Displaying 20 results from an estimated 700 matches similar to: "Getting the authctxt"
2019 Mar 01
2
Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients
Hi Jeremy, Hi Steve, Hi Ronnie,
thanks for your replies and the profound discussion.
I think, it's best to demonstrate my problem case along an real world example:
The following log of a console sesssion shows how I am doing the mounts on behalf Linux Kernel CIFS-FS Module on the
client side against a Samba 4.5 file server (both running on Debian Stretch 9.8) via SMB/CIFS resp. SMB2 protocol:
2008 Jul 09
2
Changes in channel_connect_to
I just want to make sure I'm interpreting this correctly.
In 5.0 channel_connect_to would only return the requested socket. You'd
then need to use this socket to create the channel with with channel_new.
In 5.1 channel_connect_to doesn't return the socket but rolls in
channel_new and now returns the channel directly. The usage of
channel_new hasn't changed though, only
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2005 Apr 13
3
Authctxt
Hello!
I have been reading through the OpenSSH 4.0p code. There exist two globals
called "Authctxt". One is defined in sshconnect2.c (type 1) and the other in
auth.h (type 2). Both are structs with different members. Nevertheless, they
are used seemingly interchangeably, e.g.:
In line 302 of sshconnect2.c the function "userauth_none" is called:
userauth_none(&authctxt);
2009 Feb 17
2
Idea: reverse socks proxy
Hi,
Just a usecase that I'm sure has been covered before but just in case
its not an openssh solution would be very helpful.
I was trying to install software on a server that was firewalled so no
outbound http connections would work. I was also tunnelling via
another server. Outbound ssh connections also were a convenient option.
What would have been nice would be a remote version of
2010 Mar 23
2
Connect to MySQL monitor on another host in the LAN ?
Hi,
I'm running a medical application on a local network, using MySQL as a
database. The application can also connect to remote hosts, so the idea
is to install it on one machine acting as a "server", and then install
it on the other machines on the LAN, but configure these to use the
database on the "server". I guess before doing that, I'll better try and
get
2001 Oct 26
1
MAXHOSTNAMELEN and Solaris 2.5
Solaris 2.5 does not seem to define MAXHOSTNAMELEN, and a compilation
of vanilla OpenSSH 2.9.9p2 fails:
> gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.
> -I/usr/local/ssl/include -I/usr/local/include
> -DETCDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
> -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
>
2004 Nov 10
2
Problem with lowercase Computernames in winbind samba 3.0.8
Hi,
we have several samba servers running as AD members (w2003 domain).
Since the Upgrade to samba 3.0.8 the following message appears,
when accessing a share on the memberserver from clienthost rmts2.
[2004/11/10 12:09:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username NTROBOTIC\rmts2$ is invalid on this system
[2004/11/10 12:09:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
2001 Aug 28
1
Compile-time warning in readpass.c
The patch below fixes a compile-time warning in readpass.c.
MIME-Version: 1.0
Content-Type: application/aegis-patch
Subject: openssh.2 - Fix warning in readpass.c
Content-Name: openssh.2.C010.patch
Content-Disposition: attachment; filename=openssh.2.C010.patch
X-Aegis-Project-Name: openssh.2
X-Aegis-Change-Number: 10
#
# Fix the following warning in readpass.c:
#
# readpass.c: In function
2001 Oct 26
1
README and zlib
The README file seems to refer to an old location of zlib. The
current one seems to be:
http://www.gzip.org/zlib/
--
Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
2020 Feb 21
2
Re: alternatives for hooking dlopen() without LD_LIBRARY_PATH or LD_AUDIT?
On Fri, Feb 21, 2020 at 04:00:30PM +0100, Florian Weimer wrote:
> * Richard W. M. Jones:
>
> > On Fri, Feb 21, 2020 at 01:19:34PM +0100, Florian Weimer wrote:
> >> I think what confuses me is that keep talking about a single binary, but
> >> clearly there is this separate vddk DSO, and there is talk of plugins.
> >> So it seems to me that multiple files are
2001 May 17
6
scp: Problem when source and destination are identical
If the source and destination file are identical, the receiving scp
truncates the file. On the sending end, read() returns 0, and garbage
is sent instead of actual data, and the receiving end puts it into the
file, which at least confuses the users.
--
Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
2009 Jun 14
3
[LLVMdev] ML types in LLVM
On Sun, Jun 14, 2009 at 10:50 AM, Florian Weimer<fw at deneb.enyo.de> wrote:
> Is this really a problem for MLton? I think you only get less precise
> alias analysis, and that's it.
Correct. However, I want a fair comparison between LLVM performance
and the native x86 codegen. If I don't give LLVM the same information
the x86 codegen has, it's an unfair comparison.
2018 Sep 26
4
Concerns about enabling retpolines by default
We recently discovered that our OpenSSH distribution binaries contain
retpoline thunks. It's due to this
OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
This was quite surprising because at least the GNU/Linux userspace has
no provisions for retpolines. You also fail to enable -fno-plt, so you
need
2020 Feb 21
3
Re: alternatives for hooking dlopen() without LD_LIBRARY_PATH or LD_AUDIT?
On Fri, Feb 21, 2020 at 01:19:34PM +0100, Florian Weimer wrote:
> I think what confuses me is that keep talking about a single binary, but
> clearly there is this separate vddk DSO, and there is talk of plugins.
> So it seems to me that multiple files are involved already?
nbdkit is a standalone binary that happens to be able to load plugins
from a well-known path, eg
2018 Feb 05
2
geo-replication command rsync returned with 3
On 02/05/2018 01:33 PM, Florian Weimer wrote:
> Do you have strace output going further back, at least to the proceeding
> getcwd call?? It would be interesting to see which path the kernel
> reports, and if it starts with "(unreachable)".
I got the strace output now, but it very difficult to read (chdir in a
multi-threaded process ?).
My current inclination is to blame
2003 Mar 14
2
Enable RSA blinding
After browsing "Remote timing attacks are practical" (Boneh & Brumley,
<http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I
wonder if it might be a good idea to add calls to RSA_blinding_on()
before the OpenSSL RSA decryption routines are invoked.
The issue is not a LAN-only issue, BTW. Packet delay variation is
usually higher in LANs than in WANs.
--
Florian
2012 Sep 27
0
[LLVMdev] Handling of unsafe functions
On 09/21/2012 05:52 AM, Martinez, Javier E wrote:
> The proposal comments have largely centered on the string functions. Do
> people feel the same way about memcpy_s? What about those of you
> building LLVM on Windows with Visual Studio?
Is memcmp_s (or a variant thereof) a win in practice? It covers the
case pretty well where you try to copy a dynamically sized buffer to the
start
2018 Feb 06
0
geo-replication command rsync returned with 3
Hi,
As a quick workaround for geo-replication to work. Please configure the
following option.
gluster vol geo-replication <mastervol> <slavehost>::<slavevol> config
access_mount true
The above option will not do the lazy umount and as a result, all the
master and slave volume mounts
maintained by geo-replication can be accessed by others. It's also visible
in df output.
2008 May 15
2
openssh vulnerability
Hello Rene,
Maybe have you already upgrade you openssl/openssh packages if you using debian (or *buntu).
http://article.gmane.org/gmane.linux.debian.security.announce/1614
We have found some weak keys :
- nightlycomp@rio (sure)
- comp@rio (maybe)
Are you up to date ?
Can Fabrice sent you new ssh public ?
Tahnks
Best Regards
--
Gabriel CORRE
gac@4js.com - Four J's Development Tools -