checksums and installer
i have just installed the feb 20 snapshot on a personal netbook (not server). to install snapshots, i normally download the iso, copy the files from it to my home, and boot up bsd.rd and then select the sets from an already mounted partition. i feel the latest incarnation of the installer is a bit hysterical about the checksum verification and i had to enter yes 12x, for every single set. this is quite annoying and perhaps it could be reverted back to the previous method where a single yes was enough to convince the installer that i am ok with non-verified sets. -f -- that'll be all for now, other than to say hi to Wonko if he's watching.
Re: X11 graphics corruption on intel card
for the archives: with the latest snapshot intel driver 2.99.910 this seems to be fixed. -f hmm, on Mon, Jan 06, 2014 at 04:53:38PM +0100, frantisek holop said that i am sad to report an intel driver regression: i have now gazillions of these in Xorg.0.log: [91.472] (EE) intel(0): Failed to submit batch buffer, expect rendering corruption or even a frozen display: Resource deadlock avoided. [91.563] (EE) intel(0): Failed to submit batch buffer, expect rendering corruption or even a frozen display: Resource deadlock avoided. [91.568] (EE) intel(0): Failed to submit batch buffer, expect rendering corruption or even a frozen display: Resource deadlock avoided. some linux threads i found: https://bbs.archlinux.org/viewtopic.php?id=156486 https://bugs.freedesktop.org/show_bug.cgi?id=59771 OpenBSD 5.4-current (GENERIC.MP) #187: Sat Dec 28 17:15:20 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF real mem = 1061818368 (1012MB) avail mem = 1032564736 (984MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/31/10, SMBIOS rev. 2.6 @ 0xeb0f0 (53 entries) bios0: vendor LENOVO version 50CN12WW date 04/22/2011 bios0: LENOVO 20109 acpi0 at bios0: rev 3 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC HPET acpi0: wakeup devices P0P8(S4) PS2K(S3) PS2M(S3) EUSB(S3) P0PA(S4) P0PB(S4) P0PC(S4) P0P9(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) PWRB(S3) SLPB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (P0P8) acpiprt2 at acpi0: bus 2 (P0PA) acpiprt3 at acpi0: bus -1 (P0PB) acpiprt4 at acpi0: bus -1 (P0PC) acpiprt5 at acpi0: bus 1 (P0P9) acpiec0 at acpi0 acpicpu0 at acpi0:, C3, C2, C1, PSS acpicpu1 at acpi0:, C3, C2, C1, PSS acpicpu2 at acpi0:, C3, C2, C1, PSS acpicpu3 at acpi0:, C3, C2, C1, PSS acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: LID_ acpiac0 at acpi0: AC unit offline acpibat0 at acpi0: BAT1 model LNV-L10C6Y12 serial 004706 type LiIon oem CPT-ES3 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 bios0: ROM list: 0xc/0xda00! 0xce000/0x1000 cpu0: Enhanced SpeedStep 1663 MHz: speeds: 1667, 1334, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02 vga1 at pci0 dev 2 function 0 Intel Pineview Video rev 0x02 intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1024x600 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel Pineview Video rev 0x02 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi azalia0: codecs: Realtek ALC269 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 4 int 16 pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 Realtek 8101E rev 0x05: RTL8105E (0x4080), msi, address 50:af:73:14:da:b5 rlphy0 at re0 phy 7: RTL8201E 10/100 PHY, rev. 2 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 4 int 17 pci2 at ppb1 bus 2 Realtek 8188CE rev 0x01 at pci2 dev 0 function 0 not configured uhci0 at
Generate hashed rootpw for native ldapd
Hi, I want to generate a hashed rootpw for native ldapd (on OBSD 5.4). I've tried various things like `echo secret | sha256` but I can't authenticate. If possible, I'd like not to install openldap-server just to get slappasswd. What is the (native) way to generate the SSHA hashed format for rootpw ? TIA, Jo
tcpdump lying? wifi, WEP and dhclient
i am on the road at the moment, staying at various hostels. more often than not, i can connect my openbsd netbook (run0) to these networks. the current hostel however is not one of those. i am staying here only until tomorrow, so i wont be able to test anything later but i still want to send this email because this is something i have never seen before and i am curious what others think, and what are possible ways to diagnose. so there is the router, some model made by SHENZEN GONGJIN electronics (192.168.1.1), a windows notebook, and a puffy notebook. i am running tcpdump on puffy and windump.exe on the win notebook side by side looking at traffic on ports 67 and 68. i can clearly see the whole hostel (including my android phones and the win notebook) asking and getting leases on both notebooks. the WEP password must be correct because i can see the cleartext packets in puffy:tcpdump. on puffy, i can also see the packets generated by my own dhclient, but those never receive any answer from the router. first i thought dhclient does not speak chinese, but here is the vampire looking in the mirror: windump does NOT see those packets and so it could be likely that the router does not see them either. what is going on? someone must be lying.. if tcpdump shows them, but they are not in the air, where are they? -f ps. netstat -i shows some errors: 3 Ierrs, 4 Oerrs dont know if its connected to this. ps2. pf is disabled, but i had only the default config file anyway, and it wasn't an issue before. -- if you see an onion ring, answer it.
