similar to: Stronger security with BSD Firewall and Freeradius

Hi everyone, Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : " MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on MD5 are in the

On 2015-11-26 13:33, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 4:11 PM, Tinker <tinkr at openmailbox.org> wrote: >> The goal is to get a script invoked *at login time*, > > This part I follow, but having a script run is just a means to an end > not the end itself. What is the script going to do? > >> so that the authentication only is known to the client

On 2015-11-26 14:16, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 4:49 PM, Tinker <tinkr at openmailbox.org> wrote: >> On 2015-11-26 13:33, Darren Tucker wrote: > [...] >>> What is the script going to do? > > You didn't answer this. Register the login to the group's login database. >> How would you do it using bsdauth? >> >> (PAM

Hi, We are using freeRADIUS 1.1.6. + samba 3.0.1 + krb5-1.3.2 talk to active-directory(win2k3). Followed by: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO Now it can work. But there are multiple domains in active-directory. Can samba or krb5 support mutiple domains? How to configure krb5.conf and smb.conf can let it support multiple domains?

On 2015-11-26 13:03, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 3:41 PM, Tinker <tinkr at openmailbox.org> wrote: >> What I am looking for is an SSHD configuration where every >> successfully >> authenticated connection also guaranteedly will lead to a >> ForcedCommand >> invocation. > [...] >> Is this possible? > > I don't think

Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero

Updated from ports collection from ver. dovecot-1.0.a3 to 1.0.a4_1. And it wan't work. Here's the log Nov 8 10:51:07 ot-group dovecot: Dovecot v1.0.alpha4 starting up Nov 8 10:51:08 ot-group dovecot: Auth process died too early - shutting down Nov 8 10:51:08 ot-group dovecot: auth(default): Unknown userdb driver 'passdb' Nov 8 10:51:08 ot-group dovecot: child 17872 (auth)

None of my systems can use lld2d to map the network when connected via wireless, but it works fine over the wireful network. the wireless is client -> hostapd -> ath5k -> bridge -> kernel with shorewall handling the bridge and kernel, as best I can explain it. on the bridge is also a wired device and a bunch of other PCs. the wired PCs can all map using lld2d just fine. lld2d

Hello Walter, On Mon, 15 May 2017 09:22:54 +0200 "Walter H." <walter.h at mathemainzel.info> wrote: > On Sun, May 14, 2017 11:00, wwp wrote: > > On Sat, 13 May 2017 13:08:17 +0200 "Walter H." > > <Walter.H at mathemainzel.info> wrote: > > > >> On 13.05.2017 00:29, Robert Moskowitz wrote: > >> > I have been working,

I want to ssh from a client to a machine on a closed network via a jumphost; let's call them {client,internal,jumphost}.example.com. I have authpf set up on the jumphost so that when logged in, I am allowed to open TCP connections from the jumphost to port 22 on internal nodes. This works well with port forwarding: des at client ~% ssh -L2222:internal.example.com:22 jumphost.example.com

hello i thought i recently saw a thread here re: turning an older computer into a wireless access point and/or bridge etc using CentOS and some certain wireless cards?? does anyone recall or can you help me find that thread or URL please? ive found a coupla howto's yet just wanted to hit the list first before i wanted off into WAP land again... anyone here used any of the WAP howto's

Dear FreeBSD users, Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon

I have built my own wireless AP with Ubuntu 7.10 and an Atheros-based wireless card. My problem is that I can't access any of the Samba shares with my wireless clients...they can all search for the server, get prompted for a login then it just hangs and eventually times out. The same clients, when using their LAN ports to connect to the same server, are able to do everything--browse and

Hi, I've searched high and low and cannot come up with the answer to my question. Basically - I run Samba 3.5 as a PDC with openLDAP as my backend. I would love to try Samba 4.0 but I absolutely require the ability for freeRADIUS, my linux server and Cacti to authenticate against LDAP, of course this means I need to be able to add SHA512-Crypt and SSHA passwords into my LDAP db. Is this

I have a atheros wiifi card on my Centos 5 that I use as a access point using hostapd. I noticed that after the upgrade to kernel 2.6.18-128 or above, the atheros driver comes with the kernel, ath5k, and it does?t let hostpad ou iwconfig set master mode on the card. Up to kernel 2.6.18-92 is workedd just fine using madwifi from rpmforge. Any ideas on that? Tks.

Bug or something, look at this <mother-mail>[~]# cat /etc/sysctl.conf security.jail.allow_raw_sockets=1 security.jail.set_hostname_allowed=0 <mother-mail>[~]# sysctl -a | grep jail security.jail.set_hostname_allowed: 1 <<<<< here security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2

Hello. My server was hacked. The CPU has been loaded on 99 % by "sh -i" process. I found out that someone has started phpshell through a hole in one of phpbb forums. Also has filled in scripts for flud and spam and "vadim script" in "/tmp". I has made it noexec. Recently has found out the same process. May be i have left again /tmp opened, or other hole may

I have been playing around with 3 ath based FreeBSD boxes and seem to have got everything going via WPA and a common PSK for 802.11x auth. However, I want to have a bit more certainty about things working properly. What tools do people recommend for sniffing and checking a wireless network ? In terms of IDS, is there any way to see if people are trying to bruteforce the network ? I see

Reindl Harald <h.reindl <at> thelounge.net> writes: >bloatware means unsecure, uncomfortable webinterfaces with limited >functionality compared what iptables alone offers you with some knowledge > all that embedded crap is for people which needs handholding and have > fun to own a dozen of halfbaken devices instead just one real box It seems you still have some

Hi List, I am looking for an option for sshd to start user's shell (when logging in interactively to a remote host) in a control group via cgexec - so for example: /bin/cgexec -g <username> /bin/bash This would be extremely handy on linux Terminal servers to control users access to the system resources (protect system from a malicious user hogging the machine by running cpu/memory