Re: Contributing and Shame [Was: Lenovo notebooks?]
On Sat, 28 Oct 2006, Breen Ouellette wrote: Eliah Kagan wrote: That would still be most OpenBSD users, wouldn't it? I honestly do not know as I do not have access to the size of the user base nor the financial needs of the project. If 5000 users gave $100 per year to the project that would be half a million dollars. Are there 5000 users? Is half a million per year more or less than the project earns now? Half a million seems like a lot, but it only represents 10 developers on a yearly salary of $50,000, and I personally feel that there are developers that are worth at least that much for a full time contribution. Do the paid developers currently take more or less salary to work full time on OpenBSD? How much of the yearly budget needs to go toward hardware purchases? Operating expenses? Does Revenue Canada get its dirty little fingers into this? There are too many unknown variables to answer this. There is one known factor, though: almost all developers work as volunteers, the project does not pay salaries (there have been exceptions, but I'm talking about the current situation). Some developers work for companies and do OpenBSD (related) stuff in their work time, but in general, developers work in their spare time. The exception being Theo, of course. -Otto
minimum hardware requirements for NTP server?
I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. Jim
Re: minimum hardware requirements for NTP server?
Hi! You can do it on any old machine, is ti 200mhz or 1ghz :) [EMAIL PROTECTED] wrote: I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. Jim
Re: minimum hardware requirements for NTP server?
[EMAIL PROTECTED] wrote: I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. Any of these will do. An NTP server barely uses any ressources. - mb
Re: minimum hardware requirements for NTP server?
I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. A 200 MHz would do, me thinks.
Re: Is there a deluser equivalent in OpenBSD?
On 2006/10/29 00:04, Leonardo Rodrigues wrote: Actually, it wouldn't be practical to manually edit /etc/group. An userdel-like command is needed in the smb.conf of the samba server in order to graphically and easily manage users on the server by using a Windows NT server tool. Either write a script to do it (simple shell scripting is enough, or perl or something else could be more elegant), or google and see if you can find something suitable since the problem must exist for some other OS too.
weird /etc/fstab problem
Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? Thanks for your help, Tobias W.
Re: Lenovo notebooks
In http://marc.theaimsgroup.com/?l=openbsd-miscm=116184662612115w=1, martin g op3nbsdlist () gmail ! com asks Has anyone got experience with Lenovo notebooks running OpenBSD. If you are so kind to share your experience. I'm using a Thinkpad T43p (2GB memory, 100GB disk) with 3.9-stable. Speedstep and 'apmd -C' are ok. Even with 2GB memory, mfs is limited to a bit under 1GB, and process data size is limited to 1GB, but these are generic OpenBSD i386 limits, not specific to this hardware. The builtin bge0 (10/100Mbit ethernet) is 'interesting': * it works fine when connected to an ethernet *switch* (eg Netgear DS105) * it works fine when connected to some ethernet *hubs* (eg Netgear DS104) * it doesn't work at all (no carrier) when connected to some other ethernet *hubs*, even ones of the same model (Netgear DS104) which work fine with other people's Thinkpads. In the (normal) case when it works fine, I typically get around 8 MB/second at 60-80% CPU usage for scp of large files to/from nearby fast machines over a 100Mbit switched network. The builtin ath0 (wavelan) works fine. USB flash disks work fine with either 'mount -t msdos' or mtools. I haven't tried any pcmcia cards. I haven't tried audio. X.org is beautiful at 1600x1200 pixels, but it doesn't recognize the middle mouse button. :( Suspend to ram (= Fn-F4) works fine, although the builtin bge0 network port looses its state (needs 'sh /etc/netstart' to get it going again). The main thing I've found which doesn't work at all well is sending video to the external video connector to drive a projector for conference presentations. The usual tricks like changing the X resolution (with 'xrandr') and toggling Fn-F7 have no effect whatsoever -- so far as I can tell there's no signal at all going to the external video connector. The only way I have found to make this work is to reboot, enter the IBM BIOS setup, and set the 'boot video device' to 'LCD + VGA' (instead of the default 'Thinkpad LCD'). The machine then boots normally (with the console display), but when I start X the builtin display is blank and 1280x1024 video is sent to the external connector. My usual 'xterm -fn 7x14 -fg white -bg black' is really ugly in this video mode, but 'xpdf -fullscreen' looks fine. ciao, -- -- Jonathan Thornburg [EMAIL PROTECTED] Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, Old Europe http://www.aei.mpg.de/~jthorn/home.html Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam
Re: weird /etc/fstab problem
/ is rw - read-write not ro Tobias Weisserth wrote: Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? Thanks for your help, Tobias W. --This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: weird /etc/fstab problem
Sorry, hangover, problems with reading and understanding :) Tobias Weisserth wrote: Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? Thanks for your help, Tobias W. --This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: weird /etc/fstab problem
On 10/29/06, Edgars [EMAIL PROTECTED] wrote: Tobias Weisserth wrote: Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? / is rw - read-write not ro I other words: yes. The operation of mounting requires you to be able to write to the filesystem you are mounting on to (at least, that's how my intuition tells me it should work; otherwise an attacker with mount might be able to overload the mounted filesystems on a read-only filesystems, defeating the purpose of the read-only) I believe just rerunning mount with different options on the already-mounted fs will do it, right? -Nick
Re: weird /etc/fstab problem
On 2006/10/29 11:38, Tobias Weisserth wrote: Why is / not mounted read-only? vi +/uw /etc/rc if you change this, you'll probably want writable /dev: you can include an mfs partition in /etc/fstab and use the -p option to copy the files if you like.
