confirm that using crypt passwords works well with
ldapd-5.6 and PHP application such as ownCloud, Wordpress or DokuWiki.
Thanks for your help!
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
Confidentiality cannot be guaranteed on emails sent or received unencrypted.
SD Auth? A crypt hash in the userPassword
> attribute?)?
My root user is authenticated with BSDAUTH. The rest of the users with
an md5crypt in the userPassword. This works with the version from 5.5
with a range of applications (ownCloud, Wordpress, PHPLDAPAdmin, ...).
--
Olivier Mehani
PGP fingerprint
parently, there is a problem authenticating (yes, I did type the password
properly), resulting in an empty bind, which leads to a failure to continue
further.
Did anybody encounter the same issue? Is there a known cause? How could this be
solved?
I now this is 5.6, and I should be worrying about 5
-client package installed, so ldapadd did the trick
to reimport all that into a fresh and empty DB
ldapadd -H ldapi://%2fvar%2frun%2fldapi -D cn=root,dc=example,dc=net -W <
dump.ldiff
I'll give up on my binary importer (:
Thanks for the pointers!
--
Olivier Mehani
PGP fingerprint: 443
think only the btree_meta is relevant, as I don't see the btree_stat
being written on disk.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
Confidentiality cannot be guaranteed on emails sent or received unencrypted.
h keys and certificates). The only
problem I could find was really in the missing mod_ssl environment
variables.
> Generally speaking, you will likely have fewer challenges if you configure
> each HTTPS virtual host using a dedicated IP address (or port). That way the
> virtual host selec
oo much
configuration snippets). I'm not that familiar with it, but it does sound like
one more reason to try it again.
Thanks for the suggestion!
I'm still open to ideas regarding fixing httpd. I'll settle for whichever works
satisfactorily first (:
--
Olivier Mehani
Sent from my mobile, please excuse my brevity.
try next, if there is indeed anything else. Could
anybody offer some insight/experience about this type of setups? I guess
I'm missing something obvious, but searching the web for hours on end
hasn't yielded anything helpful... Does anybody have any idea what the
problem might be there?
ith it
(;
However, it also reminds me a lot of MonkeySphere [0], which leverages
the PGP WoT, and allow host keys (SSH, SSL) to be signed with the
admin's PGP key. This also has the effect of decentralising the key
management.
However, I suspect there is a risk of false positive/negative, and
On Tue, Mar 15, 2011 at 08:02:38AM +0100, Christophe Etcheverry wrote:
> Any ideaB ?
Ask you ISP to start offering IPv6 connectivity (;
However, maybe they did, and this is the reason you witnessed a change
of behaviour.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F
rtificate that their key is good for your website, and impersonate it
to any of your new-coming customers who haven't been exposed to your
official key yet.
I may also be wrong in my analysis, but as far as my understanding goes,
it's correct.
--
Olivier Mehani
PGP fingerprint: 4435 CF6
security-announce@
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
n AND remote SSH login. I jotted down some doc here
[0].
Next step is trying to see how to do system auth as well! (;
[0]
https://www.narf.ssji.net/~shtrom/wiki/tips/openpgpsmartcard#doing_the_same_w
ith_openbsd_48
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2
6 is more specifically designed
for router configuration. My ISP does that over a PPP link, and it works
wonderfully.
> They are all publicly routable IPv6 addresses.
And it will stay like that! That's one of the reasons to use IPv6: no
*(&#$(# NAT.
[0] http://tools.ietf.org/html/3769
be good to mention that RFC if you did not already know about it.
[RFC5952] S. Kawamura and M. Kawashima, "A recommendation for IPv6
address text representation," RFC 5952 (Standards Track). [Online].
Available: http://tools.ietf.org/rfc/rfc5952.txt
--
Olivier Mehani
PGP fingerprint:
prisingly, refresh the current page at a
given frequency.
The only thing thus rendered impossible is a redirection to another page
after a given period. But I have troubles coming up with a scenario
requiring it which couldn't be handled in other ways.
Just thought I'd rant about it (;
c/dhcpd.interfaces?
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
You then just have to dd that image at the beginning of the disk of the
target machine using its rescue mode. When you have rebooted, you only
need to SSH into that machine and proceed through a completely standard
installation.
