On Wed, Mar 27, 2019 at 11:05 AM Daniel Jakots wrote:
> On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein
> wrote:
>
> > It is interesting because some people mention combined methods - like
> > SSL hostkey + some second factor being used just in that fashion:
> >
&g
On Wed, Mar 27, 2019 at 5:34 AM Boris Epstein wrote:
>
>
> On Wed, Mar 27, 2019 at 2:31 AM Ted Unangst wrote:
>
>> Boris Epstein wrote:
>> > Thanks. It makes sense to be able to select login methods under some
>> > circumstances - but do I have an option of
On Wed, Mar 27, 2019 at 2:31 AM Ted Unangst wrote:
> Boris Epstein wrote:
> > Thanks. It makes sense to be able to select login methods under some
> > circumstances - but do I have an option of forcing the user to log in
> using
> > a predetermined set of methods (for ins
1:59 PM Todd C. Miller wrote:
> On Tue, 26 Mar 2019 11:11:35 -0400, Daniel Jakots wrote:
>
> > On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein
> > wrote:
> >
> > > Hello listmates,
> > >
> > > Let's say I have the following configu
ts as far as authentication methods.
Thanks.
Boris.
-to-day risks.
>>
CB> Does no one at all use OpenBSD for anything but making money or looking
CB> cool?
CB> Does no one at all do any kind of work for charity?
CB> Is there some virus going around that makes everyone so hostile?
CB> Why assume that I have some idiotic boss that wants to fuck things up?
CB> Did it ever occur to you that I might be doing this work for free?
CB> Did it ever occur to you that the organization might be doing major
CB> disaster relief from all of the recent hurricanes devastating the
CB> Southern US. That they might be helping to protect first responders
CB> doing wellness checks on homes? That they might be stopping homes and
CB> businesses from being looted?
CB> That the primary members of the organization are law enforcement,
CB> paramedics and veterans?
CB> But hey, if I can't fill up my bank account, I guess the usage of
CB> OpenBSD is discouraged.
--
Best regards,
Borismailto:psi...@prodigy.net
d" lately, but the overall
PB> standpoint
PB> looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked
PB> some "months ago").
PB> [Still stuck with my ikev2 with strongswan on a different box solution]
PB> HTH... wait, no:
PB> ciao
--
Best regards,
Borismailto:psi...@prodigy.net
to play in,
KC> you've instead opted for letting a new OS, that you have no experience
KC> with, access and modify the raw disk bits.
KC> - You've tried installing the aforementioned new and unknown OS, on a
KC> disk that had other important data, that was already governed by
KC> another OS.
KC> To me, that doesn't sound like what an experienced user would do.
KC> <3,K.
--
Best regards,
Borismailto:psi...@prodigy.net
isk corruption,
MK> only that it's happened a few times in the past. The occasional JPG or MP3
MK> from the late 90s that used to work but now doesn't, and who-knows-why.)
MK> Before I embark on this direction for a fileserver, I thought I should
MK> chec
I have two laptops that use the iwi driver for their Intel wireless
interfaces and I have an usb wifi dongle that uses the rsu driver. Under 5.7
and 5.8 these work perfectly. But under 5.9 I cannot connect to a wireless
network. Scanning with ifconfig works fine. When using dhclient to get an ip
ad
) options to buy the OpenBSD CDs in the US?
--
Best regards,
Boris mailto:bo...@twopoint.com
ncap" section.
Don't see anything about "netstat" nor about "encap" at
http://www.openbsd.org/57.html, the google also didn't help.
How do I check VPN related routing besides "ipsecctl -s flow" (which
isn't exactly the strait way) ?
--
Best regards,
Boris mailto:bo...@twopoint.com
Hello Nick,
Thursday, February 12, 2015, 9:26:01 AM, you wrote:
NH> On 02/12/15 10:10, Boris Goldberg wrote:
>> Hello Nick,
NH> ...
>> I was entertaining the idea of making a 100 TB OpenBSD based archive
>> storage, even asked the list. The only answer pointed to
uce their occurrence.
I was entertaining the idea of making a 100 TB OpenBSD based archive
storage, even asked the list. The only answer pointed to that FAQ page, and
it stopped me from pursuing that idea. Servers with 128 GB of RAM aren't
uncommon, but expensive (comparing to 64/32 GB ones).
--
Best regards,
Borismailto:bo...@twopoint.com
them (if really needed).
Make sure there are no trailing spaced in your isakmpd.conf. I've had a
lot of "fun" with it in the past. Could be fixed since though.