Re: weird /etc/fstab problem
On 2006/10/29 06:23, Nick Guenther wrote: I other words: yes. The operation of mounting requires you to be able to write to the filesystem you are mounting on to I admin a number of boxes that disprove this theory (-: (at least, that's how my intuition tells me it should work; otherwise an attacker with mount might be able to overload the mounted filesystems on a read-only filesystems, defeating the purpose of the read-only) I believe just rerunning mount with different options on the already-mounted fs will do it, right? think about what you're saying here: if it's possible to remount (which it is), an attacker with mount(8) can defeat RO anyway (and of course they could mount a new /usr/bin or whatever over the top of the existing one). # mount -uw / # mount -ur /
Re: bridge(4) RSTP
On 2006/10/27 14:03, Pete Vickers wrote: A nice start could be to teach our tcpdump about RSTP. At present it just pukes: something like this? (coding style probably sucks, but I'm no coder :) Index: print-stp.c === RCS file: /data/cvsroot/OpenBSD/src/usr.sbin/tcpdump/print-stp.c,v retrieving revision 1.4 diff -u -r1.4 print-stp.c --- print-stp.c 20 Dec 2004 08:30:40 - 1.4 +++ print-stp.c 29 Oct 2006 13:13:02 - @@ -63,11 +63,22 @@ #include llc.h #defineSTP_MSGTYPE_CBPDU 0x00 +#defineSTP_MSGTYPE_RBPDU 0x02/* 802.1W RSTP */ #defineSTP_MSGTYPE_TBPDU 0x80 #defineSTP_FLAGS_TC0x01/* Topology change */ #defineSTP_FLAGS_TCA 0x80/* Topology change ack */ +#defineRSTP_FLAGS_PROPOSAL 0x02 +#defineRSTP_FLAGS_LEARNING 0x10 +#defineRSTP_FLAGS_FORWARDING 0x20 +#defineRSTP_FLAGS_AGREEMENT0x40 + +#defineRSTP_MASK_PORTROLE 0x0C +#defineRSTP_ROLE_ALTERNATE 0x04 +#defineRSTP_ROLE_ROOT 0x08 +#defineRSTP_ROLE_DESIGNATED0x0C + static void stp_print_cbpdu(const u_char *, u_int, int); static void stp_print_tbpdu(const u_char *, u_int); @@ -102,9 +113,13 @@ printf( unknown protocol id(0x%x), id); return; } - if (p[2] != 0) { - printf( unknown protocol ver(0x%x), p[2]); - return; + if (p[2] == 2 ) { + printf( RSTP); + } else { + if (p[2] != 0) { + printf( unknown protocol ver(0x%x), p[2]); + return; + } } p += 3; len -= 3; @@ -113,6 +128,7 @@ goto truncated; switch (*p) { case STP_MSGTYPE_CBPDU: + case STP_MSGTYPE_RBPDU: stp_print_cbpdu(p, len, cisco_sstp); break; case STP_MSGTYPE_TBPDU: @@ -154,6 +170,28 @@ printf(%stc, (x++ != 0) ? , : ); if ((*p) STP_FLAGS_TCA) printf(%stcack, (x++ != 0) ? , : ); + if ((*p) RSTP_FLAGS_PROPOSAL) + printf(%sproposal, (x++ != 0) ? , : ); + if ((*p) RSTP_FLAGS_LEARNING) + printf(%slearn, (x++ != 0) ? , : ); + if ((*p) RSTP_FLAGS_FORWARDING) + printf(%sfwd, (x++ != 0) ? , : ); + if ((*p) RSTP_FLAGS_AGREEMENT) + printf(%sagree, (x++ != 0) ? , : ); + + t = ((*p) RSTP_MASK_PORTROLE); + + switch (t) { + case RSTP_ROLE_ALTERNATE: + printf(%srole=alt, (x++ != 0) ? , : ); + break; + case RSTP_ROLE_ROOT: + printf(%srole=root, (x++ != 0) ? , : ); + break; + case RSTP_ROLE_DESIGNATED: + printf(%srole=desig, (x++ != 0) ? , : ); + break; + } putchar(''); } p += 1;
Re: minimum hardware requirements for NTP server?
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-10-29 08:59]: I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. I have a slower vax serving our entire network. it doesn't have usb tho, thus no gps -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: minimum hardware requirements for NTP server?
Henning Brauer wrote: I have a slower vax serving our entire network. it doesn't have usb tho, thus no gps nmea(4) works over serial lines, too.
Re: minimum hardware requirements for NTP server?
On Sun, 2006-10-29 at 01:58, [EMAIL PROTECTED] wrote: set up OpenBSD 4.0 as an NTP server using GPS as the time source minimum hardware required to implement this? Although I'm not using GPS I am using a 20 MHz Sparc with OpenBSD 3.9 as my home NTP (and internal DNS) server. Works fine but took most of a day to do the install. It crunched for hours making SSH keys. Mike
Re: weird /etc/fstab problem
Hi, On Oct 29, 2006, at 12:27 PM, Stuart Henderson wrote: vi +/uw /etc/rc This is exactly what I was looking for. Thanks for the hint. I'll give it a try. regards, Tobias W.
