On 2023-05-06 11:54 am, Hannu Vuolasaho wrote:
Hello,
I made a silly mistake when I set up my VM and my disk image is too
small for my next operation.
My plan is to give the new image to the VM, run a minimal install on
it so I get the boot loader installed. Also disklabel will be good.
...
On 2023-03-23 11:53 am, ch...@qatland.com wrote:
I did not look at the code at all for this. Only using existing
programs.
If this should not be working then a patch will be needed somewhere.
I didn't give it a try, but I took your report at face value and looked
closer at the code.
When
On 2023-03-23 7:54 am, ch...@qatland.com wrote:
useradd makes use of the permissions of /etc/skel The defaults is 755.
If you change it to 750 new user directories will then have 750 as the
default on their home directories.
Does it? Looking at the code, it doesn't copy /etc/skel, it runs
b) set 'local_cert' in
$config['imap_conn_options']['ssl'] in Roundcube, c) did not configure a
client certificate with any other client, and d) did not have 'ssl_ca'
set correctly in dovecot, I believe you would get this error.
--
Matthew Weigel
hacker
unique & idempot . ent
On 2020-02-19 9:48, b...@0x1bi.net wrote:
I verified the output of rcctl and inetd is running.
Did you restart inetd after editing inetd.conf? It has to decide what
ports to listen on when it starts up, which means it isn't going to
notice edits.
--
Matthew Weigel
rg/OpenBSD-6.2/ctags) does not mention
how to achieve this. So how do I do this on OpenBSD? Am I missing
something? Please help.
rm tags; find . \( -name '*.h' -o -name '*.c' \) | xargs ctags -a
Let find(1) manage the recursive part.
--
Matthew Weigel
hacker
unique & idempot . ent
On 2016-10-18 12:43, Jack J. Woehr wrote:
Routing, firewalling, DMZing, net address translation, OpenSSL,
LibreSSL. :-)
--
Matthew Weigel
hacker
unique & idempot . ent
anyway, but I prefer to host my own.
I do what I can to mitigate the security problems, and keep backups.
--
Matthew Weigel
hacker
unique & idempot . ent
problem.
From http://www.openbsd.org/plus56.html:
* Removed md5crypt from crypt(3).
So ldapd(8) is passing the hash string along to crypt(3) when checking
the user's password and crypt(3) is unable to handle it. You'll need to
start migrating these password hashes.
--
Matthew Weigel
hacker
?)?
--
Matthew Weigel
hacker
unique idempot . ent
... so it's certainly a common problem.
Maybe some Unix decided to send email based on exit status, but
OpenBSD's does not.
--
Matthew Weigel
hacker
unique idempot . ent
in the kernel to run on
them, and b) I'm not aware of hardware such as RouterBoards that use
the newer cores.
--
Matthew Weigel
hacker
unique idempot . ent
the problem or says anything more about it...
--
Matthew Weigel
hacker
unique idempot . ent
in /etc/master.passwd instead.
--
Matthew Weigel
hacker
unique idempot . ent
a user
who does have write permission to users' entries, and then write
a program that will authenticate as that DN to modify passwords
on users' behalf.
--
Matthew Weigel
hacker
unique idempot . ent
.
--
Matthew Weigel
hacker
unique idempot . ent
, as I don't see the btree_stat
being written on disk.
Maybe, I didn't dig too deep into it once I solved my problems.
--
Matthew Weigel
hacker
unique idempot . ent
On 7/22/14, 9:37 PM, Matthew Weigel wrote:
into it, I started up ldapd(8) and connected to it with ldapvi(1) from
ports. I wrote out the contents of that buffer to a separate file, and
Actually I didn't notice it this weekend but ldapvi(1) has --in and
--out arguments that do exactly
, not LibreSSL. There can't be
really any question of OpenBSD users not being affected because they are
using a forked version that might not be vulnerable; that fork is still
in development.
