On Sun, Jun 20, 2004 at 02:52:35PM +0400, Alexey Zagarin wrote:
> Hello!
>
> Does anybody know, why sshd call getpwnam() even if user is
> authenticating via PAM? This broke remote authentication (RADIUS,
> TACACS+) when user doesn't exist in local password database.
The user must exist in some
On Thu, Mar 04, 2004 at 07:46:11AM -0500, sybexmy alias wrote:
> Hi All,
>
> I'm attempting to integrate SSH with LDAP and PAM on a FREEBSD 5.2 host.
>
> However I'm having "access denied" error message when I try to ssh to my ldap server
> using PUTTY Release 0.53b.
>
> I have google around an
On Fri, Mar 05, 2004 at 10:41:33PM +0300, Michael Bushkov wrote:
>
> Our implementation of lookupd is a demonstration
> of the approach for the FreeBSD-specific IPC implementation
> of nsswitch. Its architecture is
> flexible enough to implement all the features you have mentioned.
> The version t
On Wed, Aug 27, 2003 at 10:05:28AM -0600, Scott Long wrote:
> All,
>
> This is kind of an unconventional call for help. As we approach the
> release of 5.2, we'd really like to show off the performance and
> stability of our new threading packages. So, I'm looking for people
> to volunteer to go
to a jail to
> > > give the jail certian /dev devices necessary to function ...
> >
> > Well, all I did was test your research :-)
>
> Gordon Tetlow (victim CC'd) was, I believe, working on changes to rc.d to
> allow automatic construction of jails at boot, and
On Mon, Feb 03, 2003 at 10:05:54AM -0800, Terry Lambert wrote:
> Dag-Erling Smorgrav wrote:
> > David Yeske <[EMAIL PROTECTED]> writes:
> > > I still use this. Users will not suddenly quit using hardware that
> > > works, they will start using a different OS that works with it, or
> > > they will
On Sun, Jan 05, 2003 at 05:31:03PM -0700, Scott Long wrote:
>
>http://www.FreeBSD.org/new/status/report-sample.xml
This should be http://www.freebsd.org/news/status/report-sample.xml
-gordon
msg39047/pgp0.pgp
Description: PGP signature
On Fri, Dec 06, 2002 at 09:31:00AM -0800, Octavian Hornoiu wrote:
> I have been doing a lot of research into integrating FreeBSD into my company's
> network recently and we have been converting our servers to FreeBSD gradually
> but one of the hurdles to overcome is the login issue. In order to
On Sat, 11 May 2002, Terry Lambert wrote:
> > This is not something that is meant for you to massage which root
> > partition you are going to boot up off of.
>
> I don't understand what it does, then. The original Whistle code
> was intended to attempt to boot 3 times from one partition, and
>
On Fri, 10 May 2002, Terry Lambert wrote:
> Gordon Tetlow wrote:
> > Is there anything that is wrong with the conceptual implementation of the
> > nextboot loader code that I've submitted? It definitely needs a code
> > cleanup on the forth side (which I'm not
Is there anything that is wrong with the conceptual implementation of the
nextboot loader code that I've submitted? It definitely needs a code
cleanup on the forth side (which I'm not qualified to do), but if there
are no other objections, I'd really like to see this code committed.
-gordon
To
I would also like to clarify that I never knew that there was a
nextboot(8) functionality. Don't look at it as I'm trying to reimplement
it. I never knew it existed in the first place =)
-gordon
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of t
Picking a random message to respond to...
On Fri, 10 May 2002, Terry Lambert wrote:
> It's actually just as easy to make boot1 go read it itself, assuming
> boot1 has the ability to read. It also decouples it somewhat, which
> (IMO) is a good thing. This is actually the same effect they get fr
On Thu, 9 May 2002, Michael Smith wrote:
> You're fooling yourself if you think that just because you're rewriting a
> different file, "something going wrong" isn't going to hose the user
> anyway.
True, but if I only hose /boot/nextboot.conf (which is going to be delete
when the machine enter
On Thu, 9 May 2002, Michael Smith wrote:
> > I've finally learned enough forth to put together a diff to implement some
> > nextboot functionality in the loader.