Secure Apache Webserver
Hello, I already discussed this subject on the list. There were several possible solutions for this subject and I have chosen one, I would like to present now. The problem: I have several vhosts, which are used by several people. The Apache is running with $UID 67. Users can access the system by using scponly, which is jailed into /var/www. No problem here so far. This issue was, that all scripts must be readable or even writeable for the Apache Webserver. So one hacked page could damage other vhosts by writing some PHP code to access the other vhosts within /var/www. My solution: 1. I made SuExec working within the chroot environment. (http://www.openbsdsupport.org/ApacheSuexecChroot.html) 2. I wrote a patch for suexec.c to handle *.php correctly. (http://files.haeckser.net/haeckser.net/suexec.patch) 3. I compiled PHP by my own with CGI-support and moved the binary into the chroot. 4. I removed mod_php and mod_perl and set the Apache directives User, Group, AddHandler cgi-script and Options +ExecCGI. Now, every PHP-script has the permissions 700 and gets executed with its own $UID. I feel much better now. :) Bye, Aiko -- Aiko Barz [EMAIL PROTECTED] Web: http://www.haeckser.de
Re: Is there a deluser equivalent in OpenBSD?
Nick Guenther wrote on Sat, Oct 28, 2006 at 11:21:40PM -0400: On 10/28/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Actually, it wouldn't be practical to manually edit /etc/group. [...] Also, er, call me dumb, but after rereading usermod(8), I really see no way to explicitly remove an user from a group... =( [...] As a hack, could you write a short script to edit it and call that? cd /etc \ sed '/^foogroup/s/baruser,*//' group group.new \ mv group.new group This is a noop unless baruser is a member of foogroup, but it changes the /etc/group ctime even then. Hm. cd /etc \ sed '/^foogroup/s/baruser,*//' group group.new \ ; diff group group.new \ rm group.new \ echo no change \ || mv group.new group
Re: pf load balancing and failover
On Friday, October 27, 2006, at 12:23:24, Pete Vickers wrote: Hi Berk, I'm really intereted in this. I have a load of legacy tcp session based load balancing with I'd love to migrate to an OpenBSD/pf based solution. Do you have a patch with applies cleanly to 4.0 ? afair this patch is applied in -current tree and we are using it for a few weeks now and works preety well. We are rdring all traffic between 3 servers in farm: 10.0.0.13,14,15 so we are using -k 0.0.0.0/0 :-) #!/bin/sh $webserver1=10.0.0.13 $webserver2=10.0.0.14 $webserver3=10.0.0.15 removeweb() ( # removeweb table ip pfctl -t $1 -Td $2 pfctl -k 0.0.0.0/0 -k $2 ) addweb() ( # addweb table ip pfctl -t $1 -Ta $2 ) while true ; do { webstatus1=`curl --connect-timeout 10 $webserver1 2/dev/null` webstatus2=`curl --connect-timeout 10 $webserver2 2/dev/null` webstatus3=`curl --connect-timeout 10 $webserver3 2/dev/null` if [ X$webstatus1 != XOK ]; then removeweb wwwfarm $webserver1 else addweb wwwfarm $webserver1 fi if [ X$webstatus2 != XOK ]; then removeweb wwwfarm $webserver2 else addweb wwwfarm $webserver2 fi if [ X$webstatus3 != XOK ]; then removeweb wwwfarm $webserver3 else addweb wwwfarm $webserver3 fi } ; sleep 5; done exit 0 -- Sylwester S. Biernacki [EMAIL PROTECTED] X-NET, http://www.xnet.com.pl/
Re: Lenovo notebooks
On 10/29/06, Jonathan Thornburg [EMAIL PROTECTED] wrote: In http://marc.theaimsgroup.com/?l=openbsd-miscm=116184662612115w=1, martin g op3nbsdlist () gmail ! com asks Has anyone got experience with Lenovo notebooks running OpenBSD. If you are so kind to share your experience. I'm using a Thinkpad T43p (2GB memory, 100GB disk) with 3.9-stable. Speedstep and 'apmd -C' are ok. Even with 2GB memory, mfs is limited to a bit under 1GB, and process data size is limited to 1GB, but these are generic OpenBSD i386 limits, not specific to this hardware. The builtin bge0 (10/100Mbit ethernet) is 'interesting': * it works fine when connected to an ethernet *switch* (eg Netgear DS105) * it works fine when connected to some ethernet *hubs* (eg Netgear DS104) * it doesn't work at all (no carrier) when connected to some other ethernet *hubs*, even ones of the same model (Netgear DS104) which work fine with other people's Thinkpads. In the (normal) case when it works fine, I typically get around 8 MB/second at 60-80% CPU usage for scp of large files to/from nearby fast machines over a 100Mbit switched network. The builtin ath0 (wavelan) works fine. USB flash disks work fine with either 'mount -t msdos' or mtools. I haven't tried any pcmcia cards. I haven't tried audio. X.org is beautiful at 1600x1200 pixels, but it doesn't recognize the middle mouse button. :( If you turn off the touch pad in the BIOS and use only the trackpoint then the middle mouse button works. I never use the touch pad so this works fine for me. Greg
Re: Is there a deluser equivalent in OpenBSD?
Thanks everyone for the input. I guess I'll stick to a little script then =) Though, it seems a bit strange that OpenBSD lacks something like that. I thought it was a given. -- An OpenBSD user... and that's all you need to know =)
Re: minimum hardware requirements for NTP server?
On 10/29/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. I run some very happy time servers on Sparcstation LX (50MHz) or Sparcstation1 (85MHz). CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Is there a deluser equivalent in OpenBSD?