--
Matthew Weigel
hacker
unique idempot . ent
provides the
latter.
Which seems to indicate that I just need ypldap as a front end to my
LDAP server.
That is poorly worded for sure. I think right now the best combination
is the one you're trying, login_ldap and ypldap together.
--
Matthew Weigel
hacker
unique idempot . ent
at runtime to load ssl.so. You
might try fstat on a running dovecot process that talks SSL.
--
Matthew Weigel
On Apr 8, 2014, at 12:26 PM, Didier Wiroth dwir...@gmail.com wrote:
Hello,
I'm not a developer but more of an openbsd hobbyist.
I'm using current with current packages that are a few
implemented maps are: passwd.byname,
passwd.byuid, group.byname, group.bygid.
--
Matthew Weigel
hacker
unique idempot . ent
worth trying.
--
Matthew Weigel
hacker
unique idempot . ent
(), and would be causing problems before the user's login
class is relevant.
--
Matthew Weigel
hacker
unique idempot . ent
problems before the user's login
class is relevant.
# pwd_mkdb
usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file
# pwd_mkdb -c /etc/master.passwd
#
It seems that everything is OK, isn't it?.
Did the problems with unknown user persist afterward?
--
Matthew Weigel
hacker
.
Until that's done I rely on a short Perl script I wrote. It's a pretty simple
kind of thing to do; it is more a codification of a particular policy than a
technically challenging problem.
--
Matthew Weigel
class is configured in login.conf to
authenticate via login_ldap talking to the LDAP server, which is
configured to have the appropriate users.
This is what I meant by that's a lot more moving parts than just
passwords in LDAP.
--
Matthew Weigel
hacker
unique idempot . ent
? Does that chroot have an /etc/hosts
with an entry for localhost?
--
Matthew Weigel
hacker
unique idempot . ent
-encoded to give you the
hash you see.
--
Matthew Weigel
hacker
unique idempot . ent
passwords, rather than trying to read/write the
userPassword directly. It is not currently implemented in OpenBSD's ldapd.
--
Matthew Weigel
hacker
unique idempot . ent
outside the jail is still good... on OpenBSD you can
control most of those things globally. The last bit seems pretty
uninteresting, unless (again) you are trying for virtual root access.
--
Matthew Weigel
hacker
unique idempot . ent
$06$' . $salt . $new_pw;
my $hash = crypt($new_pw, $rnd_salt);
print({CRYPT}$hash\n);
}
--
Matthew Weigel
hacker
unique idempot . ent
On 2014-02-21 9:24, Matthew Weigel wrote:
On 2014-02-21 5:09, Joel Carnat wrote:
Here is a short
script that should run fine on a stock OpenBSD machine to generate a
bcrypt hash suitable for the userPassword attribute of ldapd.
Nope nope nope. That script is incorrect in a couple of ways
ldapd would be fine with
either the old DES-based crypt() hash or the MD5-based hash - you would
just need to prefix it with {CRYPT} I think - neither of those is
really a good idea for hashing passwords anymore.
--
Matthew Weigel
hacker
unique idempot . ent
OPENPAM_STATIC_MODULES is used, and how.
https://github.com/freebsd/freebsd/blob/master/contrib/openpam/lib/libpam/openpam_load.c#L54
is basically the only place.
--
Matthew Weigel
hacker
unique idempot . ent
that the public key that I
downloaded is exactly the same public key, which is stored on OpenBSD
servers (MITM)?
You can't. But at least that's transparent, rather than obfuscated
somewhere down a chain of trust.
--
Matthew Weigel
hacker
unique idempot . ent
a step somewhere.
can i be helped?
What command are you running to try to read them? I believe you should
be using man erlang page with that configuration.
--
Matthew Weigel
hacker
unique idempot . ent
, etc.), but in general I don't think virtualization
will particularly help you.
--
Matthew Weigel
hacker
unique idempot . ent
, to see if they do eventually get delivered.
