similar to: PKI and SSH

Dear List... I have a similar question to the one that is copied below. I am trying to get instructions for configuring OpenSSH to use PKI based authentication. I understand that I can provide the server with the public keys of the client machines to get this working (one way) but the next step is where I would like to go... I want SSHD to authenticate my users based upon the "Root

Hello Samba people, I have been successfully using Samba for several years, across many minor versions of Samba across many minor versions of Linux kernel 2.4.x and 2.6.x, against a Windows 2000 and then in the past couple of years 2003 AD Domain. This morning, something broke... Setting the stage: RedHat Fedora based Linux box, FC8, updated over time using 'yum update'...,

I compiled OpenSSH 3.6.1p1 on NCR MP-RAS v4.3 (or at least "uname -a"'s output of 4.0.3.0 suggests v4.3, I'm not positive). I was able to compile zlib (1.1.4) and openssl (0.9.7a) with little trouble. OpenSSH took hand-hacking the includes.h file as follows: diff -cr openssh-3.6.1p1/includes.h openssh-3.6.1p1-customized/includes.h *** openssh-3.6.1p1/includes.h Sun Oct 20

I got a packet capture of one of the SSH2 sessions trying to log in as a couple of illegal usernames. The contents of one packet suggests an attempt to buffer overflow the SSH server; ethereal's SSH decoding says "overly large value". It didn't seem to work against my system (I see no strange processes running; all files changed in past ten days look normal). I am

http://bugzilla.mindrot.org/show_bug.cgi?id=238 ------- Additional Comments From djm at mindrot.org 2003-01-07 17:59 ------- What if the ephemeral key generation fails (e.g. not enough entropy, etc) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I'm really racking my brain trying to figure this one out here. I am running a pop3 server for remote offices on CentOS 5.2. We purchased a SSL cert from Verisign and installed it on our dovecot server, but I continue to get failure problems with the cert and I don't know where to go from here. here is some info about our config: dovecot version: # dovecot --version 1.0.7 hostname:

Hi All, I am doing some research on how people start with their Rails app. What design decisions are made and how is it build. For example: - do you use scaffolding and go from there? Or do you create everything from scratch? - are you using multiple controllers? Or do you put everything in one? - do you use migrate? - how do you use migrate? Do you call migrate your self or do you use the

Hi, I'm currently using an AD with PKI/certificate authentication ( some of my users are even using smartcards ). Could I replace my Microsoft AD & certificates with a pure Samba solution ? any tricks, non features I should know ? If so , do you know any docker image maybe that I could start with to do my test ? ( or some VM ? ) Thanks _ -- This email has been checked for

Hi, We are running a 3 DC samba AD domain, and use 802.1x authentication for the win10 workstations to access the wired network. We are facing the issue where, following windows updates, our windows clients keep changing back the 802.1x settings to the windows default, namely: to verify the server identity and do computer authentication only. The latter is no problem, but the first one

Hello, this is a little bit off-topic (even if it have to work on CentOS ;-) I'm looking for a tool to manage a small Public Key Infrastructure, with creation/revocation of certificates X.509, export in PKCS#12 format and have the ability to handle CSR (Certificate Signing Request). I've wrote my own script to perform it (openssl command line based): it's a good way to

Hi folks [ Please add me CC. Thanks ] We have here a Jboss app and web server. We signed the SSL-certificate that end-user don't have ugly error messages. I don't understand why we need to import the Root-Cert in PEM format? $ keytool -import -trustcacerts -file rootcert.pem -keystore myserver.keystore -alias root The Root-Cert is in web browser, why there is a must to import in

Is it possible to access the described class in a shared behavior? I''m trying to do something like this: describe "Siberian feline", :shared => true do described_class_instance_as :feline, :name => "fluffy", :breed => "Siberian" # or maybe before(:all) do @feline = described_class.new(:name => "fluffy", :breed =>

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

I'm accustomed to systems where even the first failed login attempt incurs a 5 second delay. I don't think that's too harsh, but everyone has their own needs and considerations. This could be made configurable. -Jay -----Original Message----- From: Rick Jones [mailto:rick.jones2 at hp.com] Sent: Wednesday, December 15, 2004 8:09 PM To: Jay Libove Cc: openssh-unix-dev at

Hello, I work for an organization that uses a Secure Dovecot server for messaging, and recently we've had to undergo some security screenings for PKI compliance (credit card industry standards). However, the screening returned to us a failure due to the following reason (attributed to our Dovecot server, which runs on port 993 and is the only "open" port on our firewall): Synopsis

I have a LOT of questions!!! This may take a while. I know some of this stuff is at the edge of what Samba4 is just becoming able to do, so if anyone who knows feels this is better posted on samba-technical I'd appreciate a cross-post from someone in a position to know for sure - I did consider posting it there straight away but I figured it's a dev list and I could at least get _some_ of

Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using,

Here''s a link to the Verisign scripts we used... We customized ours a bit but this will get you going. Graciously provided by Jon at Slantwise Design and posted with permission (http://www.slantwisedesign.com), these may make it into some other format someday (gem? Plug in?). Anyway, of course, no warranty with this code, use at your own risk and really no support - you''ll have

Hi all. I have never implemented online payment and it''s the only thing that keeps me from accepting a project for a UK based client. (I must reply quickly!) While I can afford spending an extra week - or 2 - to learn/try/tune the payment system, I must be sure to succeed before I accept the contract. If you''ve already been through that path, any hints, links and/or

Are there any articles anywhere that look at how to properly handle credit card information, the things you need to do to properly store CC info, etc? Joe