Leonardo Rodrigues wrote on Sun, Oct 29, 2006 at 01:45:15PM -0300: Though, it seems a bit strange that OpenBSD lacks something like that. Look at it from a different perspective: There are other operating systems out there featuring thousands of lines of complicated scripts just to ensure that users never need to do simple tasks themselves. In addition to the usual simplicity improves maintainability and usability argument, my impression is that OpenBSD actively encourages users to understand how the system works - and to understand which tasks are simple and which ones aren't. On first sight, an additional option remove from group to usermod(8) might not hurt much. As a second thought, how would you call it, -g and -G are already occupied; yet it is important for learners to have option names as few and as mnemonic as possible, and please lets not get into --remove-from-group. As a third thought, what might be the next special case that somebody could come up with for plausible reasons? And finally, once you add an option, you have to live with it for good, as somebody will certainly rely on it. At least, i understand that features of this kind are not top priority.
Re: pf load balancing and failover
On Sunday, October 29, 2006, at 15:43:09, Berk D. Demir wrote: We are rdring all traffic between 3 servers in farm: 10.0.0.13,14,15 so we are using -k 0.0.0.0/0 :-) If you're not using sticky addresses, you don't need the patch. If you're using them, you should use the patch and kill the lingering src-track entries with pfctl option '-K' (capital K) huh - you're right... our application working in wwwfarm is clever one and don't need sticky-address option in rdr rules:) -- Sylwester S. Biernacki [EMAIL PROTECTED] X-NET, http://www.xnet.com.pl/
new postgresql in ports
Hi! There was a commit today which updates postgresql to version 8.1.5. This fix made it to the stable branch too, so will there be a package for it, or I have to compile it from ports? I don't really understand how this updating process work yet, so just forgive (but not ignore :) me, if I'm writing foolish things. Thanks! Daniel -- LeVA
Re: Is there a deluser equivalent in OpenBSD?
On Sat, 28 Oct 2006, Philip Guenther wrote: On 10/28/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Thanks, but usermod (with -G arg) seems to only let me add users to a group or multiple groups, but not remove them . The man page, from what I could understand, also says nothing about removing users =( I would call this a bug in usermod: when run with the -G option it should set the user's secondary group list to include exactly the indicated groups. That's how usermod operates under Solaris and Linux and is the obvious way to provide the functionality, though it _is_ kind of klunky. No worries, usermod -G sets the secondary group list, like the man pages says and like other systems do. -Otto
Re: Is there a deluser equivalent in OpenBSD?
On Sun, 29 Oct 2006, Otto Moerbeek wrote: On Sat, 28 Oct 2006, Philip Guenther wrote: On 10/28/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Thanks, but usermod (with -G arg) seems to only let me add users to a group or multiple groups, but not remove them . The man page, from what I could understand, also says nothing about removing users =( I would call this a bug in usermod: when run with the -G option it should set the user's secondary group list to include exactly the indicated groups. That's how usermod operates under Solaris and Linux and is the obvious way to provide the functionality, though it _is_ kind of klunky. No worries, usermod -G sets the secondary group list, like the man pages says and like other systems do. Oops, my memory and test were both wrong. Indeed, -G does not delete membership. -Otto
Re: weird /etc/fstab problem
On 10/29/06, Stuart Henderson [EMAIL PROTECTED] wrote: think about what you're saying here: if it's possible to remount (which it is), an attacker with mount(8) can defeat RO anyway (and of course they could mount a new /usr/bin or whatever over the top of the existing one). # mount -uw / # mount -ur / Right, blah, tired. So is it simply not possible? -Nick
Re: Is there a deluser equivalent in OpenBSD?
Otto Moerbeek wrote: No worries, usermod -G sets the secondary group list, like the man pages says and like other systems do. Oops, my memory and test were both wrong. Indeed, -G does not delete membership. This seems to produce a groups file with all old systemaccounts removed. ~% cat cleangroups #!/bin/sh cat /etc/group |while read line; do unset newusers users=${line##*:} group=${line%:*} for user in $(echo $users|tr ',' ' '); do if userinfo -e $user; then if [ -n $newusers ]; then newusers=$newusers,$user else newusers=$user fi fi done echo $group:$newusers done # Han
docs for OpenLDAP and cyrus-imapd on OpenBSD?
Looking for docs for OpenLDAP and cyrus-imapd on OpenBSD I am trying to implement cyrus-imap on OpenBSD sendmail for virtual hosting with support for pop3, imap (localhost), and smtp-auth. I've googled so much information with that just did not quite fit that it is daunting for those of us who are unfamiliar with ldap. I have made some progress like I had actually hacked cyrus-imap to use the mysql for authentication, got cyradm to work by modifying /etc/hosts and so on..., was making that progress till I found that saslauthd will not support SQL, so I could not go that way for smtp-auth with sendmail. After that endeavor I decided that I will need bite the bullet and become proficient with open-ldap because both sendmail and cyrus-imap appear to have mature support for LDAP, unlike mysql. (and yes I've read a thousand times that LDAP is more appropriate than SQL for non relational lookups..., I have also been told that I should give up sendmail and use postfix, but I have a lot of investment in labor on our sendmail milter setups...) THAT said, if someone has good documentation links, helpful suggestions, or would not mind filling in the gaps offline - I would appreciate it.
Re: Is there a deluser equivalent in OpenBSD?