--
Matthew Weigel
hacker
unique idempot . ent
straightforward to implement... Except for
users with {BSDAUTH} values in userPassword.
--
Matthew Weigel
and documents are right there.
If you are still worried about it, you are trolling either misc@ or
yourself or both.
--
Matthew Weigel
hacker
unique idempot . ent
whether this is the thinking of the OpenBSD developers, but
I have seen some concerns over the years that tty_tickets gives a false
sense of security.
--
Matthew Weigel
hacker
unique idempot . ent
. For connections to localhost, MySQL programs attempt to connect to
the local server by using a Unix socket file.
So no, 127.0.0.1 != localhost in the context of MySQL on Unix.
--
Matthew Weigel
hacker
unique idempot . ent
On 08/11/2013 10:35 AM, josef.win...@email.de wrote:
I want to support as much hardware as possible 'out of the box'
and since a network can't be assumed, I need to preinstall the
drivers.
GENERIC supports as much hardware as possible 'out of the box.'
--
Matthew Weigel
hacker
unique idempot
/rc.conf.local unless you want to
change the default set in /etc/rc.conf.
--
Matthew Weigel
hacker
unique idempot . ent
side of the story?
--
Matthew Weigel
hacker
unique idempot . ent
it requires both
proprietary userland tools and proprietary kernel bits that are not
available.
--
Matthew Weigel
hacker
unique idempot . ent
current for your release.
It may take a bit more time to figure out than a breezy post that glosses over
paths not taken, but you won't even know that you could have taken another,
better path.
--
Matthew Weigel
to do the thing you
ACTUALLY want to do. Are all of the accounts gmail, and you simply want
to archive all gmail messages somewhere away from Google? Do you intend
to run the MX for some of these accounts, but not all?
Definitely read the docs.
--
Matthew Weigel
hacker
unique idempot . ent
if they don't.
You *can* maintain multiple versions of things if you use different paths,
introducing about as much heartache as you'd expect.
--
Matthew Weigel
hacker
unique idempot . ent
they know... That is a SERVICE being provided. They knew they
didn't have the time to figure it out before they got ass-deep into it.
--
Matthew Weigel
hacker
unique idempot . ent
man pages but perhaps am missing an import
detail in my rc.d file or script itself. Anyone able to shed some light?
I believe you need to define pexp after sourcing rc.subr.
--
Matthew Weigel
hacker
unique idempot . ent
what everyone is doing, and no one has found a way to sue
over it yet... which at least suggests your concern is misguided.
--
Matthew Weigel
hacker
unique idempot . ent
, in the
interest of being not interested in assigning blame.
--
Matthew Weigel
hacker
unique idempot . ent
choice.
The really unsafe, choice, though, is mounting async, which can lead to
unrecoverable filesystems in the event of a crash.
--
Matthew Weigel
hacker
unique idempot . ent
that is your
problem.
--
Matthew Weigel
hacker
unique idempot . ent
well be causing your problems.
--
Matthew Weigel
hacker
unique idempot . ent
cat /etc/mail/nospamd.constant /etc/mail/nospamd.dynamic
/etc/mail/nospamd
/sbin/pfctl -t gmail-white -T replace -f /etc/mail/nospamd 21 \
| grep -v 'no changes'
That's very close to something someone else shared on misc@ many
moons ago, I don't remember who.
--
Matthew Weigel
hacker
unique
On 21.05.2012 23:55, Mehma Sarja wrote:
On 5/21/12 9:34 PM, Matthew Weigel wrote:
On 21.05.2012 22:45, Richards, Toby wrote:
Granted: I do hold an MCSE certification, but I don't need it.
The upgrade just works. Well... despite occasional BSOD's ;)
I admit this kind of made me chuckle:
http
.
--
Matthew Weigel
BSOD's ;)
I admit this kind of made me chuckle:
http://www.linkedin.com/pub/toby-richards/37/71a/474
--
Matthew Weigel
hacker
unique idempot . ent
by default. What am I missing?