> >
> > Basically, the loader peeks into the first line of /boot/nextboot.conf to
> > see if nextboot_enable="YES" is there. If it i
On Thu, 9 May 2002, Michael Smith wrote:
> > I've finally learned enough forth to put together a diff to implement some
> > nextboot functionality in the loader.
> >
> > Basically, the loader peeks into the first line of /boot/nextboot.conf to
> > see if nextboot_enable="YES" is there. If it i
On 18 Oct 2001, Dag-Erling Smorgrav wrote:
> Dag-Erling Smorgrav <[EMAIL PROTECTED]> writes:
> > Your rcorder patch is incorrect.
>
> Here's a correct patch. Does anybody mind if I commit this and
> connect rcorder(8) to the build?
Actually, fparseln() is defined in libutil.h (per the man page)
On 18 Oct 2001, Dag-Erling Smorgrav wrote:
> Gordon Tetlow <[EMAIL PROTECTED]> writes:
> > M1 (Patch included)
> > Setup infrastructure
> > Make rcorder compile
>
> Your rcorder patch is incorrect. FreeBSD lacks a prototype for
> fparseln(). It so happens
Alright folks, I finally got off my butt last night and put together a
roadmap for the migration to the new rc.d init scripts that were imported
from NetBSD a long time ago and just sat in the tree.
M1 (Patch included)
Setup infrastructure
Make rcorder compile
Hook rc.subr into the distribution
Here is a diff that fixes a couple of issues and will facilitate moving
nfsd and mountd into /usr/sbin
This also removes the bogus nfs_client_flags since it is no longer used.
This needs to happen to make migrating to the rc.d system easier.
-gordon
diff -ur /usr/src/etc/defaults/rc.conf etc.n
:26 -0700 (PDT)
From: Gordon Tetlow <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: nfsd and mountd in the wrong place
I submitted a pr on this issue...
http://www.freebsd.org/cgi/query-pr.cgi?pr=30972
-gordon
On Sat, 29 Sep 2001, Gordon Tetlow wrote:
> nfsd and mountd are
I like Kerberos 5 and it's ability to use tickets so I don't have to type
passwords whenever I login/su/need to authenticate myself. So it *really*
annoys me that there is a pam_krb5 module that allows you to authenticate
against a Kerberos 5 principal but it won't accept any tickets that I try
to
On Tue, 14 Aug 2001, Kevin Way wrote:
> Well, it's now been about 2 months since the initial NetBSD import discussion
> occured on this list, and as far as I can tell, here's where we stand.
>
> - David O'Brien did a vendor import of the unported NetBSD rc system
>
> - there was a group consensus
On Fri, 20 Jul 2001, Gordon Tetlow wrote:
> Is this documented anywhere? If so, can you toss a pointer? I'd be
> interested in learning a little kernel hacking, and I can't imagine this
> would be *that* hard to implement.
Nm, I was too lazy to check before, but apparently
On Fri, 20 Jul 2001, Mike Smith wrote:
> > 3) Steal an idea from Linux (gasp!), and have module dependencies. ie,
> >load ipfw.ko and then before we load up natd, we check to see if
> >ipdivert.ko is loaded and load it. Alternatively, loading ipdivert.ko
> >(before loading ipfw.ko), w
On Thu, 19 Jul 2001, Matthew Jacob wrote:
>
> On Thu, 19 Jul 2001, Gordon Tetlow wrote:
>
> > On Thu, 19 Jul 2001, Matthew Jacob wrote:
> >
> > > > So the question is - should I keep the new behaviour that is probably
> > > > a better default and wi
On Thu, 19 Jul 2001, Matthew Jacob wrote:
> >
> > So the question is - should I keep the new behaviour that is probably
> > a better default and will catch out fewer new users but may surprise
> > some experienced users, or should I revert to the traditional
> > default where `-R1' or `-b' are re
On Sat, 14 Jul 2001, Mike Smith wrote:
> > >and how to compile the individual module, which
> > >should reflect changes in kenel also? ..