On Sun, 29 Oct 2006 19:15:56 +0100, Ingo Schwarze [EMAIL PROTECTED] said: Leonardo Rodrigues wrote on Sun, Oct 29, 2006 at 01:45:15PM -0300: Though, it seems a bit strange that OpenBSD lacks something like that. On first sight, an additional option remove from group to usermod(8) might not hurt much. As a second thought, how would you call it, -g and -G are already occupied; yet it is important for learners to have option names as few and as mnemonic as possible, and please lets not get into --remove-from-group. As a third thought, what might be the next special case that somebody could come up with for plausible reasons? And finally, once you add an option, you have to live with it for good, as somebody will certainly rely on it. Instead of usermod -G group
Re: new postgresql in ports
On 29/10/06, LeVA [EMAIL PROTECTED] wrote: Hi! There was a commit today which updates postgresql to version 8.1.5. This fix made it to the stable branch too, so will there be a package for it, or I have to compile it from ports? I don't really understand how this updating process work yet, so just forgive (but not ignore :) me, if I'm writing foolish things. From what I've seen, for current the packages are usually built something like once or twice a month, for most arches. For stable, from the discussions here I understand packages are (re)built if they are updated, but pretty much only for i386. So if you don't want to wait, or are on a different architecture, you need to build it from ports. Thanks! Daniel -- LeVA -- viq
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
I have also been looking for this information Sam Fourman Jr. On 10/29/06, Paul Pruett [EMAIL PROTECTED] wrote: Looking for docs for OpenLDAP and cyrus-imapd on OpenBSD I am trying to implement cyrus-imap on OpenBSD sendmail for virtual hosting with support for pop3, imap (localhost), and smtp-auth. I've googled so much information with that just did not quite fit that it is daunting for those of us who are unfamiliar with ldap. I have made some progress like I had actually hacked cyrus-imap to use the mysql for authentication, got cyradm to work by modifying /etc/hosts and so on..., was making that progress till I found that saslauthd will not support SQL, so I could not go that way for smtp-auth with sendmail. After that endeavor I decided that I will need bite the bullet and become proficient with open-ldap because both sendmail and cyrus-imap appear to have mature support for LDAP, unlike mysql. (and yes I've read a thousand times that LDAP is more appropriate than SQL for non relational lookups..., I have also been told that I should give up sendmail and use postfix, but I have a lot of investment in labor on our sendmail milter setups...) THAT said, if someone has good documentation links, helpful suggestions, or would not mind filling in the gaps offline - I would appreciate it.
Re: Is there a deluser equivalent in OpenBSD?
On Sun, 29 Oct 2006 19:15:56 +0100, Ingo Schwarze [EMAIL PROTECTED] said: On first sight, an additional option remove from group to usermod(8) might not hurt much. As a second thought, how would you call it, -g and -G are already occupied; yet it is important for learners to have option names as few and as mnemonic as possible, and please lets not get into --remove-from-group. As a third thought, what might be the next special case that somebody could come up with for plausible reasons? And finally, once you add an option, you have to live with it for good, as somebody will certainly rely on it. instead of usermod -G group; to add to group. you could usermod -G - group; to remove from group just a thought... but as has been pointed out, it is trivial to write a script that would automatically go out and modify /etc/group on even a large number of boxes. This is rough, needs polishing, use at own risk, blah blah... BOXES=server1 server 2 server3. . . for box in $BOXES do { sleep 5;echo username;sleep 2;echo password;sleep 2; echosudo do some command left as exercise for reader; sleep 3;echo exit; } |telnet $box 2/tmp/rcmd.error 1/dev/null done
Re: Is there a deluser equivalent in OpenBSD?
On Sun, 29 Oct 2006, Eric Furman wrote: On Sun, 29 Oct 2006 19:15:56 +0100, Ingo Schwarze [EMAIL PROTECTED] said: On first sight, an additional option remove from group to usermod(8) might not hurt much. As a second thought, how would you call it, -g and -G are already occupied; yet it is important for learners to have option names as few and as mnemonic as possible, and please lets not get into --remove-from-group. As a third thought, what might be the next special case that somebody could come up with for plausible reasons? And finally, once you add an option, you have to live with it for good, as somebody will certainly rely on it. instead of usermod -G group; to add to group. you could usermod -G - group; to remove from group just a thought... but as has been pointed out, it is trivial to write a script that would automatically go out and modify /etc/group on even a large number of boxes. This is rough, needs polishing, use at own risk, blah blah... BOXES=server1 server 2 server3. . . for box in $BOXES do { sleep 5;echo username;sleep 2;echo password;sleep 2; echosudo do some command left as exercise for reader; sleep 3;echo exit; } |telnet $box 2/tmp/rcmd.error 1/dev/null done You got to be kidding. This is the worst script I've seen in ages. -Otto
Applying patch ?
Hi i am quite new to openbsd. I have download the patchs from the openbsd website and extract it. I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 Thanks you very much. Best regard -- View this message in context: http://www.nabble.com/Applying-patch---tf2536341.html#a7066168 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
Paul Pruett wrote: THAT said, if someone has good documentation links, helpful suggestions, or would not mind filling in the gaps offline - I would appreciate it. If all you want about LDAP is to authenticate your users from LDAP, then Cyrus IMAPd will just do it from sasl interface. Be sure you have installed cyrus-sasl package with ldap flavor. An example /etc/saslauthd.conf will look like this ldap_servers: ldap://127.0.0.1 ldap_search_base: dc=your,dc=base,dc=dn ldap_filter: ((uid=%u)(objectClass=inetOrgPerson)) ldap_auth_method: userPassword As you can guess, %u gets replaced with username. userPassword auth method means authentication will occur with binding. And related lines for /etc/imapd.conf sasl_mech_list: plain sasl_pwcheck_method:saslauthd sasl_saslauthd_path:/your/path/to/saslauthd/mux Good luck...
