similar to: Timing bug patch and x509 question.

FYI in order to get 2.1.1p2 to work on my HP-UX 11.0 systems I had to patch atomicio.c for EWOULDBLOCK (HP read() does not give the POSIX return code). The new atomicio() is a clean fix for this timing problem; all it needs now is this one little tweak. Also had the "General Commercial Security" error (PAM_TERM_ERROR from pam_acct_mgmt()) which I have very crudely addressed for now by

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

Can interested users please test the latest snapshot at http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz It contains quite a few fixes for small problems that have been reported in the last few weeks. Pending feedback it is going to become 2.1.1p3 Regards, Damien Miller --------------- Changelog: 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson

Michael Selvesteen wrote: >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling >FIPS. I found in the FIPS document that OpenSSL now contains the >FIPS 140 specific cryptographic API and algorithm implementations >only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA, >SHA-1). Does it have any functional impacts on SSH. > >Will all the

Excerpt: The OpenSSL project said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as ?high? severity. <...> The patch is likely to set off a mad scramble by security teams at organizations that rely on OpenSSL. That?s because security updates ? particularly those added to open-source software like OpenSSL that anyone can view ?

>jw schultz [mailto:jw@pegasys.ws] wrote: >On Fri, Feb 07, 2003 at 11:15:57AM -0500, Roderick Schertler wrote: >> Under Aix directories have the mode 024xxxx instead of the customary >> 04xxxx. Because of this when you sync a directory to or from an Aix >> system it's never up to date. >> >> Here is a patch which fixes this. It causes rsync to look at

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

hi I''m trying to get ipsec working with x509 certificates however I just can''t seem to. I''ve hit a road block and was wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode

I am just finished support for x509 certificate. More information on this page: http://satva.skalasoft.com/~rumen/openssh/

Hi, I have made new small patch. He use X509 certificate to authenticate users. This patch use some features which are coded by Eric Auge (see ldap patch http://ldappubkey.gcu-squad.org/). You could find the patch on http://traceroute.free.fr/articles.php?id=24 regards, Fred.

Hi All, Please visit http://satva.skalasoft.com/~rumen/openssh/ to get new version with support for x509 certificate. - added authorization by 'Distinguished Name'; - added x509 CA store (new options in sshd_config); - client certificate is verified against CA certificates in x509 store; - added shell scripts to create 'Test CA' and test client certificates. Diffs aviable for

Hello, I have the following problem: I want to use publickey authentication by using the publickey of a x509 certificate stored on a java card. I can already extract the publickey of the certificate and write it into a file. The problem i have is that i don't know how to convert the certificate's publickey into an rsa publickey format that openssh will accept. Does anybody have a

Hello, I have paid attention to the issue about the X509-based certificate support in standard openssh. Because I also need the support of X509-based certificates in my project, and also I have developed specific version of openssh to pass the proxy certificate from client to server. But I used the PAM module to verify the proxy and authorize the accessors. I wonder whether current support in

Hello all, About PKCS11, some provider allows only the use of X509 certificate. Are there plans to add the ability to extract the public key from certificates when there is no public key? Thank you Sincerely, Laurent

Hi Everyone, I'd like to ask a question about libvirt xml config. I am using kvm with tls certification. For some reason I need to specify a unique certificate file for every instance, so my kvm command would be like: /usr/libexec/qemu-kvm -spice port=5900,tls-port=5901,addr=0.0.0.0,disable-ticketing,x509-dir=/openstack/etc/pki/libvirt-spice the argument

Hi there, As of Dovecot 2.2.9, it's possible to enable passwordless authentication using client certificates [1]: ssl_ca = </etc/ssl/ca.pem ssl_verify_client_cert = yes auth_ssl_username_from_cert = yes (Password checking can be bypassed by returning the extra fields ?password= nopassword? in the passdb when the variable ?%k? expands to "valid".) However this

Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. I found in the how-to v3 some stuff about authenticate PAM module to use with samba but I don't know if I look in the right direction. I have a samba server running for a lots of time based on smbpass DB. We plan to use our PKI certs to

cc -g -I. -I. -I/opt/openssl-0.9.6c/include -I. -I/usr/local/include -DETCDIR=\"/opt/openssh-3.0.2p1-x509/etc\" -D_PATH_SSH_PROGRAM=\"/opt/openssh-3.0.2p1-x509/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/openssh-3.0.2p1-x509/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/opt/openssh-3.0.2p1-x509/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/var/run\"