Re: tcpdump lying? wifi, WEP and dhclient
forgot the dmesg: OpenBSD 5.5-beta (GENERIC.MP) #238: Thu Feb 20 15:00:18 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF real mem = 1061785600 (1012MB) avail mem = 1032110080 (984MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/31/10, SMBIOS rev. 2.6 @ 0xeb0f0 (53 entries) bios0: vendor LENOVO version 50CN12WW date 04/22/2011 bios0: LENOVO 20109 acpi0 at bios0: rev 3 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC HPET acpi0: wakeup devices P0P8(S4) PS2K(S3) PS2M(S3) EUSB(S3) P0PA(S4) P0PB(S4) P0PC(S4) P0P9(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) PWRB(S3) SLPB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU N570 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (P0P8) acpiprt2 at acpi0: bus 2 (P0PA) acpiprt3 at acpi0: bus -1 (P0PB) acpiprt4 at acpi0: bus -1 (P0PC) acpiprt5 at acpi0: bus 1 (P0P9) acpiec0 at acpi0 acpicpu0 at acpi0:, C3, C2, C1, PSS acpicpu1 at acpi0:, C3, C2, C1, PSS acpicpu2 at acpi0:, C3, C2, C1, PSS acpicpu3 at acpi0:, C3, C2, C1, PSS acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: LID_ acpiac0 at acpi0: AC unit offline acpibat0 at acpi0: BAT1 model LNV-L10C6Y12 serial 004706 type LiIon oem CPT-ES3 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 bios0: ROM list: 0xc/0xda00! 0xce000/0x1000 cpu0: Enhanced SpeedStep 1663 MHz: speeds: 1667, 1334, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02 vga1 at pci0 dev 2 function 0 Intel Pineview Video rev 0x02 intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1024x600 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel Pineview Video rev 0x02 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi azalia0: codecs: Realtek ALC269 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 4 int 16 pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 Realtek 8101E rev 0x05: RTL8105E (0x4080), msi, address 50:af:73:14:da:b5 rlphy0 at re0 phy 7: RTL8201E 10/100 PHY, rev. 2 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 4 int 17 pci2 at ppb1 bus 2 Realtek 8188CE rev 0x01 at pci2 dev 0 function 0 not configured uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 4 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 4 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 4 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 4 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 4 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci3 at ppb2 bus 3 pcib0 at pci0 dev 31 function 0 Intel NM10 LPC rev 0x02 ahci0 at pci0 dev 31 function 2 Intel 82801GR AHCI rev 0x02: msi, AHCI 1.1 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, HITACHI HTS54323, ES2Z SCSI3 0/direct fixed naa.5000cca6c7d0d37f sd0: 305245MB, 512 bytes/sector, 625142448 sectors ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus
Re: Printing problem
On Feb 19 13:20:07, chrisbenn...@bennettconstruction.us wrote: I don't print from my laptop often, but all was fine until recently. I did not have any problems previously. I haven't made any changes either. I am using commands of lpr -Plp estimate_details_for_customer or lpr -Paps1 estimate_details_for_customer On Feb 19 12:32:36, jeremyeva...@gmail.com wrote: Known issue with that snapshot. Already fixed in -current. Indeed. Out of curiosity, what was it? I couldn't find anything under http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/ that would break and fix this. On Feb 19 22:00:03, s...@openbsd.org wrote: I rather think this is the foomatic-filters - cups-filters update that breaks existing filter scripts for lpd setups, because cups-filters removes lpd compat. I doubt that; my setup only uses only uses plain lpd/lpr, and got broken and fixed with the pre-last and last snapshot, respectively.
Re: Generate hashed rootpw for native ldapd
j...@carnat.net (Joel Carnat), 2014.02.21 (Fri) 12:09 (CET):
I want to generate a hashed rootpw for native ldapd (on OBSD 5.4).
I've tried various things like `echo secret | sha256` but I can't
authenticate.
If possible, I'd like not to install openldap-server just to get slappasswd.
What is the (native) way to generate the SSHA hashed format for rootpw ?
``What are {SHA} and {SSHA} passwords and how do I generate them?''
http://www.openldap.org/faq/data/cache/347.html
Easiest way there seems to be:
print passphrase | openssl dgst -sha1 -binary | \
openssl enc -base64 | awk '{print {SHA}$0}'
No way to test here...
Bye, Marcus
Re: Generate hashed rootpw for native ldapd
Hum, I tried it but it doesn't work.
I have a slappasswd else where to test. And here's what I get :
# print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# echo passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# slappasswd -h {SHA} -s passphrase
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
Using the string generated with slappasswd works.
Other two don't :(
Le 21 févr. 2014 à 13:18, Marcus MERIGHI mcmer-open...@tor.at a écrit :
j...@carnat.net (Joel Carnat), 2014.02.21 (Fri) 12:09 (CET):
I want to generate a hashed rootpw for native ldapd (on OBSD 5.4).
I've tried various things like `echo secret | sha256` but I can't
authenticate.
If possible, I'd like not to install openldap-server just to get slappasswd.
What is the (native) way to generate the SSHA hashed format for rootpw ?
``What are {SHA} and {SSHA} passwords and how do I generate them?''
http://www.openldap.org/faq/data/cache/347.html
Easiest way there seems to be:
print passphrase | openssl dgst -sha1 -binary | \
openssl enc -base64 | awk '{print {SHA}$0}'
No way to test here...
Bye, Marcus
Re: Generate hashed rootpw for native ldapd
try not including newline:
$ echo -n passphrase | openssl dgst -sha1 -binary | openssl enc
-base64 | awk '{print {SHA}$0}'
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
$
On Fri, Feb 21, 2014 at 6:31 AM, Joel Carnat j...@carnat.net wrote:
Hum, I tried it but it doesn't work.
I have a slappasswd else where to test. And here's what I get :
# print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# echo passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# slappasswd -h {SHA} -s passphrase
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
Using the string generated with slappasswd works.
Other two don't :(
Le 21 févr. 2014 à 13:18, Marcus MERIGHI mcmer-open...@tor.at a écrit :
j...@carnat.net (Joel Carnat), 2014.02.21 (Fri) 12:09 (CET):
I want to generate a hashed rootpw for native ldapd (on OBSD 5.4).
I've tried various things like `echo secret | sha256` but I can't
authenticate.
If possible, I'd like not to install openldap-server just to get slappasswd.
What is the (native) way to generate the SSHA hashed format for rootpw ?
``What are {SHA} and {SSHA} passwords and how do I generate them?''
http://www.openldap.org/faq/data/cache/347.html
Easiest way there seems to be:
print passphrase | openssl dgst -sha1 -binary | \
openssl enc -base64 | awk '{print {SHA}$0}'
No way to test here...
Bye, Marcus
Re: Generate hashed rootpw for native ldapd
Yep, that works!
Thanks :)
Le 21 févr. 2014 à 13:41, Abel Abraham Camarillo Ojeda acam...@verlet.org a
écrit :
try not including newline:
$ echo -n passphrase | openssl dgst -sha1 -binary | openssl enc
-base64 | awk '{print {SHA}$0}'
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
$
On Fri, Feb 21, 2014 at 6:31 AM, Joel Carnat j...@carnat.net wrote:
Hum, I tried it but it doesn't work.
I have a slappasswd else where to test. And here's what I get :
# print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# echo passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# slappasswd -h {SHA} -s passphrase
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
Using the string generated with slappasswd works.
Other two don't :(
Le 21 févr. 2014 à 13:18, Marcus MERIGHI mcmer-open...@tor.at a écrit :
j...@carnat.net (Joel Carnat), 2014.02.21 (Fri) 12:09 (CET):
I want to generate a hashed rootpw for native ldapd (on OBSD 5.4).
I've tried various things like `echo secret | sha256` but I can't
authenticate.
If possible, I'd like not to install openldap-server just to get
slappasswd.
What is the (native) way to generate the SSHA hashed format for rootpw ?
``What are {SHA} and {SSHA} passwords and how do I generate them?''
http://www.openldap.org/faq/data/cache/347.html
Easiest way there seems to be:
print passphrase | openssl dgst -sha1 -binary | \
openssl enc -base64 | awk '{print {SHA}$0}'
No way to test here...
