search for: kragenbaer

...rn to report client certificate fingerprints to the dovecot auth server? Like that even client certificate verification could be handled by dovecot auth, aka via SASL, and administrators would have to take care for one user database only? Other than that i say Ciao from Germany! --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)

...d highly configurable applications. dovecot for example, i track the source for a couple of years, comes with 568 files changed, 26488 insertions(+), 6969 deletions(-) for my last update (v2.3.10.1 to v2.3.11.3). This is a lot. Thank you. And Ciao! and good night from Germany, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)

...n, cannot be generated by OpenSSL (yet), and not portably anyway. I will attach these, i like them. Maybe i find time to make the OpenBSD variant work for IPv4 and IPv6, but i think it needs two sockets and select(2), so this is a bit of work. Ciao, and a nice Sunday everybody. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -------------- next part -------------- A non-text attachment was scrubbed... Name: s-port-knock.sh Type: text/x-shellscript Size: 920...

...NAL, i would rather have some password-protected crytographically secured certificates in my local store, and have client certificates in all the IoT devices, than have to mess around with the OAUTH that the major players press forward, for example. Thanks, and Ciao from Germany, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)

...o be continue..) Ie, for me personally sshfwkd would only make sense if it could be made to listen on a different interface than the real SSH server. I'll attach my very, very simple things, but which work for me without any problems for years. (They require IPv4.) |/Simon --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -------------- next part -------------- A non-text attachment was scrubbed... Name: port-knock-client.sh Type: text/x-shellscript Size...

...k.sh knock .ZX.pub /tmp/zt localhost 10000 /tmp/.Z.pub Of course it is a play thing, but for you all it is sunday and maybe you like it. 'Will review and polish it on Monday. TLS client certificates and things like capsicum or pledge/unveil or missing for, also after Monday. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -------------- next part -------------- A non-text attachment was scrubbed... Name: port-knock.sh Type: text/x-shellscript Size: 3324...

...a O_APPEND|O_RDWR file requires an intermediate fseek(fout, 0, SEEK_END)) or fflush() which i consider a bug in Solaris stdio. J?rg Schilling however convinced me that the standard requires this behaviour, and it is also in the C FAQ. Nonetheless... --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)

...eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)

...e > dovecot auth server? Like that even client certificate > verification could be handled by dovecot auth, aka via SASL, and > administrators would have to take care for one user database only? > > Other than that i say > Ciao from Germany! > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) Sorry for duplicate mail, I accidentically pressed too many keys... *sigh* Anyways, I'm not sure if you understoo...

On 2024-07-20 at 16:30 -0400, James Ralston wrote: > The real issue here is that the Mailman configuration for the > openssh-unix-dev list does not appear to set > `dmarc_moderation_action` > (in `Privacy options` - `Sender filters`) to either `Munge From` or > `Wrap Message`, which is necessary for lists where ... "Necessary" if the client machines re going to penalize

Hi Damien, Damien Miller wrote on Tue, Aug 21, 2018 at 12:04:41PM +1000: > ok, djm@ Thanks for checking, and thanks to Val and Michael for testing. I just committed the patch to OpenBSD, others will likely take care of merging it to -portable. > (I'd prefer the comment before the return statement, but up to you) Immediately before the return statement, it looked really confusing,

On 12.03.20 19:09, Christoph Anton Mitterer wrote: > On Wed, 2020-03-11 at 21:39 +0100, Thomas Koeller wrote: > IMO, the idea itself sounds not the best... one must assume that such > invoked programs are not written "safe"... and thus an attacker could > potentially cause the system to run such programs a huge number of > times. As the anticipated action of the program is

...xample, i track the source for > a couple of years, comes with > 568 files changed, 26488 insertions(+), 6969 deletions(-) > for my last update (v2.3.10.1 to v2.3.11.3). This is a lot. > > Thank you. > And Ciao! and good night from Germany, > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) I was trying to suggest that you could try dovecot submission server. It might work better with EXTERNAL authenticatio...

...lt;/div> <div> </div> <div> Thanks, </div> <div> and Ciao from Germany, </div> <div> </div> <div> --steffen </div> <div> | </div> <div> |Der Kragenbaer, The moon bear, </div> <div> |der holt sich munter he cheerfully and one by one </div> <div> |einen nach dem anderen runter wa.ks himself off </div> <div> |(By Robert Gernhardt) </div> </blockquote> <div&gt...

On Wed, 2024-06-19 at 16:11 -0400, Joseph S. Testa II wrote: > I suppose in the next few days, I'll try reproducing my original > steps > with the new version and see what happens. I managed to do some limited testing with a local VM, and the results are... interesting. I installed openssh-SNAP-20240626.tar.gz on a fresh and fully-updated Ubuntu Linux 24.04 LTS VM with 1 vCPU.

...Mars is next. Btw i will do this tomorrow. The script had an ugly way of finding bash (if necessary) which soils the rest. This means select(2) plus two sockets. The rest seems fine. I post the final thing once again when that is also done, and then i am silent on this issue. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)

On 2020-09-07 11:21:13 [+1000], Darren Tucker wrote: > The zstd part would be a larger discussion because we would need to > either carry it as a Portable patch or have zstd added to OpenBSD > base, and I don't know if that would be accepted. Do you have any > performance numbers for zstd in this application? A key stroke is here 10 bytes of raw data which zstd compresses usually

Hi, On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: > On 14/07/2024 03:49, Steffen Nurpmeso wrote: > > I have read > > > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > > > but as an application developer i find it ugly not to be able to > > "simply do it", and get back a mapped address.

Hey all, So I do some development based on openssh and I'm trying to think of some new projects that might extend the functionality, feature set, user workflow, performance, etc of ssh. So open ended question: Do any of you have a wish list of things you'd like to see in ssh? Mostly I'm just curious to see what the larger community is thinking of rather than being driven

I am trying to understand the details of the deprecation notice. Because I am getting people asking me questions. And I don't know the answer. Therefore I am pushing the boulder uphill and asking here. :-) Damien Miller wrote: > Future deprecation notice > ========================= > > It is now possible[1] to perform chosen-prefix attacks against the > SHA-1 algorithm for