similar to: Proxying of non "plain" SASL mechnisms.

On 25 Feb 2015, at 20:59, Peter Mogensen <apm at one.com> wrote: > So, why not just extend the support for proxy authentication forwarding > to any single-handskake SASL-IR mechanism, which doesn't use > channel-binding? (which includes PLAIN, but also GS2-KRB5, and possibly > others). Yeah, I guess it would work for several of the auth mechanisms. It's a lot of work

http://bugzilla.mindrot.org/show_bug.cgi?id=1041 Summary: Allow the admin to specify PAM service name Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org

For whom asked me support for capi devices, that's here: http://www.junghanns.net/asterisk/ I'm using a AVM B1 card. also AVM passive card (FRITZ!PCI) works.... Then is you use SuSe all is configured by yast... Hello, probably is a feature what I'm asking for but because of my inexperience to asterisk this is my question: I've configured CAPI ISDN to receive calls. When I

Hello, I've found GlusterFS to be an interesting project. Not so much experience of it (although from similar usecases with DRBD+NFS setups) so I setup some testcase to try out failover and recovery. For this I have a setup with two glusterfs servers (each is a VM) and one client (also a VM). I'm using GlusterFS 3.4 btw. The servers manages a gluster volume created as: gluster volume

CentOS Errata and Bugfix Advisory 2016:0178 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0178.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 41bcfe83e915dfe6408766d8c5d7d172fffab42e55c39f44ee7ded90ef9bbdfd cyrus-sasl-2.1.26-20.el7_2.i686.rpm

Hi, Quick question...I read in the docs that: "Master user is still subject to ACLs just like any other user, which means that by default the master user has no access to any mailboxes of the user." ... and that the standard workaround is to return master_user=%u from the userdb. But why is the master_user authn-id used in the ACLs and not the authz-id (requested-login-user) ?

Hi. I''m using Apache2.2 built from source + mod-proxy + ssl + svn. Everything works fine but I''m sure you I could disable a ton of modules during the build process and in httpd.conf to speed things up and run a tighter memory footprint. Has anyone bothered building Apache2.2 from source disabling all the unneeded modules. I am planning on going through the Apache docs but I

I''ve seen a lot of issue regarding the stability of Rails apps. I''m charged with investigation of Rails for my company and I''ve looked at numerous fourms, groups, etc. (Textdrive, here, etc.) and it *seems* like there is a stability problem with Rails (ie: crashes, etc.) Is this as common as it looks, or is this tied to things like Lighttpd (web server) or Typo

I am messing around with gluster management and I've added a couple bricks and did a rebalance, first fix-layout and then migrate data. When I do this I seem to get a lot of failures: gluster> volume rebalance MAIL status Node Rebalanced-files size scanned failures status --------- -----------

[I sent this a while ago, but it seems not to have made it to the list. I'm resending it having subscribed first; I apologise if anyone get it twice.] I have been trying to get a Postfix mail server using Dovecot SASL to accept GSSAPI AUTH from another Postfix server using Cyrus SASL, and I believe I have found a couple of bugs in Dovecot's GSSAPI implementation. The first problem is

Hello: I am working to implement certificate-based authentication for some internal applications. It would be very helpful to be able to pass information server-side by specifying some custom options via the Extensions of the signed certificate, allowing the authenticity of the options to be verified readily. However, I have not been able to find too much for specifying behaviors, etc.

I know that there are some methods to use federated identities (e.g. OAuth2) with SSH authentication but, from what I've seen, they largely seem clunky and require users to interact with web browsers to get one time tokens. Which is sort of acceptable for occasional logins but doesn't work with automated/scripted actions. I'm just wondering if anyone has done any work on this or

First, excuse me because I don't speak english very well (perhaps this is the reason that I mess up something when reading the documentation). I have read the Howto, some Examples and the book and I have some doubts which I like to solve. Excuse me for the big post, too ;) My starting point: - 3 Debian Linux Samba Servers - 1 Windows XP SP3 Professional - 1 OpenLDAP Server (on another Debian

Hi, I would like to setup an IMAP server with SASL and LDAP support. As far as I can see dovecot supports SASL and LDAP, but not the way I need it. If I understand dovecot correctly, it has it's own set of SASL mechnisms and uses the LDAP server just to store the plaintext password. In case of authentication dovecot fetches the plaintext password from LDAP and then performs the SASL

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Attached is a patch against current CVS that adds support for the GSSAPI SASL mechanism. It was written from scratch, after reading the patch from Colin Walters against a much older version of dovecot. Other then support for the 'GSSAPI' mechanism, it contains the following changes: - - Added 'auth_krb5_keytab' option for

Using Samba 3.0.2pre1 under SuSE 8.2. I have seen several references now in this list noting that the browse for machine accounts in Samba 3 is broken, and 'People' should be used instead. I changed smb.conf to 'ldp machine suffix = ou=People' and I changed smbldap_conf.pm to '$computersou=(People). I then cleared ldap, ran smbldap-populate.pl, and changed the uid of

HI! I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and description for CLI arg -O in ssh-keygen(1). It seems to me that there could be a 1:1 mapping between SSH cert extensions and authz key options by just adding prefix "permit-" to the key option. But the man pages differ regarding case of "permit-x11-forwarding" and "X11-forwarding". [1] also

Greetings All. I want to do the following simple thing. I have defined a function med3x3() such that, given vectors X,Y, med3x3(X,Y) returns a 3x3 table where: Row 1: X > median(X) Row 2: X = median(X) Row 3: X < median(X) Col 1: Y < median(Y) Col 2: Y = median(Y) Col 3: Y > median(Y) (with intersections of these conditions for the individual cells). I can easily define fixed

Hello, Normally, in addition to such qdisc scheduler mechanisms as FIFO, PQ, WRR, WFQ, are there any more? Then, there is a confusion on scheduler in Linux enviroment: Assume there is a qdisc, such as RED as a leaf qdisc in a router, we know, if there is packet which want to enqueue the packet, the Function red_enqueue is called, but when the packet leave the queue(when the Function red_dequeue

Hi all, We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries. When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells