similar to: fix byte ordering problem in TFTP/PXE fs access

Hello, at my universities CS computer pools we're trying to migrate our samba3 based NT domain to AD with samba4-rc1. In the past we had a little script which our users could run on their own from their linux account which created a samba user with their own uid/gid and set their password (via smbpasswd). We're trying to recreate this behaviour with "samba-tool user create"

On 2018-08-21T06:21, Stef Bon <stefbon at gmail.com> wrote: > Op di 21 aug. 2018 om 06:04 schreef Stef Bon <stefbon at gmail.com>: > > > > Hi, > > > > I'm looking for a procedure (on paper first) to provide users on hosts > > session keys to login to servers providing services like file, print > > or even access to internet or a sql db. >

How about using the existing OpenSSH client's PKCS#11 support to isolate keying material in a dedicated process? A similar approach, "Practical key privilege separation using Caml Crush", was discussed at FOSDEM'15 with a focus on Heatbleed [1][2] but the ideas and principles are the same. Now this is easily done using the following available components: - SoftHSM to store

Hi, Someone told me that DSA keys were being deprecated with OpenSSH 7.0. The only reference I could find about this topic on openSSH site is on the legacy page: ?OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.? There is no explanation about the weakness. But more than that, I could not find any mention

On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at cs.fau.de> wrote: [...] > Afaik its because DSA key size has (for very weird reasons admittedly: > FIPS 186-4) been limited to 1024 bits which is considered weak nowadays. Use of DSA within the SSH protocol requires the use of SHA1, which is 160 bits (80 bits against a birthday attack) and is reaching its use-by date. This

Hello, in light of the recent CVE-2016-0777, I came up with the following idea, that would have lessened its impact. Feel free to ignore or flame me, maybe its stupid or I missed something :) - private key material should only ever be handled in a separate process from the SSH client. ssh-agent (maybe slightly extended) seems the logical choice. - in places where the client currently reads

Hello, I'd like to announce "nutdown", a nut client written using perl UPS::Nut. It's purpose is to enable shutdowns in stages, e.g. "less important servers shut down at 80% charge, the important ones at 10% and the nut server at 5%". To that end, nutdown supports "events" like power_fail, the charge falling below configurable percentages (i.e. every

From: Sylvain Gault <sylvain.gault at gmail.com> Despite having native network capabilities, UEFI 2.4 (the most widely deployed at the moment) has no native DNS resolver. I propose here an implementation more or less inspired by the one found in core/legacynet/dnsresolv.c. Since it's non-trivial, I'd like to ask for a deep review of this code. I tried to make it as strong as

Hi Alexander Wuerstlein Thank for the information. Now I agree that it's better to save the socket in /tmp/ I checked the source code and found that it is hard-coded. /* Allocate a buffer for the socket name, and format the name. */ auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); It would be nice if openssh provides an option to overwrite this default. Regards Tran

The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a

Would someone please be so kind to explain / describe the PXERETRY directive? TIA, Ady.

On Wed, Apr 27, 2016 at 06:23:38AM -0400, Gene Cumm via Syslinux wrote: > On Thu, Apr 21, 2016 at 10:30 PM, Ady via Syslinux <syslinux at zytor.com> wrote: > > Would someone please be so kind to explain / describe the PXERETRY > > directive? > > $ git grep -ni pxeretry -i ignore case ("thanks" said the person who exact case matching search ) >

I've tried the pre version, also the today's pre15. Also not working. I've checked it with wireshark, here is the output: No. Time Source Destination Protocol Length Info 1 0.000000 192.168.3.13 192.168.3.1 TFTP 97 Read Request, File: rescue/dev-64/vmlinuz, Transfer type: octet, tsize\000=0\000,

Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : > On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >> I'm using 7.2p2-4ubuntu2.1 >> >> I have the same exact problem as described in the first comment in >> https://bugzilla.mindrot.org/show_bug.cgi?id=1573 >> >> Initially, my ldap server hostname and IP is only in /etc/hosts, not in

On Dec 6, 2013, at 8:21 AM, Alexander Wuerstlein wrote: > I'd like to announce "nutdown", a nut client written using perl > UPS::Nut. Thanks for posting this. One thing that I would consider changing is to treat "ups.status" as a set (splitting on whitespace, if any), and to not rely on the order of the status flags. Actually, splitting ups.status into an array

The current code only works iff the tsize option is set. This patch fixes the handling of the OACK packet and makes the code work with all combinations of the tsize and blksize options. Signed-off-by: Sebastian Herbszt <herbszt at gmx.de> diff --git a/core/pxe.c b/core/pxe.c index 81d3e23..a4b8a14 100644 --- a/core/pxe.c +++ b/core/pxe.c @@ -913,8 +913,10 @@ static void pxe_searchdir(char

On 2017-05-18T13:13, mh at ow2.org <mh at ow2.org> wrote: > Le 18/05/2017 ? 12:17, mh at ow2.org a ?crit : > > However, I get uid/gid numbers instead of names within sftp session (ls > > -l) ? I don't know if it's new but I would definitively prefer names... > > It seems the reason is : > > open("/etc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES

> On Thu, Apr 21, 2016 at 10:30 PM, Ady via Syslinux <syslinux at zytor.com> wrote: > > Would someone please be so kind to explain / describe the PXERETRY > > directive? > > $ git grep -ni pxeretry > com32/elflink/ldlinux/readconfig.c:1305: else if (looking_at(p, "pxeretry")) > com32/elflink/ldlinux/readconfig.c:1306: PXERetry = >

On Thu, Apr 5, 2018 at 7:13 AM, Jan Bergner <jan.bergner at indurad.com> wrote: > Hello all. > > First of all, I want to extend my sincere thanks to all the people who > came to the rescue so quickly. > > In any case, there is obviously room for clarification on my part, so I > will try to describe the situation we had in more detail. > > In short: > Employees

I'm using 7.2p2-4ubuntu2.1 I have the same exact problem as described in the first comment in https://bugzilla.mindrot.org/show_bug.cgi?id=1573 Initially, my ldap server hostname and IP is only in /etc/hosts, not in the configured resolver. I can't use the real IP as a workaround in ldap.conf because of the TLS configuration which cares about the hostname. At the time I add the host