Don't replay to spam
The original trying freeBSD 9.1 [...] mail is spam, since the original message had a signature about face lifting or something like that. Take a look at http://lists.freebsd.org/pipermail/freebsd-questions/2013-March/249992.html Once you visited the page from the link in the signature, you even can't leave this page. It's hard to train spam filters, if people reply to spam. Regards, Ralf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Attaching GELI device on boot
Hey, i've got a problem attaching a geli device on boot. My setup: ada0 and ada1 full geli setup (no partition schemes). ZFS on both. ada0 is my root device. I can boot into the system there is no problem with it. But now I want to attach ada1 on boot as well using a single keyfile. My rc.conf looks like this: ... geli_autodetach=NO geli_devices=ada1 geli_ada1_flags=-p -k /root/ada1.key ... The problem is that geli does not want to attach the device at first. It claims about (missing?) metadata and inappropriate file format (I dont know where geli logs this). It tries to attach the device 3 times which is the default option with no success. BUT once the system is booted up and I can login, I can manually start /etc/rc.d/geli onestart and it will successfully attach the device. So configuration seems to be fine, only the order the services started seems to be wrong (e.g. devd is being started AFTER geli tries to attach the device, why??) Also there is a problem with sabnzbd which is being started before the network is set-up, which is wrong as well. Here is my full rc.conf: hostname=freebsd ifconfig_nfe0=DHCP # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO devd_enable=YES devfs_enable=YES zfs_enable=YES rpcbind_enable=YES nfs_server_enable=YES mountd_flags=-r linux_enable=YES dbus_enable=YES hald_enable=YES powerd_flags=-a adp sshd_enable=YES sabnzbd_user=sts sabnzbd_group=sts sabnzbd_conf_dir=/usr/home/sts/.sabnzbd sabnzbd_enable=YES geli_autodetach=NO geli_devices=ada1 geli_ada1_flags=-p -k /root/ada1.key I hope somebody can help me, Stephan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No sound with Thinkpad X60
Friday, 22 March 2013 at 6:28:57 +0100, Bernt Hansson said: 2013-03-22 00:42, Peter Harrison skrev: Put this in your /boot/loader.conf and report back. hw.snd.default_unit=0 Test with other nubers if 0 do not work. Thanks Bernt. Here's the relevant bit of rc.conf snddetect_enable=YES mixer_enable=YES and I have snd_hda_load=YES in my loader.conf, so shouldn't need the sound_enable you suggested I think? I also have this in my device.hints: hint.hdac.0.cad0nid7.config=as=1 but I think that's a typo and there should be an extra period in there somewhere That said, I'm not going to change anything because all of a sudden and for no reason that I can figure out, it is now working. I have sound. Go figure. Thanks for your help. Peter Harrison. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No sound with Thinkpad X60
Friday, 22 March 2013 at 12:30:37 -0400, Lowell Gilbert said: Jerry je...@seibercom.net writes: On Fri, 22 Mar 2013 06:28:57 +0100 Bernt Hansson articulated: 2013-03-22 00:42, Peter Harrison skrev: Put this in your /boot/loader.conf and report back. hw.snd.default_unit=0 Test with other nubers if 0 do not work. Using an nVidia card, I had to do the following: /etc/sysctl.conf hw.snd.default_unit=4 Rebooted and the sound worked. I never found any truly accurate information on it, it was basically just a trail and error experiment. And YES, it sucks that in all to many cases, sound doesn't just work. You don't actually need to reboot for each trial. Running sysctl(8) from the command line will do. And /dev/sndstat would probably tell you the right value to try. These things are covered in the Handbook.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Indeed. I've been faffing around with various sysctl settings from the command line without rebooting. As I mentioned in a slightly earlier email though, it's working now - although I can't figure out why, it is. Thanks for your help. Peter Harrison. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
[listoso.com] new producst list of tab computer
p align=leftbrTo: freebsd-questions@freebsd.org via listoso.combr/p Good Moring, What's a great day! Greetings from Sammy, sales manager of The compony name with great experience with tablet pc.. I send this mails because I see you on http://es.listoso.com/freebsd-questions/2012-05/msg00805.html, and get the idea that you are doing business on tablet pc.brI amvery excited to tell you that we are manufactuaer of tablet pc. brbr As for tablet pc, Only 43$ tablet pc. senven inch, 512m, p align=leftFor Android phone, now we have a 100 percent ofof galaxy s3 copy.br/font/pp align=leftWe also have Samsung note and note2. brIf you want to get our full product list with photos and specifictions, please just reply this mail. Thanks!brbr p align=leftBest regardsbrChuckbr/font/p ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
skype
Hi! My system: FreeBSD 9.1-RELEASE #0 r243826: Tue Dec 4 06:55:39 UTC 2012 r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 and I use Skype 2.1.0.81 from ports. When I am using Skype, the conversation often (every 1-5 minutes) gets disconnected or better I hear but the other side doesn't hear me. I know that long time ago the line kern.hz=100 in loader.conf help me but it doesn't work anymore. I start using my Androind phone and I don't have any problem. The friend also talking with people from Europe and USA which they have Linux or Windows and it works. Thanks in advance... Mitja -- http://www.redbubble.com/people/lumiwa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Client Authentication
I am not sure this is the best place to ask this, but I didn't see any other maillists that seemed more appropriate. Basically, my outgoing mail server is being systematically attacked to try passwords looking for one that works. When they do find one, we get inundated by spam sent through that account throughout the world. The situation is such that most of our users are older and their computer is a hand-me-down so they can talk to their grandchildren. Passwords are a great inconvenience for them and create numerous problems with remembering them even when they are simple. Unfortunately, most of them are quite easy to guess. Telling users to use more appropriate passwords is a complete waste of my time. Its never going to make any changes as they probably would not remember any other password (or where they wrote down the password). This situation requires a technical solution. I have been investigating the use of client authentication through SSL. DoD uses this approach by having the certificates on an