/tmp% ls -l test.pl
Check the mount options for whatever filesystem /tmp lives on. Chances
are
good it's its own filesystem, and is mounted nosuid.
--
Matthew Weigel
hacker
unique idempot . ent
scripts, you know.
--
Matthew Weigel
hacker
unique idempot . ent
you confirm that root is in the
daemon
login class (as is the default config), and that the daemon login class
has
ignorenologin?
--
Matthew Weigel
hacker
unique idempot . ent
wouldn't have taken Perl out in the first place.
--
Matthew Weigel
hacker
unique idempot . ent
fontconfig.7.0 not found
| not found anywhere
|library freetype.17.1 not found
| not found anywhere
Those libraries are probably provided by install sets you didn't
install...
like xbase48.tgz. See http://www.openbsd.org/faq/faq4.html#FilesNeeded
for
more information.
--
Matthew Weigel
hacker
unique
recent tag context.
--
Matthew Weigel
hacker
unique idempot . ent
what libraries,
etc., get
pulled in by each version, but it may not be necessary. The more
important point
is using FastCGI so that Apache itself doesn't have to have PHP loaded,
and is therefore
not restricted to a single version that it's running.
--
Matthew Weigel
hacker
unique idempot
On 7/10/2010 9:55 AM, mlanciau wrote:
Hello !
I'm trying to install lighttpd (no problem) and to add php to create a
good web server. But, even if I didn't chroot lighttpd, I don't
succeed.
Have you any idea ?
What's the fastcgi configuration in lighttpd.conf look like?
--
Matthew
trying it without first.
--
Matthew Weigel
hacker
unique idempot . ent
by the operating system?
Uploaded firmware blobs generate more traffic on m...@.
--
Matthew Weigel
hacker
unique idempot . ent
what shared objects they link to, copy those over, and delete
old
versions.
--
Matthew Weigel
hacker
unique idempot . ent
actually need a fairly big database before that's a problem, so...
--
Matthew Weigel
hacker
unique idempot . ent
in /var are okay or not
(I *think* /var/www/bin is the only thing you'd have to look at, but you
can do the digging on that).
--
Matthew Weigel
hacker
unique idempot . ent
can accomplish what you want with
login_radius or login_ldap (the latter is in ports) and a RADIUS or LDAP
server.
--
Matthew Weigel
hacker
unique idempot . ent
), if you force it to be started
for every user with some kind of global configuration. You might also
be able to go for strictly X11 logins, and then using xlock.
--
Matthew Weigel
hacker
unique idempot . ent
, but what exactly would having it build in
multithreaded mode buy you on OpenBSD?
--
Matthew Weigel
hacker
unique idempot . ent
involve dumping everything and just doing
what someone on a mailing list said.
--
Matthew Weigel
hacker
unique idempot . ent
in crontab runs it every hour, if
it's a good idea for everyone to change it wouldn't it be a good idea
to give an example that only runs e.g. once a day?
--
Matthew Weigel
hacker
unique idempot . ent
wouldn't have come up..)
I just followed the directions in spamd(8),
spamd-setup(8) should be run periodically by cron(8). When run in
black-
list-only mode, the -b flag should be specified. Use crontab(1) to
un-
comment the entry in root's crontab.
--
Matthew Weigel
hacker
in softraid - failover
prior to disk failure?
--
Matthew Weigel
hacker
unique idempot . ent
have in php.ini. I wonder, if there are no logging features for
mini_sendmail or so. I read the man-page online, but didn't see any.
Well, mini_sendmail is an external package... talk to the authors about that,
but I think they'll tell you they can't really track what you need tracked.
--
Matthew
Uwe Dippel wrote:
Matthew Weigel unique at idempot.net writes:
Then you have grown your userbase too fast with a terrible setup, and now
you're caught in the middle of fixing the problem or avoiding downtime.
Are you sure this is not a misunderstanding? When you host user accounts
details since
you seem to have some insight into the issue.