--
Best regards,
Borismailto:bo...@twopoint.com
ms with that patch (besides the fact that
it's for 5.4).
--
Best regards,
Boris mailto:bo...@twopoint.com
Hello misc,
Has anyone used the OpenBSD with really big arrays - 50 to 200 terabytes?
Are there any issues? Is there a rule about how many gigabytes of RAM per
terabyte mounted is needed?
--
Best regards,
Boris mailto:bo...@twopoint.com
e to 5.5 (and later) only.
Am I wrong?
Is there going to be any (further) development about that bug in 5.4?
--
Best regards,
Borismailto:bo...@twopoint.com
helpful.
It seems like you need more knowledge about routing, otherwise there is a
very big chance you "shoot yourself in the foot" messing around this. Been
there, probably still is.
--
Best regards,
Borismailto:bo...@twopoint.com
date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS
rev. 2.4 @ 0xee000 (68 entries)
bios0: vendor HP version "P58" date 05/18/2009
bios0: HP ProLiant DL360 G5
Please let me know if you need some other (specific) information. I can't
be sure what is relevant.
--
Best regards,
Borismailto:bo...@twopoint.com
Hello Craig,
Wednesday, September 24, 2014, 3:56:35 AM, you wrote:
CRS> How about Dovecot & sieve ...
Does this mean you tried and found out (or knew) that disk quotas where
not going to work for you?
--
Best regards,
Borismailto:bo...@twopoint.com
ace period is 6 days. Does it
suppose to have that long "memory" (over 12 hours)? Don't believe it was
like that before (in 5.0).
--
Best regards,
Borismailto:bo...@twopoint.com
#x27;s message about something remotely
related.
Does someone have deeper understanding of this situation or experienced
something similar?
--
Best regards,
Boris mailto:bo...@twopoint.com
port.
The package installs fine, but requires manual transfer of /var/dcc/
content. That could be improved if someone explains how to put staff
outside of /usr/local/.
--
Best regards,
Boris mailto:bo...@twopoint.com
es
very often (sometimes this is what you need). If you need something more
responsive you can play with phase 2 lifetimes (not sure if this is a good
idea) or have some watchdog process (ifstated?) to force phase 2
renegotiation if the connection is lost.
--
Best regards,
Borismailto:bo...@twopoint.com
isakmpd
process_number_2 ... isakmpd: monitor [priv] (isakmpd)
"kill -1 process_number_2" will make isakmpd to reload configuration.
"kill -1 `cat /var/run/isakmpd.pid`" also works in most cases.
--
Best regards,
Borismailto:bo...@twopoint.com
d (the man hasn't).
The nat-to could be tricky, you need to make sure packets in question are
going into the interface you want *before* the NAT. Here comes the routing,
which is specially tricky, because in a number of cases running "route add"
isn't
st place? There is no real security separation between vlans.
Also OT - is OBSD handling 10 gigabit interfaces at full capacity
already?
--
Best regards,
Borismailto:bo...@twopoint.com
.
Do you know of any reliable antivirus scanners (free or not) that would
run on modern OpenBSD?
--
Best regards,
Boris mailto:bo...@twopoint.com
s (kerberos could be ignored
in this case).
BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried
searching and found only a "rumor" that there is might be the size limit.
--
Best regards,
Borismailto:bo...@twopoint.com
sftp server rather than a http
one.
--
Best regards,
Borismailto:bo...@twopoint.com
,
Boris mailto:bo...@twopoint.com
busy?
Other tips to migrate extensive cbq queues (with borrowing) would be
very helpful and appreciated.
--
Best regards,
Borismailto:bo...@twopoint.com
an idea where?
Does the "set prio" affect this queuing or just creates some separate
queues?
--
Best regards,
Borismailto:bo...@twopoint.com
s there a bandwidth borrowing and how is it
prioritizing?
--
Best regards,
Boris mailto:bo...@twopoint.com
for more
than ten years.
--
Best regards,
Borismailto:bo...@twopoint.com
g to maintain it.
Did you need to kill it *before* the replacement is ready? Definitely no.
Could you, please, return the RAIDframe support until the softraid is
ready?
--
Best regards,
Borismailto:bo...@twopoint.com
; * you can hope a second drive doesn't fail in your array... for the life
NH> of the system.
NH> Not much else I can think of.
If the softraid is so raw yet, why the old good RAIDFrame was removed
starting the 5.2? It works just fine for me. Big volumes rebuilds take a
long while, but it's something working.
--
Best regards,
Borismailto:bo...@twopoint.com
Hello Mik,
Sunday, November 13, 2011, 8:06:32 AM, you wrote:
MJ> I would like to know if such configuration is possible.