Bye, Marcus
Re: Generate hashed rootpw for native ldapd
On Fri, Feb 21, 2014 at 01:31:13PM +0100, Joel Carnat wrote:
Hum, I tried it but it doesn't work.
I have a slappasswd else where to test. And here's what I get :
# print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# echo passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# slappasswd -h {SHA} -s passphrase
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
Using the string generated with slappasswd works.
Other two don't :(
Do not use echo since that will ad a newline to the password.
This works for me and is simpler:
echo -n '{SHA}'; printf passphrase | sha1 -b
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
The salted version is a bit more complex since you need to include the
base64 of the salt after the SHA1 output and include the salt after the
password when doing the SHA1.
--
:wq Claudio
Re: Generate hashed rootpw for native ldapd
On Fri, Feb 21, 2014 at 01:31:13PM +0100, Joel Carnat wrote:
Hum, I tried it but it doesn't work.
I have a slappasswd else where to test. And here's what I get :
# print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# echo passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE=
# slappasswd -h {SHA} -s passphrase
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
echo passphrase include a return at end of line: you should avoid it.
$ echo -n passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk
'{print {SHA}$0}'
{SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ=
Bye.
--
Sébastien Marie
Re: Generate hashed rootpw for native ldapd
On 2014-02-21 5:09, Joel Carnat wrote:
What is the (native) way to generate the SSHA hashed format for
rootpw ?
Is there a particular reason you want to use SSHA? Here is a short
script that should run fine on a stock OpenBSD machine to generate a
bcrypt hash suitable for the userPassword attribute of ldapd.
#! /usr/bin/perl
use strict;
while() {
my $salt = '';
my $new_pw = $_;
chomp($new_pw);
my @chars = split //,
abcdefghijklmnopqrstuvwxyz .
ABCDEFGHIJKLMNOPQRSTUVWXYZ .
0123456789+/;
for (my $i = 0; $i 21; $i++) {
$salt .= $chars[int(rand($#chars+1))];
}
my $rnd_salt = '$2a$06$' . $salt . $new_pw;
my $hash = crypt($new_pw, $rnd_salt);
print({CRYPT}$hash\n);
}
--
Matthew Weigel
hacker
unique idempot . ent
Re: Printing problem
On Fri, Feb 21, 2014 at 3:54 AM, Jan Stary h...@stare.cz wrote: On Feb 19 13:20:07, chrisbenn...@bennettconstruction.us wrote: I don't print from my laptop often, but all was fine until recently. I did not have any problems previously. I haven't made any changes either. I am using commands of lpr -Plp estimate_details_for_customer or lpr -Paps1 estimate_details_for_customer On Feb 19 12:32:36, jeremyeva...@gmail.com wrote: Known issue with that snapshot. Already fixed in -current. Indeed. Out of curiosity, what was it? I couldn't find anything under http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/ that would break and fix this. Remote printing with lpd was broken from January 20 to February 7. usr.sbin/lpr/lpd/printjob.c (broken by r1.50, fixed by r1.52) Thanks, Jeremy
Re: Generate hashed rootpw for native ldapd
On 2014-02-21 9:24, Matthew Weigel wrote:
On 2014-02-21 5:09, Joel Carnat wrote:
Here is a short
script that should run fine on a stock OpenBSD machine to generate a
bcrypt hash suitable for the userPassword attribute of ldapd.
Nope nope nope. That script is incorrect in a couple of ways. Most
significantly it leaks the first two bits of the user's password,
because I didn't understand how to pass the salt correctly. I don't
know if anyone actually WANTS a corrected version of the script, but I
can't leave the uncorrected one out there.
#! /usr/bin/perl
use strict;
while() {
my $salt = '';
my $new_pw = $_;
chomp($new_pw);
my @chars = split //,
./ABCDEFGHIJKLMN .
OPQRSTUVWXYZabcd .
efghijklmnopqrst .
uvwxyz0123456789;
for (my $i = 0; $i 21; $i++) {
$salt .= $chars[int(rand($#chars+1))];
}
$salt .= $chars[int(rand(4))*16];
my $rnd_salt = '$2a$08$' . $salt;
my $hash = crypt($new_pw, $rnd_salt);
print($hash\n);
}
--
Matthew Weigel
hacker
unique idempot . ent
Re: mounting CVS tree read-only?
