similar to: [Fwd: Re: https and self signed]

On Fri, June 17, 2016 13:08, Valeri Galtsev wrote: > > We do not expire accounts until the person leaves the Department > and grace period passes. Then we do lock account and after some > time person's files are being deleted. This is the policy, and > this is what we do. The only time when account expiration is being > set is for undergraduate students who temporarily work

On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > On 17/06/16 15:46, James B. Byrne wrote: > > > > We operate a private CA for our domain and have since 2005. We > > maintain a public CRL strictly in accordance with our CPS and have our > > own OID assigned. Our CPS and CRL together with our active, expired > > and revoked certificate inventory is

On Thu, June 16, 2016 13:53, Walter H. wrote: > On 15.06.2016 16:17, Warren Young wrote: >> but it also affects the other public CAs: you can???t get a >> publicly-trusted cert for a machine without a publicly-recognized >> and -visible domain name. For that, you still need to use >> self-signed certs or certs signed by a private CA. >> > A private CA is the

On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > > On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: >> >> On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >>> >>> I doubt that most users check the dates on SSL certificates, >>> unless they are familiar enough with TLS to understand that >>> a shorter validity period is better for

On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: > > On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >> >> I doubt that most users check the dates on SSL certificates, >> unless they are familiar enough with TLS to understand that >> a shorter validity period is better for security. > > Oh, this is what he meant: Cert validity period. Though I agree >

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

CentOS-6.2 What is the maximum number of cpus can I configure for a single vm guest running on a host with this hardware? # lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 CPU socket(s): 1 NUMA node(s): 1 Vendor ID:

On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > On 06/18/2016 02:49 PM, James B. Byrne wrote: >> On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >>> https://letsencrypt.org/2015/11/09/why-90-days.html >> With respect citing another person's or people's opinion in support >> of >> your own is not evidence in the sense I understand the word to

On Mon, June 20, 2016 13:16, Gordon Messmer wrote: > On 06/20/2016 07:47 AM, James B. Byrne wrote: >> On Sat, June 18, 2016 18:39, Gordon Messmer wrote: >> >>> I'm not interested in turning this in to a discussion on >>> epistemology. >>> This is based on the experience (the evidence) of some of the >>> world's foremost experts in the

On Fri, June 17, 2016 11:06, Walter H. wrote: > On 17.06.2016 16:46, James B. Byrne wrote: >> On Thu, June 16, 2016 13:53, Walter H. wrote: >>> On 15.06.2016 16:17, Warren Young wrote: >>>> but it also affects the other public CAs: you can???t get a >>>> publicly-trusted cert for a machine without a publicly-recognized >>>> and -visible

I encountered a couple of strange events with respect to password authentication this morning. Two of our staff were unable to login onto several systems using their usual passwords. Both users had last logged in on these hosts using their accounts and passwords on Friday past. The two accounts could not log on to any of the servers for which they had access and the message log on each showed

On Sat, June 18, 2016 7:52 am, Always Learning wrote: > > On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > >> On 17/06/16 15:46, James B. Byrne wrote: > >> > >> > We operate a private CA for our domain and have since 2005. We >> > maintain a public CRL strictly in accordance with our CPS and have our >> > own OID assigned. Our CPS and

On 17/06/16 15:46, James B. Byrne wrote: > > On Thu, June 16, 2016 13:53, Walter H. wrote: >> On 15.06.2016 16:17, Warren Young wrote: >>> but it also affects the other public CAs: you can???t get a >>> publicly-trusted cert for a machine without a publicly-recognized >>> and -visible domain name. For that, you still need to use >>> self-signed

[root at smb4-1 ~ (master)]# samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=4, Children=0 SOA: serial=3, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=hostmaster.brockley.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600) NS:

Where can I find a list of the options and their usage and meanings for the contents of this file? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since this is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten

Wed Jul 8 16:09:19 UTC 2020, Rowland penny wrote: > No, it is '@' for the name, not 'brockley.harte-lyne.ca' Previously I had tried that as well with similar results as shown below: [root at smb4-1 ~ (master)]# samba-tool dns help delete Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> [root at smb4-1

I have a dc configured to use the samba internal dns service. The version of samba I am using is 4.10.15 packaged for FreeBSD. Its build options state this: BIND911 : off BIND916 : off , , , GSSAPI_BUILTIN : on GSSAPI_MIT : off LDAP : on . . . NSUPDATE : off My smb4.conf file contains this: [global] bind interfaces only = Yes dns forwarder =

I am obviously missing something basic here but can someone explain to me what is wrong with the first statement, which returns nothing? $ history | grep ^su $ history | grep su 2997 su -l 3024 su -l 3050 su -l 3054 su -l Thanks, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

I am also seeing this in smbd.log: [2020/07/03 09:20:18.211558, 1] ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) GSS VerifyMic failed: A token had an invalid MIC: unknown mech-code 2529638943 for mech 1 2 840 113554 1 2 2 [2020/07/03 09:20:18.211625, 0] ../../source4/auth/gensec/gensec_gssapi.c:1347(gensec_gssapi_check_packet)