Re: Applying patch ?
Maverick wrote: Hi i am quite new to openbsd. I have download the patchs from the openbsd website and extract it. I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 Patch is waiting for input from stdin. You should use it like: $ cd /usr/src $ patch -p0 /path/to/001_sendmail.patch This was documented in the FAQ. http://www.openbsd.org/faq/faq10.html#Patches OpenBSD FAQ is actively maintained to be a one-stop-resource for the beginners. Tremendous effort goes into it. You should use it pragmatically...
Re: Applying patch ?
Am Sonntag, 29. Oktober 2006 23:13 schrieben Sie: Hi i am quite new to openbsd. I have download the patchs from the openbsd website and extract it. I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 Thanks you very much. Best regard $ head 001_sendmail.patch Apply by doing: cd /usr/src patch -p0 001_sendmail.patch And then rebuild and install sendmail: cd gnu/usr.sbin/sendmail make obj make depend make make install see http://openbsd.org/faq/faq10.html#Patches it4s all in the faq... greetings thomas
Re: Applying patch ?
It's sitting there because it's reading from standard input. Try this instead: cd /usr/src/ patch -p0 /path/to/001_sendmail.patch -- Joel Goguen Bachelor of Computer Science III University of New Brunswick http://iapetus.dyndns.org/ Maverick wrote: Hi i am quite new to openbsd. I have download the patchs from the openbsd website and extract it. I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 Thanks you very much. Best regard
Re: Applying patch ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 from the text in 001_sendmail.patch: Apply by doing: cd /usr/src patch -p0 001_sendmail.patch And then rebuild and install sendmail: cd gnu/usr.sbin/sendmail make obj make depend make make install note the '' in the patch -p0... line. Maverick wrote: I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 iD8DBQFFRS1DBOPsJyAQkeARAn+KAJ4q2tasJ1uNHvC+M+g1Mgf21D3yNwCdG1gE RiZjC49uIYNWclGqSNRHpVI= =FGO8 -END PGP SIGNATURE-
Re: Applying patch ?
On 10/29/06, Maverick [EMAIL PROTECTED] wrote: Hi i am quite new to openbsd. I have download the patchs from the openbsd website and extract it. I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 It appears that you didn't read the first two lines of the patch: Apply by doing: cd /usr/src patch -p0 001_sendmail.patch Greg
Re: new postgresql in ports
2006. October 29. 22:30, viq: On 29/10/06, LeVA [EMAIL PROTECTED] wrote: Hi! There was a commit today which updates postgresql to version 8.1.5. This fix made it to the stable branch too, so will there be a package for it, or I have to compile it from ports? I don't really understand how this updating process work yet, so just forgive (but not ignore :) me, if I'm writing foolish things. From what I've seen, for current the packages are usually built something like once or twice a month, for most arches. For stable, from the discussions here I understand packages are (re)built if they are updated, but pretty much only for i386. So if you don't want to wait, or are on a different architecture, you need to build it from ports. I'm using -stable and i386. I can wait, and I want to, if I only knew how long... (at least approximately; 1 week | 2 months?). I see that screen still hasn't got an updated package, altough there was a security update for it a few days (maybe 1 week?) ago. Daniel -- LeVA
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
If all you want about LDAP is to authenticate your users from LDAP, then Cyrus IMAPd will just do it from sasl interface. Be sure you have installed cyrus-sasl package with ldap flavor I think I need a little more than that, I am not even sure how best to insert the username realm and password and into which index.. and to that I am on a crash learn of ldap, so that is part of the picture I'll need to understand asap :( I figured the flavor thing out when I went down the mysql flavor method, Also we may need to use the -r option for pkg_add -r to get the flavor package loaded... Here is how to make flavors and -server for those who may google this on the lists: cd /usr/ports/mail/cyrus-imap make package cd /usr/ports/security/cyrus-sasl2 env FLAVOR=ldap make package cd /usr/ports/databases/openldap/ env SUBPACKAGE=ldap FLAVOR=bdb make package An example /etc/saslauthd.conf will look like this ldap_servers: ldap://127.0.0.1 ldap_search_base: dc=your,dc=base,dc=dn ldap_filter: ((uid=%u)(objectClass=inetOrgPerson)) ldap_auth_method: userPassword As you can guess, %u gets replaced with username. userPassword auth method means authentication will occur with binding. And related lines for /etc/imapd.conf sasl_mech_list: plain sasl_pwcheck_method:saslauthd sasl_saslauthd_path:/your/path/to/saslauthd/mux Good luck... I appreciate the above examples and will digest it asap. I saw several options for imapd.conf that dealt with ldap without the sasl_ prefix, and that may have mislead also. A note to other readers, any option in /etc/imapd.conf that is prefixed with sasl_ may overided the SASL configuration file, see the man page for imapd.conf and sasl_option BTW, I know I got off track when I tried settings from an example slapd.conf from a Linux Gazzette page: http://linuxgazette.net/124/pfeiffer.html http://linuxgazette.net/124/misc/pfeiffer/slapd.conf
Re: minimum hardware requirements for NTP server?
