similar to: Kerberos in the handbook

Is anyone successfully using some sort of hardware crypto solution to combat the overhead of SSL in http transactions? I'd love to hear anything good or bad about this. -Bill -- -=| Bill Swingle - <unfurl@(dub.net|freebsd.org)> -=| Every message PGP signed -=| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=| "Computers are useless. They can only give you

I will shortly be replacing a couple of proprietary VPN boxes with a FreeBSD solution. Section 10.10 of the Handbook has a detailed description of how to do this. However I remember a lot of discussion about a year ago about whether the gif interface was necessary to set up VPNs like this or whether it was just a convenience, for "getting the routing right". A number of people said

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

-----BEGIN PGP SIGNED MESSAGE----- Just wondered if anyone had any suggestions about syncing up master.passwd files between multiple machines that didn't involve allowing root login remotely? The users need to be able to log in remotely and own files on the different machines. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP

Hi, I'm pondering building my own SSL accelerator out of a multi-CPU FreeBSD system and a crypto accelerator. What's the recommended hardware crypto accelerator card these days? Thanks, ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org Today's chance of throwing it all away to start a goat farm: 49.1% http://www.BlackHelicopters.org/~mwlucas/

Hello security folks I (not so) recently asked for volunteers to the security documentation project. I got delightfully large number of volunteers! Thank you! Right now I have some personal (medical) issues to deal with, and I'll be out of town for the next 2 weeks. When I get back, we can move ahead at top speed. The project will have 3 parts. FAQ: This will cover any kind of basic

Hi, Thought there would be some interest here. I'm writing a small book on OpenSSH. Am now looking for tech reviewers. http://blather.michaelwlucas.com/archives/902 ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlucas at BlackHelicopters.org, Twitter @mwlauthor

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos. Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ? Thanks!

Howdy, I may be approaching this problem entirely wrong, or not. Was hoping for a little guidance one way or the other. I've got this AS/400 with gobs of unused file storage on it that I want to share across as a file server to a FreeBSD box. The AS/400 side of things supports NFS and kinda pretends to be a Unix like machine in this role. Users will be booting from diskless clients

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red

Hi, I'm attempting to test the AuthorizedKeysCommand feature with the new port of ssh-ldap-wrapper to OpenBSD. I'm running yesterday's OpenBSD-current i386 snapshot, which includes AuthorizedKeysCommand. The port of ssh-ldap-helper (at http://old.nabble.com/-new--ssh-ldap-helper-td34667413.html) contains all the bits I need, and the individual pieces appear to work once configured:

When using Cygwin Rsync 2.5.6/OpenSSH 3.6.1 for copying files from Win2k->Win2k, I get 2 or 3 hung processes on the receiving-side out of about every 50 runs. These hung processes cause the system to be unable to reboot(?!), requiring a hard reset. Killing the processes allows a graceful reboot every time. I'm currently running both ssh and rsync as services on the recieving side.

Hi, I'm running Samba 4.0.8, on FreeBSD 9.2, from operating system packages, as a DC. I have a BDC, running the same. I'm using a Windows 7 workstation with "Active Directory Users and Computers" snap-in to manage usernames, passwords, etc. The workstation is part of the domain, and I'm logged on as Administrator in the domain. I can create groups and add members to them

running ubuntu 10.04 LTS with wine 1.1.44 > fixme:msi:MsiGetMode unimplemented run mode: 0 > fixme:msi:ACTION_ValidateProductID partial stub: template L"77718<````=````=````=````=`````>@@@@@" key L"JWFMGDGVMWKPVD39RX6PW2GQY" > err:module:import_dll Library sqdedev.DLL (which is needed by L"C:\\users\\leecarey\\Temp\\msi8258.tmp") not found >

Hi, In http://sources.redhat.com/ml/cygwin/2002-09/msg01155.html, I noted that the often-observed hangs of rsync under Cygwin were assuaged by a call to msleep(). After upgrading my Cygwin environment to rsync 2.5.6, I'm seeing these hangs again, not surprisingly given a CVS entry for main.c notes that this kludge was not harmless: Revision 1.162 / (download) - annotate - [select for

Hi, I've been kicking this idea around, and the problem with it escapes me. I'm looking for someone to tell me why this is a bad idea. The new OpenSSH includes the AuthorizedKeysCommand, which was mostly added to let people use a command to look up user keys in LDAP. LDAP key lookup have some limitations -- specifically, the common openssh-lpk_openldap schema won't let you add

Fresh install of 10.0 BETA3 #0 r257580 on amd64 using ZFS on root option, After install is complete Handbook install option launched from Final Configuration dialog fails with: Could not install package en-freebsd-doc (/usr/libexec/bsdinstall/docsinstall: pkg_add: not found) Network is available. /j

Hi! I'm quite new to the list, but searching the archive and PRs didn't show me anything on the matter. According to FreeBSD Handbook (14.8.2 Setting up a Heimdal KDC) one should config DNS server by adding: ----- _kerberos IN TXT EXAMPLE.ORG. ----- This doesn't work. DNS servers returns: text = "EXAMPLE.ORG.". This is right, because RFC 1035 allows up to

SBC has an outage that is expected to last until tomorrow in our area. This has taken out our 5 POTS lines and our T1. I have signed up with EXGN for outbound calls and am using IAX. Calls ring through to the other party (my cell phone in this case) but Asterisk doesn't seem to think the call was answered. Ideas? -dave