password field.
The relevant lines in security(8) at /usr/libexec/security
> Line 103: length $pwd != 13
It doesn't seem like it is checking that it is 13 * specifically as
opposed to just being 13 chars in width. Nor does the line in passwd(5)
say anything about it being run in security(8), security(8) does not
mention this check being done in its man page (at least not after I gave
another cursory look at it).
> Check the master.passwd(5) and group(5) files for syntax, empty
passwords, partially closed accounts, suspicious UIDs, suspicious GIDs,
and duplicate entries.
Seems like updating that "conventionally have" to something more
substantial or maybe the "partially closed accounts" to something else
would be a good thing.
>> On 26 September 2022 20:27:07 CEST, Federico Giannici
>> wrote:
>>> I have a login that I want to be able to access only via ssh with a
>>> certificate (in ~/.ssh/authorized_keys).
>>>
>>>
>>> So I have disabled the password ('*') but left a valid shell. Something
>>> like this in /etc/master.passwd:
>>>
>>> mylogin:*:1001:1001::0:0:My login:/home/mylogin:/bin/sh
>>>
>>>
>>> But in this way every day a receive a mail with the following:
>>>
>>> Checking the /etc/master.passwd file:
>>> Login mylogin is off but still has a valid shell and alternate access files
>>> in home directory are still readable.
>>>
>>>
>>> What is the supposed way to define an account without a password but with a
>>> valid shell (to access via ssh with a certificate)?
>>>
>>> Thanks.
>>>
>> --
>> Sent from a mobile device. Please excuse poor formatting.
>>