On 29 Oct 2006, at 07:58, [EMAIL PROTECTED] wrote: I would like to set up OpenBSD 4.0 as an NTP server using GPS as the time source instead of punching a hole periodically in a firewall to query the Internet time servers. Does anyone have recommendations for the minimum hardware required to implement this? I have old 200MHz, 400MHz, 600MHz, 800MHz boxes which could be used. Thanks for any candor provided. Jim Use whatever box uses the least amount of energy :-) --- Liam J. Foy [EMAIL PROTECTED]
Re: Applying patch ?
Thanks a lot for the answer I have tried it but i have something after that as well # cd /usr/src # patch -p0 001_sendmail.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Apply by doing: | cd /usr/src | patch -p0 001_sendmail.patch | |And then rebuild and install sendmail: | cd gnu/usr.sbin/sendmail | make obj | make depend | make | make install | |Index: gnu/usr.sbin/sendmail/libsm/fflush.c |=== |RCS file: /cvs/src/gnu/usr.sbin/sendmail/libsm/fflush.c,v |retrieving revision 1.2 |diff -u -p -r1.2 fflush.c |--- gnu/usr.sbin/sendmail/libsm/fflush.c 1 Oct 2001 17:18:29 - 1.2 |+++ gnu/usr.sbin/sendmail/l Can you please tell me what i can i do with this? Greg Thomas-3 wrote: On 10/29/06, Maverick [EMAIL PROTECTED] wrote: Hi i am quite new to openbsd. I have download the patchs from the openbsd website and extract it. I run the command to fix the first bug patch 001_sendmail.patch However it taking more then 15 mins and still staying there. Is there any thing wrong with what i have been doing? What should i do to apply the patch for openbsd 3.9 It appears that you didn't read the first two lines of the patch: Apply by doing: cd /usr/src patch -p0 001_sendmail.patch Greg -- View this message in context: http://www.nabble.com/Applying-patch---tf2536341.html#a7067350 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Applying patch ?
Maverick wrote: Thanks a lot for the answer I have tried it but i have something after that as well # cd /usr/src # patch -p0 001_sendmail.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Apply by doing: | cd /usr/src | patch -p0 001_sendmail.patch | |And then rebuild and install sendmail: | cd gnu/usr.sbin/sendmail | make obj | make depend | make | make install | |Index: gnu/usr.sbin/sendmail/libsm/fflush.c |=== |RCS file: /cvs/src/gnu/usr.sbin/sendmail/libsm/fflush.c,v |retrieving revision 1.2 |diff -u -p -r1.2 fflush.c |--- gnu/usr.sbin/sendmail/libsm/fflush.c 1 Oct 2001 17:18:29 - 1.2 |+++ gnu/usr.sbin/sendmail/l Can you please tell me what i can i do with this? You should read it. # Han
Re: Applying patch ?
Maverick wrote: Thanks a lot for the answer I have tried it but i have something after that as well # cd /usr/src # patch -p0 001_sendmail.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Apply by doing: | cd /usr/src | patch -p0 001_sendmail.patch | |And then rebuild and install sendmail: | cd gnu/usr.sbin/sendmail | make obj | make depend | make | make install | |Index: gnu/usr.sbin/sendmail/libsm/fflush.c |=== |RCS file: /cvs/src/gnu/usr.sbin/sendmail/libsm/fflush.c,v |retrieving revision 1.2 |diff -u -p -r1.2 fflush.c |--- gnu/usr.sbin/sendmail/libsm/fflush.c 1 Oct 2001 17:18:29 - 1.2 |+++ gnu/usr.sbin/sendmail/l Can you please tell me what i can i do with this? You have applied the patch to the sendmail source code. Now you must rebuild and install sendmail. The output from the patch command tells you what to do: |And then rebuild and install sendmail: | cd gnu/usr.sbin/sendmail | make obj | make depend | make | make install Since you are new to OpenBSD, you should know that OpenBSD tells you how to do all of the important things. In other words, OpenBSD is very well documented. However, to be successful you must learn to find the documentation. In this case it was right under your nose. All/most patches will tell you how to apply them. Also check the OpenBSD FAQ.
understanding the kernel
Hello! I am a not-so-experienced programmer and I started a personal project which requires a deep understanding of the OpenBSD kernel - no, I am not going to fork another BSD style operating system. I wonder if there is documentation describing the kernel, other that the comments in the source. For a start, I am reading Andrew Tanenbaum's Modern Operating Systems, 2nd edition and trying to follow the code in the kernel source, starting with sys/kern/init_main.c Is this a wrong approach? Do you have other suggestions? I know there's no easy way and I am not looking for one, all I want is a starting point. Regards, George
mounting problems
hi, pls. help me mount my partition in my linux partitions #fdisk -lu /dev/hda (in linux) Disk /dev/hda: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders, total 156301488 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System /dev/hda1 * 634882153424410736 a6 OpenBSD /dev/hda248821535 156296384537374255 Extended /dev/hda54882159852725329 1951866 a6 OpenBSD /dev/hda652725393 10154686424410736 83 Linux /dev/hda7 101546928 105450659 1951866 82 Linux swap / Solaris /dev/hda8 105450723 15629638425422831 83 Linux how will i mount /dev/hda8 and /dev/hda6 in openbsd? my openbsd /etc/fstab entry: /dev/wd0a / ffs rw 1 1 thanks, --jay--
Re: minimum hardware requirements for NTP server?
On 10/29/06, Marc Balmer [EMAIL PROTECTED] wrote: Henning Brauer wrote: I have a slower vax serving our entire network. it doesn't have usb tho, thus no gps nmea(4) works over serial lines, too. How accurate is NMEA, on USB or serial without using a PPS signal line?