[0] http://erdelynet.com/tech/yaifo/yaifo-4-7-beta/
--
Olivier Mehani
PG
can't find the module it needs to load from
in there. It's quite common, but I'm afraid the only solution is a clean
stop (e.g. using apachectl), then to start httpd again manually.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[dem
ays try out interface group-based solutions first as I find
them more elegant. Anyway, if you're keen, please test and tell us (:
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
wrong passwords. I'd like to monitor the size of that
table using pfstat as well.
I'v read through the documentation and searched for examples, but there
doesn't appear to be any mention that pfstat can monitor the size of a
custom table. Is it possible? If so, how?
Thanks.
--
shortucts on
that. Restarting FVWM would then let it rebind the shortcuts to the new
keys with the given symbols.
I may also be completely wrong.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
like a charm!
Having found little information about the process (apart from [0], in
french, which greatly helped) I thought I'd share the news.
BTW: It has two Intel Pro/1000. The default one (that they plug to the
network), is em0.
[0] http://opendedibox.fatbsd.com/yaifo.html
--
Olivier M
Is there a concise and elegant way to define such a ruleset?
Thanks again!
* Actually, maybe I should reconsider this value.
** I don't want to think about IPv6 if I have to write this ruleset
manually (;
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
e -a
OpenBSD mudrublic.narf.ssji.net 4.6 GENERIC#58 i386
Thanks.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
ollowing?
pass in quick proto ipv6-icmp
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
file system write
supportb�, only available if b�Prompt for development and/or incomplete
code/driversb� is enabled) which is --as far as my experience goes-- not
the case by default with many distros. You may need to recompile your
module and/or kernel.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8
ist 11g as an available mode, and
I notice that ath(4) does not actually mention 5213 chips. Looks like
I'm lucky it's recognized at all.
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[demime 1.01d removed an attachment of type application/pgp-signature]
uot; % (keyword, value))
File "/usr/local/lib/python2.5/socket.py", line 274, in write
self.flush()
File "/usr/local/lib/python2.5/socket.py", line 261, in flush
self._sock.sendall(buffer)
error: (32, 'Broken pipe')
Segm
x1050)
> How do I circumvent the screen size limitation?
Maybe add the following to your xorg.conf, and have a quick read of [0]
for more details.
SubSection "Display"
Virtual 2320x1050
EndSubSection
[0] http://www.thinkwiki.org/wiki/Xorg_RandR_1.2#the_Virtual_scree
tput to stderr, while ls and
cat output to stdout. That would assume that system() only catches
stdout (to be checked), but could be a problem a stream redirection.
I just checked and confirmed that usage help and error messages (e.g. in
case of right problem) of cp are output on stderr.
-
I don't understand, though, is why it wasn't working with the
original set of rules, as they look very similar to me, and I would have
expected them to achieve the same behavior, if not as efficiently.
What am I missing?
--
Olivier Mehani
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9
f the interface. Unfortunately, I haven't found anything
clarifying that in the manual.
Can somebody shed some light?
Additionally, in case this syntax only gives IPv4 addresses, what would
be an equivalent method to dynamically get an interface's IPv6 address?
Thanks.
--
Olivier Mehani
PGP fingerp
y using the host key instead of one generated specifically
for that purpose and, if so, what they were.
Thanks for you insight (:
--
Olivier Mehani
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Does scrotwm do something special to
> > call "xterm"?
> To configure xterm, you need to use the .Xdefaults file, although that
> does not look like what you need.
In case an example can help, I have the following in my .Xdefaults to start
all
xterms as login shells.
xterm*l
rious here (:
Thanks.
[0] http://www.openbsd.org/stable.html
[1] http://www.openbsd.org/faq/upgrade43.html
[2] http://www.openbsd.org/faq/faq5.html
[3] http://marc.info/?l=openbsd-misc&m=110098157015931&w=2
[4] http://www.openbsd.org/images/newrack.jpg
[5] http://www.openbsd.org/faq/faq4.html#b
sues, or should it rather be [EMAIL PROTECTED]
Additionally, what workarounds this be (apart from the obvious
installation of xbase43.tgz, which I would like to avoid)?
Thanks.