After studying FAQ 5.3, I am contemplating mounting /usr/src and /usr/xenocara read-only through NFS so I can maintain a centralized tree for multiple platforms. Is this possible? Are all writes made to /usr/obj and /usr/xobj? That is the intent. From time to time, mistakes sneak in. If you find them, work with us to get them resolved. I think not enough people use this mechanism.
Re: Generate hashed rootpw for native ldapd
On Fri, Feb 21, 2014 at 09:24:10AM -0600, Matthew Weigel wrote:
On 2014-02-21 5:09, Joel Carnat wrote:
What is the (native) way to generate the SSHA hashed format for
rootpw ?
Is there a particular reason you want to use SSHA? Here is a short
script that should run fine on a stock OpenBSD machine to generate a
bcrypt hash suitable for the userPassword attribute of ldapd.
#! /usr/bin/perl
use strict;
while() {
my $salt = '';
my $new_pw = $_;
chomp($new_pw);
my @chars = split //,
abcdefghijklmnopqrstuvwxyz .
ABCDEFGHIJKLMNOPQRSTUVWXYZ .
0123456789+/;
for (my $i = 0; $i 21; $i++) {
$salt .= $chars[int(rand($#chars+1))];
}
my $rnd_salt = '$2a$06$' . $salt . $new_pw;
my $hash = crypt($new_pw, $rnd_salt);
print({CRYPT}$hash\n);
}
I guess you can use 'openssl passwd' for that,
or 'openssl passwd -1' for MD5 password
however that is tagged if allowed in LDAP...
--
Matthew Weigel
hacker
unique idempot . ent
--
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: checksums and installer
On Fri, Feb 21, 2014 at 2:24 AM, frantisek holop min...@obiit.org wrote: i have just installed the feb 20 snapshot on a personal netbook (not server). to install snapshots, i normally download the iso, copy the files from it to my home, and boot up bsd.rd and then select the sets from an already mounted partition. i feel the latest incarnation of the installer is a bit hysterical about the checksum verification and i had to enter yes 12x, for every single set. this is quite annoying and perhaps it could be reverted back to the previous method where a single yes was enough to convince the installer that i am ok with non-verified sets. -f -- that'll be all for now, other than to say hi to Wonko if he's watching. I had the same experience on i386. The SHA256 file on the install55.iso is wrong. The correct one appears to be on the ftp site, though.
Re: checksums and installer
On Fri, Feb 21, 2014 at 2:24 AM, frantisek holop min...@obiit.org wrote: i have just installed the feb 20 snapshot on a personal netbook (not server). to install snapshots, i normally download the iso, copy the files from it to my home, and boot up bsd.rd and then select the sets from an already mounted partition. i feel the latest incarnation of the installer is a bit hysterical about the checksum verification and i had to enter yes 12x, for every single set. this is quite annoying and perhaps it could be reverted back to the previous method where a single yes was enough to convince the installer that i am ok with non-verified sets. -f -- that'll be all for now, other than to say hi to Wonko if he's watching. I had the same experience on i386. The SHA256 file on the install55.iso is wrong. The correct one appears to be on the ftp site, though. Indeed. I did something wrong. New snapshots are heading out which aim to fix this.
Re: Generate hashed rootpw for native ldapd
On 2014-02-21 10:07, Raimo Niskanen wrote:
I guess you can use 'openssl passwd' for that,
or 'openssl passwd -1' for MD5 password
however that is tagged if allowed in LDAP...
It doesn't look like openssl passwd knows about bcrypt at all (either
internally, or via crypt()). While I think ldapd would be fine with
either the old DES-based crypt() hash or the MD5-based hash - you would
just need to prefix it with {CRYPT} I think - neither of those is
really a good idea for hashing passwords anymore.
--
Matthew Weigel
hacker
unique idempot . ent
Re: Generate hashed rootpw for native ldapd
I guess you can use 'openssl passwd' for that,
or 'openssl passwd -1' for MD5 password
however that is tagged if allowed in LDAP...
It doesn't look like openssl passwd knows about bcrypt at all (either
internally, or via crypt()). While I think ldapd would be fine with
either the old DES-based crypt() hash or the MD5-based hash - you would
just need to prefix it with {CRYPT} I think - neither of those is
really a good idea for hashing passwords anymore.
Of course openssl doens't know about bcrypt, like much other software.
Some serious NIH syndrome exists out there, though it is sometimes
known by the other acronym IBO.
Re: mounting CVS tree read-only?