>
> Modules are built as part of the kernel build. You can also build
> modules idependantly in sys/modules. Note that module code should not
> depend on
On Sat, 16 Jun 2001, David O'Brien wrote:
> On Sat, Jun 16, 2001 at 07:58:06AM -0700, Gordon Tetlow wrote:
> > I like Matt's idea (I think it was Matt) to have a new_rc switch. I'll
> > look at adding the code for it and submitting a patch,
>
> You are goin
On Sat, 16 Jun 2001 [EMAIL PROTECTED] wrote:
> On Thu, Jun 14, 2001 at 11:57:18AM -0700, Gordon Tetlow wrote:
> > >From diving through it all, there will be a fair amount of departure from
> > the NetBSD stuff at least up through network init. This is just due to the
> >
On Sat, 16 Jun 2001, David O'Brien -Hackers wrote:
> On Wed, Jun 13, 2001 at 06:04:23PM -0700, Gordon Tetlow wrote:
> > Anyway, here's my status:
> > rcorder ported (one line code change)
>
> I have already sent a patch to a NetBSD contact, so this one is done.
&
On Thu, 14 Jun 2001, Andrew Hesford wrote:
> Date: Thu, 14 Jun 2001 14:42:45 -0500
> On Thu, Jun 14, 2001 at 11:57:18AM -0700, Gordon Tetlow wrote:
>
> I take objection to the moving of pccard before mounting /usr. It works
> just fine for those who place /var on the same partitio
On Thu, 14 Jun 2001, Kevin Way wrote:
> > Also, NetBSD doesn't seem to formalize chaining to /usr/pkg/etc/rc.d or
> > /usr/local/etc/rc.d, unless I missed that.
>
> packages are given startup space in /etc/rc.conf.d/$command, where
> $command is setby the first argument to load_rc_config.
I like
On Thu, 14 Jun 2001, Andrew Hesford wrote:
> On Thu, Jun 14, 2001 at 11:57:18AM -0700, Gordon Tetlow wrote:
> >
> > I've also made some (slight) changes to the boot order. Mostly just
> > formalizing the lock step nature of things. I did make one change that I
> >
On Thu, 14 Jun 2001, Warner Losh wrote:
> With all due respect to Eivind, he's reinventing the wheel. I'd like
> to see NetBSD's brought in with an absolute minimum of change.
Along those lines, I'm typing on my laptop that is using the scripts that
I have ported over... I've only gotten it up
On 14 Jun 2001, Cyrille Lefevre wrote:
> not always. the dependency graph works fine if you start/stop all
> services at once, but not individually such as :
>
> starting nfsd should required mountd but actually, it don't start it.
[snip]
Yup, I have an idea or two as to how to get around it, bu
On Tue, 12 Jun 2001, Kevin Way wrote:
> On Mon, Jun 11, 2001 at 09:25:28PM -0700, Jordan Hubbard wrote:
> > Guys, guys. The NetBSD /etc/rc system is good. We should stop
> > arguing about it and just focus on figuring out who's going to
> > integrate it or the whole conversation concerns a moot
I have a problem, I installed a bunch of machines with a very stripped
down set of distributions (bin, man, dict, krb5). I'd like to update the
machines, but when I do an installworld, it's going to install a bunch
more than that. Is there some way of only upgrading only the bin
distribution (a la
On Tue, 5 Jun 2001, Heimes, Rene wrote:
> hiho!
>
> i am searching for a parser that parses security logs from ipfw-made up
> logs. anyone got a hint?
No idea on that one. There might be something in the ports collection.
> (btw: what about ipfw firewalls - outdated? what would be better?
> ipc
I'm struck by the old axiom:
You can have it fast.
You can have it reliable.
You can have it cheap.
But you can only have 2 of the 3.
If you figure out how to get all 3. Call me.