ID card and a card reader on each computer. We don't have the money to use that approach no could we every get our users to spring for that. I was hoping to figure out a way to put the certificate on a flash drive or CD that the user would carry. The approach we use has to also work for iPads, smart phones etc that do not have an interface for a card reader. At this time, I have successfully configured a test for openssl client authentication using a client certificate. There are a few issues remaining. DoD uses a p12 format for their certificates. Many browsers support that format. It encrypts the certificate and private key so they are not easily obtained from the smart card. Openssl's s_client uses pem certificates and the key has to be included in the certificate file. While that is easily transported on CD or flash drive, the private key is in the clear on the device. Thats not really viable. S_client works properly without a certificate when the certificate check in the server is set to not fail if a certificate is not provided. This is needed because we will never get all our users to use this approach at home. They will still want to use passwords. Since the certificate request is made before the connection information is available, there is no easy way to request it only when needed. I have only been able to test with the Safari browser and it does not handle the no certificate case properly. I believe it is dropping the connection when the user does not select a certificate. I still have to test the other browsers. There is an interesting aspect of openssl that the certificate it uses for normal SSL authentication is not used for client authentication. There are another completely different set of calls that have to be made to set the certificate/key for use in validating the client certificates. Much of this is only documented in existing code. With Safari you have to import the client's certificate into the keychain. Then it works fine. Unfortunately, it doesn't go away when you are done with it. Unlike the smart card which, when removed, removes the certificate, the Safari certificate can continue to be used by anyone afterwards. Hence, its not all that useful for authentication. One approach I have heard about, but not investigated yet is to place the keychain on the removable device. That would make it go away. However, that approach would not work with any other browser or mail program. Any ideas/suggestions on this will be appreciated. Thanks, -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On Sat, Mar 23, 2013 at 9:22 PM, Doug Hardie bc...@lafn.org wrote: I am not sure this is the best place to ask this, but I didn't see any other maillists that seemed more appropriate. Basically, my outgoing mail server is being systematically attacked to try passwords looking for one that works. When they do find one, we get inundated by spam sent through that account throughout the world. The situation is such that most of our users are older and their computer is a hand-me-down so they can talk to their grandchildren. Passwords are a great inconvenience for them and create numerous problems with remembering them even when they are simple. Unfortunately, most of them are quite easy to guess. Telling users to use more appropriate passwords is a complete waste of my time. Its never going to make any changes as they probably would not remember any other password (or where they wrote down the password). This situation requires a technical solution. I have been investigating the use of client authentication through SSL. DoD uses this approach by having the certificates on an ID card and a card reader on each computer. We don't have the money to use that approach no could we every get our users to spring for that. I was hoping to figure out a way to put the certificate on a flash drive or CD that the user would carry. The approach we use has to also work for iPads, smart phones etc that do not have an interface for a card reader. At this time, I have successfully configured a test for openssl client authentication using a client certificate. There are a few issues remaining. DoD uses a p12 format for their certificates. Many browsers support that format. It encrypts the certificate and private key so they are not easily obtained from the smart card. Openssl's s_client uses pem certificates and the key has to be included in the certificate file. While that is easily transported on CD or flash drive, the private key is in the clear on the device. Thats not really viable. S_client works properly without a certificate when the certificate check in the server is set to not fail if a certificate is not provided. This is needed because we will never get all our users to use this approach at home. They will still want to use passwords. Since the certificate request is made before the connection information is available, there is no easy way to request it only when needed. I have only been able to test with the Safari browser and it does not handle the no certificate case properly. I believe it is dropping the connection when the user does not select a certificate. I still have to test the other browsers. There is an interesting aspect of openssl that the certificate it uses for normal SSL authentication is not used for client authentication. There are another completely different set of calls that have to be made to set the certificate/key for use in validating the client certificates. Much of this is only documented in existing code. With Safari you have to import the client's certificate into the keychain. Then it works fine. Unfortunately, it doesn't go away when you are done with it. Unlike the smart card which, when removed, removes the certificate, the Safari certificate can continue to be used by anyone afterwards. Hence, its not all that useful for authentication. One approach I have heard about, but not investigated yet is to place the keychain on the removable device. That would make it go away. However, that approach would not work with any other browser or mail program. Any ideas/suggestions on this will be appreciated. Thanks, -- Doug Using Static IP in the client side , and checking Static IP of the user may be a possibility : In that way , any message from another IP will not be accepted . If this is possible for your systems , it may be checked for usability . One difficulty is that each user should obtain a Static IP and can not connect to his/her ISP from another IP . Good side is that nobody can connect to ISP of the user from another IP : It supplies hardware security ( we are assuming that the user computer is not captured ) .. Thank you very much . Mehmet Erol Sanliturk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