On Friday, February 21, 2014 11:14 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: After studying FAQ 5.3, I am contemplating mounting /usr/src and /usr/xenocara read-only through NFS so I can maintain a centralized tree for multiple platforms. Is this possible? Are all writes made to /usr/obj and /usr/xobj? That is the intent. From time to time, mistakes sneak in. If you find them, work with us to get them resolved. I think not enough people use this mechanism. Thank you for your prompt reply! In FAQ 5.3.4, config(8) is being used to populate the /usr/src/sys/arch/platform/compile/GENERIC directory. Am I correct in thinking this directory should be mounted read/write? Thanks, again!
Re: mounting CVS tree read-only?
You can mount an mfs or a tmpfs there to solve that Den 21 feb 2014 21:00 skrev Fred Snurd fredsn...@yahoo.com: On Friday, February 21, 2014 11:14 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: After studying FAQ 5.3, I am contemplating mounting /usr/src and /usr/xenocara read-only through NFS so I can maintain a centralized tree for multiple platforms. Is this possible? Are all writes made to /usr/obj and /usr/xobj? That is the intent. From time to time, mistakes sneak in. If you find them, work with us to get them resolved. I think not enough people use this mechanism. Thank you for your prompt reply! In FAQ 5.3.4, config(8) is being used to populate the /usr/src/sys/arch/platform/compile/GENERIC directory. Am I correct in thinking this directory should be mounted read/write? Thanks, again!
Re: mounting CVS tree read-only?
On 2014-02-21, Fred Snurd fredsn...@yahoo.com wrote: After studying FAQ 5.3, I am contemplating mounting /usr/src and /usr/xenocara read-only through NFS so I can maintain a centralized tree for multiple platforms. Is this possible? The last time I tried to mount the source trees read-only, it worked for /usr/src but there were writes to /usr/xenocara. -- Christian naddy Weisgerber na...@mips.inka.de
Re: mounting CVS tree read-only?
On Fri, Feb 21, 2014 at 11:59, Fred Snurd wrote: In FAQ 5.3.4, config(8) is being used to populate the /usr/src/sys/arch/platform/compile/GENERIC directory. Am I correct in thinking this directory should be mounted read/write? kernels don't have to be built there. From anywhere you like: config -b kobj -s /sys /sys/arch/arch/conf/GENERIC cd kobj make The only thing that won't work is make release, which I don't think is configurable enough. Maybe it is, dunno.
Re: Acer aspire one 722 snapshot
I install 5.3 i386 and ZZZ works. 5.3, 5.4 amd64 not work ZZZ. Now I downloading 5.5 i386 snapshot and test it soon. 2014-02-18 0:04 GMT+02:00 Alexey Kurinnij alexey.kurin...@gmail.com: 2014-02-17 9:29 GMT+02:00 Mike Larkin mlar...@azathoth.net: On Sun, Feb 16, 2014 at 11:46:47AM +0200, Alexey Kurinnij wrote: I see resent thread about ZZZ and install snapshot for tests. What thread was this asking about testing 'ZZZ' ? We had a thread asking about testing 'zzz', but that is completely different than 'ZZZ'. Sorry, I missed thread name and make mistake. I now about diference with zzz and ZZZ. Anyway both not work and I want to make some tests. I don't understand what is said below, did 'ZZZ' work before? And if so, when did it start not working? -ml Today I tried ZZZ with 5.4 amd64 and it not work. Tomorrow I would try with i386.
Re: Acer aspire one 722 snapshot
ZZZ and zzz in 5.5 i386 snapshot work. And not work on amd64 at all. 2014-02-21 22:52 GMT+02:00 Alexey Kurinnij alexey.kurin...@gmail.com: I install 5.3 i386 and ZZZ works. 5.3, 5.4 amd64 not work ZZZ. Now I downloading 5.5 i386 snapshot and test it soon. 2014-02-18 0:04 GMT+02:00 Alexey Kurinnij alexey.kurin...@gmail.com: 2014-02-17 9:29 GMT+02:00 Mike Larkin mlar...@azathoth.net: On Sun, Feb 16, 2014 at 11:46:47AM +0200, Alexey Kurinnij wrote: I see resent thread about ZZZ and install snapshot for tests. What thread was this asking about testing 'ZZZ' ? We had a thread asking about testing 'zzz', but that is completely different than 'ZZZ'. Sorry, I missed thread name and make mistake. I now about diference with zzz and ZZZ. Anyway both not work and I want to make some tests. I don't understand what is said below, did 'ZZZ' work before? And if so, when did it start not working? -ml Today I tried ZZZ with 5.4 amd64 and it not work. Tomorrow I would try with i386.