-gordon
On Mon, 28 May 2001, Wilko Bulte wrote:
> On Mon, May 28, 2001 at 04:31:17PM +, E.B. Dreger wrote:
> >
On Wed, 23 May 2001, Jacques A. Vidrine wrote:
> You are not the only one. I can appreciate the `neat' factor, but I
> cringed at the commit. It seems like functionality that would be
> better put in a separate utility (or port even). It's not like you'd
> ever want to run the NVT protocol ove
On Mon, 21 May 2001, Jordan Hubbard wrote:
> > c) A filesystem that will be fast in light of tens of thousands of
> >files in a single directory (maybe even hundreds of thousands)
>
> I think we can more than hold our own with UFS + soft updates. This
> is another area where you need to get
On Sat, 5 May 2001, Ceri Storey wrote:
> On Sat, May 05, 2001 at 08:54:18PM +0200, Ingo Flaschberger wrote:
> > > Note : this is a way to kill your keyboard : an AT keyboard is not
> > > hot-plug compatible
> >
> > i have never killed a keyboard with un / plugging.
> > at linux it works.
> Well,
On Wed, 28 Mar 2001, Dennis wrote:
> it doesnt "hurt" at all. Dealing with bitter losers is part of the public
> experience :-)
>
> Thanks for the tip. i'll forward it to the customer who needs it and let
> him do the work. I've got some more flames to deflect :-)
Dennis, comments like this are
Look for Alfred's commit of Mar 19th. There has been a *huge* overhaul of
the nfs stuff and (I think) a working lockd. I haven't looked at it
myself, so check it out for yourself.
-gordon
On Sun, 25 Mar 2001, Marc W wrote:
> So, in a discussion a while back, it was established that file
> l
If you haven't, please please please, send-pr(1) this so the right people
get a look at this. Last thing we need is a broken ypbind (not that I use
it). More down below.
On Fri, 23 Mar 2001, Harti Brandt wrote:
> the recent update to RPC causes ypbind to break. The problem is, that
> /usr/src/us
On Tue, 13 Mar 2001, David O'Brien wrote:
> On Mon, Mar 12, 2001 at 10:34:32PM -0800, Gordon Tetl
On Mon, 12 Mar 2001, Dan Phoenix wrote:
> CC="gcc -O6 -fomit-frame-pointer" OPTIM="-O2 -DBUFFERED_LOGS"
>
> could some c guru tell me if this would be bad to use to an apache
> optimization? I need to compile apache on my own not with ports
> looking at makefile
> in apache13 in ports collect
I don't have a link handy, but if you search for it, I'm sure it's out
there. Linux had something like this called PerlFS which was much more
generic. The general gist of it was you could use it to make fs's of
things like http and ftp. It was extendable (I think) so you could make
your own fs han
BTW, is this still valid? From /etc/defaults/make.conf:
# Kerberos 5
# If you want KerberosIV (KTH Heimdal), define this:
# ** WARNING **
# ** WARNING ** This is very experimental at this stage. If you
# ** WARNING ** need stable Kerberos5, rather use the port(s).
# ** WARNING **
#
#MAKE_KERBEROS
On Tue, 20 Feb 2001 [EMAIL PROTECTED] wrote:
> Aha. That explains it. You use HW raid. I wondered why you were
> only doing 4 million mails for *30* boxes. Dan, is doing 500K, on a
> completely idle box (cpu/ram/I/O wise), with vinum, Postfix, and RAID-0.
> Have you seen brad knowles papers
On Tue, 20 Feb 2001, Gordon Tetlow wrote:
> We use Alteon load balancers to take care of the balancing part, after
> that, qmail just works. We did add a hack for a deferral server option to
> qmail, meaning after 10 minutes of undeliverable mail (configurable), the
> mail gets tosse
On Tue, 20 Feb 2001, Dan Phoenix wrote:
> On Tue, 20 Feb 2001, Gordon Tetlow wrote:
>
> > Yep, that's 4 million unique emails. Actually, I should qualify that, it
> > took 4 hours for the mail servers to accept and queue them. The outgoing
> > probably took a bit
On Tue, 20 Feb 2001, Dan Phoenix wrote:
> Just curious how you pull this off?
> so 4 million/30=133 thousand emails per mail server roughly.
> So how do you distribute between the machines evenly into ezmlm as
> well?