MJ> LAN1
MJ> (192.168.10.0/24) <--> OpenBSD .99 <--> .254 Router IPx <--> Internet <-->
IPy
MJ> IPSec_GW (Vendor) <--> LAN2 (192.168.20.0/24)
MJ> As you can see the OpenBSD
exclusividad.
Un afectuoso saludo,
Boris
Excelenciaâ¦..con nombre propio
Ud. se encuentra suscripto a nuestra lista con la direccion:
misc@openbsd.org
Para CANCELAR su suscripcion haga click aqui
o envie un mail a: i...@borisvitale.com.uy
[IMAGE]
network-to-host one. That "dummy" tunnel wont actually transfer
anything, but will route packets from your internal network to enc0, than
your nat rule will change it and everything should work.
--
Best regards,
Borismailto:bo...@twopoint.com
aid0 at root
Is there a way to boot without a softraid (just to make sure it's not
causing the problem)?
--
Best regards,
Borismailto:[EMAIL PROTECTED]
is just a little bigger.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
not less secure than ssh and
gives you more flexibility.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
in a first place, because you
don't really need an OpenBSD on that box (you are saying that it will get
an another OS anyway).
--
Best regards,
Borismailto:[EMAIL PROTECTED]
csum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
swapmount: no device
# tail -15 /var/log/messages | head -6
Oct 30 21:43:30 fw /bsd: Kernelized RAIDframe activated
Oct 30 21:43:30 fw /bsd: raid0 at root: (RAID Level 1) total number of sectors
is 308367488 (150570 MB) as root
Oct 30 21:43:30 fw /bsd: dkcsum: wd0 matches BIOS drive 0x80
Oct 30 21:43:30 fw /bsd: dkcsum: wd1 matches BIOS drive 0x81
Oct 30 21:43:30 fw /bsd: swapmount: no device
Oct 30 21:43:42 fw savecore: no core dump (no dumpdev)
--
Best regards,
Boris mailto:[EMAIL PROTECTED]
0x24
config_process_deferred_children(d18f7180,0,0,d18f7200,20) at
config_process_deferred_children+0x59
ddb> c
usb1 at uhci4: USB revision 1.0
uhub1 at usb1: Hewlett-Packard UHCI root hub, rev 1.00/1.00, addr 1
Also, does iLO 2 Remote Console (a Java one) work for you?
--
Best regards,
Borismailto:[EMAIL PROTECTED]
Hello Mark,
Thursday, October 25, 2007, 4:13:09 PM, you wrote:
MZ> On Thu, Oct 25, 2007 at 11:19:21AM -0500, Boris Goldberg wrote:
>>
>> Thank you very much for that (valuable) reply!
>> BTW, this is an argument for making an OpenNTPD ntpdate tool or adding
>&g
ograms as root vice daemons which
B> execute code with proper separation of privileges.
Thank you very much for that (valuable) reply!
BTW, this is an argument for making an OpenNTPD ntpdate tool or adding
one_time_synchronization functionality into ntpd. :)
--
Best regards,
Borismailto:[EMAIL PROTECTED]
our *production* hardware goes 20
minutes off a day you will probably replace it (I believe, for new hardware
it's a "warranty" case).
Second of all, I've seen that behavior (with much smaller time
adjustments) on SCO, but OpenBSD handles it pretty good - my cron doesn't
repeat itself after adjusting time back.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
hing but hard reset signal. This is very sad, because the
ability to remotely manage/fix servers in case of serious errors was one of
the reasons to buy a brandname.
e> Which one's hardware better supported? Internal NIC's, SCSI
e> (Sun)/SATA(HP) controllers?
Integrated NICs are Broadcom (bge). Their support is not included into
floppy42.fs, which might be a (small) issue. There is also a problem with
speed autodetection if you plug the network cable after boot, but doing
ifconfig down/up resolves it.
SATA is recognized as wd, and working with speed of wd (PATA) - not very
fast. Shouldn't be an issue for a firewall (may be will slow down squid).
e> And if you had to choose - what would be your choice today?
I would get DELL. ;) But maybe they are just an unknown evil...
--
Best regards,
Borismailto:[EMAIL PROTECTED]
you don't need
up-to-second synchronization (in my case modern hardware goes less than a
second off per day, and really old hardware - less than 10 seconds).
--
Best regards,
Borismailto:[EMAIL PROTECTED]
Hello Paul,
Tuesday, October 23, 2007, 12:38:43 PM, you wrote:
PdW> ... run rdate, it has the -n switch.