Re: minimum hardware requirements for NTP server?
On 10/29/06, Marc Balmer [EMAIL PROTECTED] wrote: Henning Brauer wrote: I have a slower vax serving our entire network. it doesn't have usb tho, thus no gps nmea(4) works over serial lines, too. How accurate is NMEA, on USB or serial without using a PPS signal line? A lot more accurate than nothing at all. Because that is the real question, isn't it?
Re: understanding the kernel
On Sun, Oct 29, 2006 at 08:24:16PM -0700, George Mihai IACOB wrote: Hello! I am a not-so-experienced programmer and I started a personal project which requires a deep understanding of the OpenBSD kernel - no, I am not going to fork another BSD style operating system. I wonder if there is documentation describing the kernel, other that the comments in the source. For a start, I am reading Andrew Tanenbaum's Modern Operating Systems, 2nd edition and trying to follow the code in the kernel source, starting with sys/kern/init_main.c Is this a wrong approach? Do you have other suggestions? I know there's no easy way and I am not looking for one, all I want is a starting point. Regards, George You don't mention what you had in mind so it is hard to point at anything. The Design and Implementation of the 4.4 BSD Operating System by McKusick and friends is likely to be more relevant for implementation details, Tanebaum's book is more high level theory.
Re: understanding the kernel
On Sun, 29 Oct 2006, George Mihai IACOB wrote: Hello! I am a not-so-experienced programmer and I started a personal project which requires a deep understanding of the OpenBSD kernel - no, I am not going to fork another BSD style operating system. I wonder if there is documentation describing the kernel, other that the comments in the source. For a start, I am reading Andrew Tanenbaum's Modern Operating Systems, 2nd edition and trying to follow the code in the kernel source, starting with sys/kern/init_main.c Is this a wrong approach? Do you have other suggestions? I know there's no easy way and I am not looking for one, all I want is a starting point. Regards, George A lot of internal kernel APIs are documented in section 9 of the man pages. And, while this may be superfluous, the public API, also known as system calls are described in section 2. -Otto
Re: docs for OpenLDAP and cyrus-imapd on OpenBSD?
2006/10/29, Paul Pruett [EMAIL PROTECTED]: Looking for docs for OpenLDAP and cyrus-imapd on OpenBSD I am trying to implement cyrus-imap on OpenBSD sendmail for virtual hosting with support for pop3, imap (localhost), and smtp-auth. I have it working a similar setup. All you need once the openldap side is runnning (and there are lots of docs about OpenLDAP for users authentication out there): In the sendmail side, you just need to map mail adresses to uids (forget mailAlternateAddress, just needed if you migrated from qmail-ldap): FEATURE(`virtusertable', `ldap -1 -TTMPF -v uid -k (|(mail=%0)(mailAlternateAddress=%0))')dnl configure SASL options in sendmail.mc define(`confAUTH_MECHANISMS', `CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN') /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd mech_list: plain cram-md5 digest-md5 login saslauthd.conf: ldap_servers: ldap://ldap.xxx/ ldap_bind_dn: cn=xxx,dc=xxx,dc=sa ldap_bind_pw: ldap_search_base: ou=People,dc=carreras,dc=sa ldap_filter: ((uid=%u)(accountStatus=active)) ldap_password_attr: userPassword Cyrus LDAP authentication: /etc/imapd.conf sasl_pwcheck_method: saslauthd sasl_mech_list: login cram-md5 digest-md5 plain (*-md5 mechs won't work with hashed userPasswords, but don't harm) You will need a sendmail compiled with SASL and ldap support, just add this to /etc/mk.conf: WANT_LDAP=yes WANT_SMTPAUTH=yes And thats all... Greets
Re: Applying patch ?
uppsss I am sorry I forgot to add the important bit. When i run patch -p0 001_sendmail.patch, it asked me for the file to patch. Can you please give me an example how to go that in sendmail patch? Thanks a lot for your help I do appreciate that. Joe S wrote: Maverick wrote: Thanks a lot for the answer I have tried it but i have something after that as well # cd /usr/src # patch -p0 001_sendmail.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Apply by doing: | cd /usr/src | patch -p0 001_sendmail.patch | |And then rebuild and install sendmail: | cd gnu/usr.sbin/sendmail | make obj | make depend | make | make install | |Index: gnu/usr.sbin/sendmail/libsm/fflush.c |=== |RCS file: /cvs/src/gnu/usr.sbin/sendmail/libsm/fflush.c,v |retrieving revision 1.2 |diff -u -p -r1.2 fflush.c |--- gnu/usr.sbin/sendmail/libsm/fflush.c 1 Oct 2001 17:18:29 - 1.2 |+++ gnu/usr.sbin/sendmail/l Can you please tell me what i can i do with this? You have applied the patch to the sendmail source code. Now you must rebuild and install sendmail. The output from the patch command tells you what to do: |And then rebuild and install sendmail: | cd gnu/usr.sbin/sendmail | make obj | make depend | make | make install Since you are new to OpenBSD, you should know that OpenBSD tells you how to do all of the important things. In other words, OpenBSD is very well documented. However, to be successful you must learn to find the documentation. In this case it was right under your nose. All/most patches will tell you how to apply them. Also check the OpenBSD FAQ. -- View this message in context: http://www.nabble.com/Applying-patch---tf2536341.html#a7070241 Sent from the openbsd user - misc mailing list archive at Nabble.com.