We use Alteon load balancers to take care of the balancing part, after
tha
On Tue, 20 Feb 2001, Jesper Skriver wrote:
> On Tue, Feb 20, 2001 at 01:22:57AM -0800, Gordon Tetlow wrote:
> > My company (online greeting cards) sent our 4 million emails in 4 hours
> > using a cluster of about 30 mailers with qmail on FreeBSD (old version of
> > F
My company (online greeting cards) sent our 4 million emails in 4 hours
using a cluster of about 30 mailers with qmail on FreeBSD (old version of
FreeBSD at that). That averages to 16,666 mail messages per minute or
about 500 per minute per server. The best part was the servers weren't
breaking a
On Fri, 19 Jan 2001, Ian Kallen wrote:
> Now if the DNS for the web server www.foo.com running on 10.0.0.128
> directs a browser on the 10.0.0.0 net to 206.169.18.10, it doesn't get
> routed back to 10.0.0.128; it just hangs (I'm acutally not sure what's
> happening there, the connction never suc
On Tue, 16 Jan 2001, Michael R. Wayne wrote:
> Background:
>We recently had a customer's web site suffer an attempted exploit
>via one of their cgi scripts. The attempted exploit involved
>writing a file into /tmp, then invoking inetd with that file to
>get a root shell on a non-
On Thu, 18 Jan 2001, Peter Pentchev wrote:
> Never mind, I found the -N option by reading the source.
> Why oh why is it not documented in the CVS info page :(
Probably because it is an option to diff(1) not cvs(1)? It's in the
diff(1) man page.
-gordon
To Unsubscribe: send mail to [EMAIL PR
On Mon, 15 Jan 2001, gerald stoller wrote:
> I just installed freeBSD 4.2 and found that I couldn't mount a
> CDROM even though I copied the command-lines from (the top of) page 236 of
> Greg Lehey's book (ISBN 1-57176-246-9). When I was running freeBSD 3.3 , I
> was able to mount a C
Hello again.
On Tue, 9 Jan 2001, Doug Barton wrote:
> Neil Blakey-Milner wrote:
> >
> > On Tue 2001-01-09 (02:14), Doug Barton wrote:
>
> The point I'm trying (obviously in vain) to make is having cron do what
> amounts to "slewing its internal clock" will not work for everyone, and
> viol
Hello there!
On Fri, 5 Jan 2001, Doug Barton wrote:
> Gerhard Sittig wrote:
[snip]
>
> Consider the following. We are in the spring and DST is "springing
> forward" at 2am. We have a job scheduled at 2:15 that takes one hour to
> run. There is another job scheduled at 3:20 that ABSOLUTELY P
Scratch that, I still get the error messages. For some reason they didn't
show up for an hour or two. They usually show up immediately.
-gordon
On Sat, 6 Jan 2001, Gordon Tetlow wrote:
> I used to get this exact same message, although my natd setup worked just
> fine. It was just
I used to get this exact same message, although my natd setup worked just
fine. It was just filling up the logs. I then added -log_denied to the
arguements for natd and it stopped spewing log messages. Here's what I
run:
/sbin/natd -unregistered_only -use_sockets -punch_fw 5050:10 -log_denied -n
On Thu, 4 Jan 2001, Mike Smith wrote:
> This is a FAQ; you have a geometry mismatch.
>
> Make sure the BIOS on the card is set for 2GB mode, make sure sysinstall
> detects a */128/32 geometry. 8GB mode doesn't work (my fault, will be
> fixed once I get my lab set up and some free time).
Hmm, I
I can add another data point for this. We are using FreeBSD 4.0 (I'll be
upgrading them one of these days) and had this exact same problem. My
solution was to make a floppy disk and stuff it in the drive. It did the 3
phase boot loader and in the loader.rc I added set currdev=disk1s1a which
did th
It didn't seem to help for me. I still get lots of permission denied, but
then again, I'm also using a much stricter set of rules.
I seriously hope that the fact we are using 3com etherlink iii cards
doesn't have anything to do with it.
Just to note. As far as I can tell, it's still doing nat ju
I'll add another data point if I can. I also get this message from my
working firewall box. I get it even when all the machines behind the
firewall are powered down. And I get it alot. Attached are my firewall
rules and dmesg.
-gordon
Also, here are the arguments I pass to natd:
/sbin/natd -dyn
68 matches
Mail list logo