[0] http://www.openbsd.org/43.html#upgrade
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367
Hi list,
I've been recently amazed (in a bad way) by the number of spam this list
receives that seem to be coming from french companies.
I just wanted to point french readers at a spam gathering organisation
[0,1]. They provide a form [2] to submit this kind of emails for
statistical and (hopeful
much alcohol doesn't help correctly remembering one's
password...).
[0] http://denyhosts.sf.net
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
ppens when GCC is called by
the configure script with erroneous options e.g., in CFLAGS.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
[demime 1.01d removed an attachment of type application/pgp-signature]
y could have done.
* this means, indeed, that the /64 range is very sparsely populated.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
[demime 1.01d removed an attachment of type application/pgp-signature]
http://www.bitlbee.org/
[1] http://www.irssi.org/
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
explanations and/or pointers about why
this feature is not enabled by default (security or kernel size reason ?).
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
[demime 1.01d removed an attachment of type application/pgp-signature]
all your contacts
have not migrated yet (: Gajim is a cool X Jabber client.
And if you want to stick to direct connections to ICQ, well, Pidgin is a
good choice.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
[demime 1.01d removed a
ething like that:
for file in file.jpg file1.jpg file_2.jpg; do
mv $file ${file/.jpg/_thumb.jpg}
done
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
[demime 1.01d removed an attachment of type application/pgp-signature]
process just goes away without the link.
> The only solution I see right now is making a script that watches for
> a dhclient process, and then manually starts it whenever it goes away.
> This doesn't seem that "elegant" in my mind.
Did you have a look at ifstated(8) ?
-
e rules have to be
reloaded. The socket entry in the filesystem would lie in the chrooted
tree so that one script run by the webserver would be able to write to
it.
--
Olivier Mehani <[EMAIL PROTECTED]>
g system)
access and having them modify their own local copy of the website, with some
mechanism to checkout the latest version of the website in /website ? This has
the other advantage to give you cheap backups in case something has gone wrong
and you want to revert to an older version of the site.
--
Olivier Mehani <[EMAIL PROTECTED]>
st [1], I endend up using cronolog (in the ports)
and am quite satisfied with this. It has this "mothly" feature you want, too.
[1] http://marc.theaimsgroup.com/?l=openbsd-misc&m=113410754403756&w=2
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
g
pass quick proto tcp to port ssh keep state
to my pf.conf, the connection works...
I will inspect my rules
thanks !
--
Olivier Mehani <[EMAIL PROTECTED]>
ff02::%gif0/32 link#8 UC 0
0 - gif0
dmesg not included as it does not seem to be relevant for this problem,
correct me if I'm wrong (;
thanks
--
Olivier Mehani <[EMAIL PROTECTED]>
h Active
> > Directory support enabled?
> not on openbsd, but i think you need heimdal and not the krb5
I confirm. From my experiences Heimdal Kerberos works better with Samba,
particularly if you want Windows clients to authenticate and connect to your
server.
--
Olivier Mehani <[EMAIL PROTECTED]>
> > of the screen.
> Check out the man pages for:
> wsconscfg, wsconsctl, wsfontload
Maybe you should also check your laptop's manual, some of them do not
"extend"
the image to the whole screen, but usually you have a key combination like
Fn+F# to switch to extended mode.
LE FORMAT
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
; potentially dangarous. You're better of using the standard way of
> enabling pf.
However non standard, I don't clearly see the potential danger in this. Can you
elaborate ?
--
Olivier Mehani <[EMAIL PROTECTED]>
On Sun, Jan 08, 2006 at 10:51:12PM +, poncenby smythe wrote:
> I am running 3.8 GENERIC on i386 and can't figure out why pf isn't logging
> the packets I've told it to, here is a snippet from /etc/ pf.conf...
Maybe a stupid check, but did you enable pf in rc.conf
On Fri, 9 Dec 2005 14:09:03 +0100
Olivier Mehani <[EMAIL PROTECTED]> wrote:
> The problem is that I remember having dug up this problem a little,
> and all the solutions using cronolog were said to have problems when
> booting. I think I will actually give this solution a real
ing cronolog were said to have problems when
booting. I think I will actually give this solution a real try right now
(;.
(Hans: sorry for the unfinished mail I just sent you)
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
apache, are you ?