Wim hasn't posted to the list, but he has put up his perspective at
http://accounting.kd85.com/ . Dunno what's really happening...
--
Matthew Weigel
hacker
unique idempot . ent
. Yes, I have. Hell, I'm
pretty sure this approach has been presented at LISA before.
--
Matthew Weigel
hacker
unique idempot.ent
of how greytrapping works:
http://www.openbsd.org/cgi-bin/man.cgi?query=spamd#GREYTRAPPING
I've seen other implementations do greytrapping for *every* invalid
address that comes through, too.
--
Matthew Weigel
hacker
unique idempot . ent
-recoverable failure in name resolution
I run out of ideas now, what needs to be done?
What files might be used in name resolution on the system, that aren't
in /var/www? Maybe... /etc/resolv.conf?
--
Matthew Weigel
hacker
unique idempot . ent
the
integrity of the signatures, the source used to compile the binaries
that are signed, and the binaries themselves, you are providing a
misleading sense of security instead of an actual benefit.
An example of the difference:
http://rhn.redhat.com/errata/RHSA-2008-0855.html
--
Matthew
,
supplanted by the /s and /m modifiers on pattern matching.
So whatever majordomo is doing with regular expressions, it thinks it's
handling multi-line strings one way and is probably handling it the
other way now.
--
Matthew Weigel
for a specific processor type,
not a platform. For example, the mac68k and mvme68k platforms both have a
'machine -a' output of 'm68k' - ditto with the macppc and socppc platforms.
--
Matthew Weigel
hacker
unique idempot.ent
.
--
Matthew Weigel
hacker
unique idempot.ent
Denis Doroshenko wrote:
have you done any analysis of statistical data in order to say so?
otherwise all those way more popular, most people it is a big IYHO.
William Boshuck has the measure of my response to that.
On Sun, Oct 26, 2008 at 9:10 AM, Matthew Weigel [EMAIL PROTECTED] wrote
the right
way to do something is.
If you're having a problem sharing files, there are solutions far more
effective than complaining on [EMAIL PROTECTED] If your goal is to solve your
problem,
you can solve it.
--
Matthew Weigel
hacker
unique idempot.ent
will be running MySQL and PHP in 32MB, the OP may
need to tweak MySQL to not use too much memory and restrict the number of PHP
processes to run (1 or 2, I'd say).
--
Matthew Weigel
hacker
unique idempot.ent
automatically, or anything.
3.) Do I need to chroot the Apache 2.2.4 or will the default install
set it up that way?
I don't have an answer for this one. :-)
--
Matthew Weigel
hacker
[EMAIL PROTECTED]
very relevant to this - that mostly
establishes what the memory address space is, *not* the size of integers that
can be used by the system.
--
Matthew Weigel
hacker
unique idempot.ent
David Gwynne wrote:
solaris suffers from this problem. you cant use big disks with 32bit
solaris kernels.
For UFS, at least, but doesn't ZFS on i386 (not amd64) scale?
--
Matthew Weigel
hacker
unique idempot.ent
, MAA3182S SUN18G, 1907 SCSI2 0/direct
fixed
sd7: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total
safte2 at scsibus3 targ 15 lun 0: SYMBIOS, D1000, 2 SCSI2 3/processor fixed
--
Matthew Weigel
hacker
unique idempot.ent
the archives? This was answered almost precisely a
month ago on this very list...
http://marc.info/?l=openbsd-miscm=120328567228893w=2
--
Matthew Weigel
hacker
unique idempot.ent
Matthew Weigel wrote:
I have an Ultra 10 (400MHz from an Ultra 5, 512MB or 1GB RAM) I haven't
used in a while, so I could definitely donate it - I need to double
check what the UPA cards I have for it are.
The two UPA cards I have are a Creator Series 3 (501-4789) and a Creator3D
Series 3
1 - 100 of 152 matches
Mail list logo