Here we go! :D
--
Best regards,
Borismailto:[EMAIL PROTECTED]
ore useful synchronization algorithm and
it's own ntpdate (or a parameter to synchronize and exit).
--
Best regards,
Borismailto:[EMAIL PROTECTED]
Hello Rogier,
Tuesday, October 23, 2007, 9:01:32 AM, you wrote:
RK> On 10/23/07, Boris Goldberg <[EMAIL PROTECTED]> wrote:
>> You don't really need ntpd on all systems. One (timeserver) runs ntpd,
>> and others use rdate, called from cron (once a day is usuall
ate, called from cron (once a day is usually enough).
--
Best regards,
Borismailto:[EMAIL PROTECTED]
40RAID
k> ...
k> # disklabel wd1
k> ...
k> d:606244905 18892440RAID
You've said that you'd tried different configurations, but the one you
are showing here just can't work, because you don't have wd3.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
ne. At least not with NAT.
I'm confused too. :)
Why wont it work over a NAT? You might need to bypass ftp-proxy for that
server (like I did), but only if it's using standard ftp ports (20/21). And
it should be passive, of course.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
de in the wpi driver since 4.1.
>
> Damien
>
>
Oh, i'am sorry. Now it's runnig.
BB
Boris
>
>> Hay Damien,
>>
>> i have install OBSD 4.1 last day on Sony VAYO VGN-C1S and have any
>> problems with the wpi-driver, too.
>>
>> After i'
stall OBSD 4.1 last day on Sony VAYO VGN-C1S and have any
problems with the wpi-driver, too.
After i'm installed the wpi-firmware-2.14.1.5 and i make on with
#ifconfig wpi0 up
then,
#wpi0: could not read the firmware
also, i moved wpi-3945abg to wpi-ucode.
Now, it's read firmware, but he
say is it stable or not yet (need couple weeks of uptime to
make some assumptions). It compiles kernel in 6 min (tried several times).
Other testing will be (hopefully) just a regular work (setting up, copying
files, making distributions).
Several questions:
Is this a "right" configuration to use? If yes, why acpi is disabled in
generic.mp?
Should (can) I do something about "acpicpu at acpi0 not configured" and
"acpitz at acpi0 not configured"?
All I did is typed "enable acpi" and "enable acpiec" in a "config -e -o".
However, there are some other staff in the kernel configuration file:
#option ACPIVERBOSE
#option ACPI_ENABLE
acpi0 at mainbus? disable
#acpitimer* at acpi?
#acpihpet* at acpi?
#acpiac*at acpi?
#acpibat* at acpi?
#acpibtn* at acpi?
#acpicpu* at acpi?
#acpidock* at acpi?
acpiec* at acpi?disable
acpiprt*at acpi?
#acpitz*at acpi?
Should we change something and recompile?
There are couple other issues about that server, but I'll create a
separate thread about it.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
t
will try -current. I'm going to combine and post detailed report later.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
r
employees are using IPSec VPN to work from home, and some of them are
behind "home network" routers. We also doing lot of IPSec from the
company's network (behind OpenBSD firewall/NAT) to customers gateways
(using various clients).
the world know that you
could be reached through different directions (ISPs). Your ISPs should
support it and you'll probably have to pay for it to both ISP.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
and DL100/DL300 are coming by default with just iLO Standard.
BTW, why don't you call HP and ask them these questions?
--
Best regards,
Borismailto:[EMAIL PROTECTED]
faster than sftp) and chroot. You'll just
need to set up ssh to listen out and ftp - on the localhost only. Downside
is that I haven't heard about free client supporting it. But if you can
afford to buy something like www.vandyke.com/products/securefx/index.html
for every user (or force them to buy it) - this solution is for you.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
rking properly? Does the lack of bio support causing
any real problem in your case?
Sorry for trying to kind of benefit from your problem, but answers will
be really appreciated.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
for discussion of the 1TB limit.
Again, what is "RAID volume" - RAID set or LUN ? Can I have 10 LANs (for
example) and see them as separate devices (like sd0, sd1, sd2, etc) ?
Then I wont need to worry about a terabyte limit.
--
Best regards,
Borismailto:[EMAIL PROTECTED]
14.1" on the F1 and "route add
10.4.12.0/22 10.2.14.1" on the F2. Your numbers a bit confusing, but it's
a "route add ".
--
Best regards,
Borismailto:[EMAIL PROTECTED]
e other words, is there any way to use that storage with OBSD ?
--
Best regards,
Boris mailto:[EMAIL PROTECTED]
70 matches
Mail list logo