> Yes, I am.
> [EMAIL PROTECTED]:~] grep httpd /etc/rc.conf.local
> httpd_flags="-DSSL"
Hum. I'm puzzled. Did you move some files and change permissions in the
chroot then ?
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
quot;|/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl
> /var/www/logs/old/access-hanz.nl.%Y%m%d" combined
But you are not using the default chrooted apache, are you ?
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
On Tue, 25 Oct 2005 07:19:30 +1000
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> I should get a book on bash and read up on all this.
What about man bash ? ;)
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
(1):
termName (class TermName)
Specifies the terminal type name to be set in the TERM
environ- ment variable.
Set this resource to whatever you would like in the general Xresource
file.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
s
clients. And what prevents me from sending crafted BGP packects saying
that I can route to a specific address space I actually don't own ?
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
client).
> Border Gateway Protocol.
Doesn't it imply that said client has its own IP addresses range and
not NATing behind one single ISP-provided address ?
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
al adaptor
driver v0.12
Hope this answers your question.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
em since upgrading to 3.8-beta.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
.
I'm using an Atheros 5354MP ARIES 200mW Mini PCI in a Soekris NET4511.
The driver had a problem in hostap mode under 3.7, but it works really
well with 3.8-beta.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
On Wed, 31 Aug 2005 12:47:03 +0200
Olivier Mehani <[EMAIL PROTECTED]> wrote:
> I've just finished upgrading my router to 3.8-beta (GENERIC#119).
Ok, the machine has been running without problem nor unwanted reboots
for almost three days. It hasn't been able to last that long
stress the machine a little now ;)
I keep you informed.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
I'll upgrade my system and see if it's better.
> also have a look at mbalmer@'s watchdogd(8) which had been imported
> some weeks ago. this has some timing advantages over traditional
> watchdog scripts.
Thanks for the advice, I'll look at it
--
Olivier Mehani <[EMAIL PROTECTED]>
; just replaced the atheros card by an old prism card and that one
> works 24/7.
Thanks for your advice, I'll check that.
--
Olivier Mehani <[EMAIL PROTECTED]>
ing watchdog..."
sysctl kern.watchdog.auto=0 > /dev/null
while : ; do
sysctl kern.watchdog.period=10 > /dev/null
sleep 8
done
--
Olivier Mehani <[EMAIL PROTECTED]>
rdware watchdog which I will disable to see if it
is involved in the problem, but everything has been working well for
more than two months with it before.
Do you have any suggestion of other things I should monitor ?
Thanks
--
Olivier Mehani <[EMAIL PROTECTED]>
[demime 1.01d removed
eed wasn't correct) while the
> > kernel boots. I get back to readable messages when init takes
> > control.
>
> option PCCOMCONSOLE
> option CONSPEED=19200
This doesn't change anything... :-/
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7
nyway, this doesn't cost much. Now that I think about
it, I had exactly the same problem with a hand made OpenBSD 3.4 kernel
too.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
[demime 1.01d removed an attachment of type application/pgp-signature]
ed to this mail should be the /sys/conf/mudrublic (mudrublic.conf)
and /sys/arch/i386/conf/mudrublic (mudrublic.arch.conf) files I used to
compile my kernel, in case it may help.
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Hi,
I'd like to accept rtadv annouces on only one interface of my machine.
As far as I understand, the sysctl entry net.inet6.ip6.accept_rtadv
controls this for _every_ interface in my machine.
Is there a way to specify more precisely which interfaces should or not
accept rtadv ?
--
Ol
On Tue, 31 May 2005 02:43:23 +0200
Olivier Mehani <[EMAIL PROTECTED]> wrote:
> * Relevant parts of the dmesg say:
> rtw0 at cardbus0 dev 0 function 0 irq 10
> rtw0: ver F, radio SA2400A, amp SA2411, address 00:0f:3d:cf:cb:e8
I forgot to mention this is a GENERIC 3.7 kerne
sometimes get the message
Data modified on freelist: word 4 of object 0xd094b300 size 0x100
previous type devbuf (0xdeadbeed != 0xdeadbeef)
I'm not sure whether this is linked to the problem or not...
--
Olivier Mehani <[EMAIL PROTECTED]>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DF
79 matches
Mail list logo
