similar to: Extracting client certificate information

Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have > > X11Forwarding enabled by default. > I'm not sure I see your point. With X11Forwarding off by default, one would assume that it is only enabled on a case-by-case basis for users or groups who

Hello: I am working to implement certificate-based authentication for some internal applications. It would be very helpful to be able to pass information server-side by specifying some custom options via the Extensions of the signed certificate, allowing the authenticity of the options to be verified readily. However, I have not been able to find too much for specifying behaviors, etc.

Hi everyone. I'm looking for a way to identify my SSH's users according to their public key; I mean I would like to have their name logged in my bash session (in a shared unix account). I put this in my .profile: export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S - $SSH_USER] " So now I'm trying to make OpenSSH fill the "SSH_USER" variable. First I have to exclude the

https://bugzilla.mindrot.org/show_bug.cgi?id=2358 Bug ID: 2358 Summary: allow sshd to "redirect" to another local user Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

Hi Guys, I am using the SSL Client Certificate authentication method for my Dovecot instance, however rather then just requiring the client certificate it also prompts me for my user password. My certificate was securely generated on a smart card and is passphrase protected so I would like to stop having to enter my certificate passphrase and my user password to collect my mail. Where abouts in

Hi list, In our platform we have a lot of machines in which the system is a single disk image loaded on RAM from PXE. The problem is quite simple : if I install puppetd on the image, I will end up using the same certificate for 100 different servers with different names (the hostname is setup at boot time from dhcp) and I guess the puppetmaster won''t allow that. In other words : what

Hi all, Apologies if this has been dealt with before, but I haven''t managed to find an answer yet. I have a working "dynamic environments" setup: * A gitolite repository (on a dedicated host) with multiple branches - one for each environment. * I use r10k ro deploy the environments on the master to $confdir/environments/$::environment. This all works *really* well, but I

I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or

Hi guys, It might be nice if AuthorizedKeysCommand would receive the fingerprint of the offered key as an argument, so that programs like gitolite could implement more refined key-based identity lookup that offers better performance than AuthorizedKeysFile's linear scan. The following patch is untested but is the basic idea: diff -ru openssh-6.2p1/auth2-pubkey.c

Hi Stefan, We had a long weekend in New Zealand, I'm catching up now to your emails. Some of the slight differences between Windows tools I've already picked up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm always open to learning what things are missing or different etc. On 23/10/23 02:58, Stefan Kania via samba wrote: > Talking to myself again ;-) > >

Thanks Rob for chiming in. Stefan, I do want to be very clear, one of the big challanges that we as developers face building these kind of tools is that we don't run AD domains day-to-day. So we really value good feedback on the ergonomics. If you can test with our work in progress, we are keen to adapt the tooling where possible to be more in line with what is 'naturally expected, so

Talking to myself again ;-) Samba-tool is working a little bit different then the silo/policy management on a Windows-DC. On a Windows-DC after assigning the user and host to the silo you have to assign the silo to the user and the host. When assigning the user and host to the silo with samba-tool, the assignment to the user and the host will be done at the same time. So now my policy looks

Hi everyone, we are suddenly having a problem with executing our backup jobs. For a long time, we have used a shell script which contains the following code to backup all our virtual machines: for domain in Testserver Faktura Fileserver Gitolite Jenkins Nexus SimpleHelp VpnGateway Wiki; do echo -n "$(date +"%Y-%m-%d %H:%M:%S") starting backup for vm

I was playing around again with Windows and when you add members to silos, or remove them, it should not set/unset assigned silo on the user. So I've got a new pull request in Draft state still where I remove that functionality, as well as add some new commands to samba-tool user command. It turned out to be easier to add sub commands to user, as edit user wasn't quite what I thought

Hey, I use gitolite for git hosting on my server, and because I want to use kerberos authentication I patched OpenSSH to put the name of the kerberos principal name or the ssh fingerprint as environment variables so my ForceCommand script can use them to actually authorize the user by the principal/fingerprint. It?s a bit annoying to keep my own patch and I thought it might be something

On 17/06/20, Damien Miller (djm at mindrot.org) wrote: > > Firstly, given a host CA signing key on the sshagentca server, would an > > appropriately constructed host certificate added to a forwarded agent > > replace the necessity for a '@cert-authority' line in a user's known_hosts > > file? > > I'm not sure I want to add yet another path (the agent)

I'm trying to get an Archlinux guest running on a Archlinux host. Everything works except ethernet. When I boot the host, --- # dmesg |tail [ 8.265493] Bridge firewalling registered [ 8.514547] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready [ 8.645303] ip6_tables: (C) 2000-2006 Netfilter Core Team --- Then I do --- # virsh -c lxc:/// start gitolite Domain gitolite started #

On 25 February 2016 at 15:01, Joachim Durchholz via llvm-dev <llvm-dev at lists.llvm.org> wrote: > Well, PRs are a good way to discuss proposed patches, so you can take the > discussion there. Particularly if the git hoster gives you all the web forum > thingies you want, including the ability to be helpful with Markdown. > Also, a PR is easy to integrate once it's done.

Am 25.02.2016 um 14:41 schrieb Renato Golin: > On 25 February 2016 at 12:46, Joachim Durchholz via llvm-dev >> What workflow are you comparing this to, if a pull request is a penalty? > > Today, 100s of people commit directly. Ah. I wasn't aware of that, I thought LLVM had a gatekeeper model. > In a GitHub style, 100s of > people will have to wait for a merge from a few

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All