Re: NSS and PAM
On Mon, 2003-12-01 at 11:48, Dag-Erling Smrgrav wrote: If I understand you correctly, you believe that it would be possible to unite the NSS and PAM switches, so that they used the same configuration file, dynamic loading mechanisms, cascading, and so on. Sure, I think that's possible. There might even be some benefit, though probably not enough benefit to abandon PAM/NSS and go our own way. Not to go our own way, no. There's the rub. It would have to be a reasonably wide effort; we'd need to get at least one major Linux distro to adopt the same infrastructure. Has anyone considered the idea of hybridizing PAM with Digital^WCompaq^WHP's SIA matrix setup? -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NSS and PAM
On Mon, 2003-12-01 at 21:24, Tim Kientzle wrote: Why is the directory usually the worst for storing authentication information? This one's fairly easy to answer: you want to stick authentication data into a potentially public/exposed directory? Even traditional Unix uses /etc/shadow (or more complex solutions on some commercial systems) these days, so the password isn't in the directory (/etc/passwd). However, I have to agree with des's argument: a combined matrix for directory and authentication services doesn't mean the *data* must be combined. Using (for example) SIA, one could specify Kerberos 5 (my guess as to wollman's better answer) and LDAP, and simply not specify entry points for the parts that each doesn't handle (Kerberos doesn't support directory services, and LDAP isn't being used for authentication), with later entries falling back to NIS or traditional files. But this arrangement allows traditional APIs to work reasonably --- and you can layer PAM and NSS on top of it as compatibility APIs. -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Turkeys and dynamic linking
On Thu, 2003-11-27 at 15:15, walt wrote: And speaking of turkeys, does anyone know how Microsoft handles the performance issues associated with dynamic linking? Do they do anything special, or just ignore the whole thing? My understanding is that they perform a special linking/postprocessing step which optimizes executables for fast runtime linking and loading. -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: devd/devctl
On Sat, 2003-09-13 at 18:49, M. Warner Losh wrote: and you cannot tell dhclient that interfaces have arrived. dhclient(8) seems to think otherwise, although it doesn't explain quite how (I assume it wants you to pause and resume via OMAPI/omshell(8) since it doesn't appear to support interface objects according to the documentation). -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH URGENT! E-xpedient nuked APK subdomains; kf8nh.apk.net is DEAD. Sorry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PAM, X11, and su as a normal user? (fwd)
On Sat, 2003-09-06 at 02:13, Steven G. Kargl wrote: I have 2 accounts on my freebsd-current machine. I use startx to start X11 as user kargl. If I then su to user sgk, I cannot fire up X clients. For example, Is $XAUTHORITY still set in the subshell? Can both users read the Xauthority file? -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH URGENT! E-xpedient nuked APK subdomains; kf8nh.apk.net is DEAD. Sorry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PAM, X11, and su as a normal user? (fwd)
On Sat, 2003-09-06 at 03:41, Steven G. Kargl wrote: Brandon S. Allbery KF8NH wrote: On Sat, 2003-09-06 at 02:13, Steven G. Kargl wrote: I have 2 accounts on my freebsd-current machine. I use startx to start X11 as user kargl. If I then su to user sgk, I cannot fire up X clients. For example, Is $XAUTHORITY still set in the subshell? Can both users read the Xauthority file? $XAUTHORITY is not set. Both users use their defaults $HOME/.Xauthority. I used xauth to ensure the key for troutmask is the same for both users. Then it ought to work. However, you also mentioned that ssh didn't work... which makes me wonder if it's actually using Xauth at all. What does xhost +localhost do (aside from annoy any Tk apps you might have running)? -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH URGENT! E-xpedient nuked APK subdomains; kf8nh.apk.net is DEAD. Sorry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Regarding recent spam on the list
On Tue, 2003-08-19 at 18:03, Bill Moran wrote: Just curious if anyone knows the origin of all these auto-responses, etc. I'm seeing a lot of these on every list I'm subscribed to (not all of them FreeBSD related) so I was wondering if some Windows trojan is running rampant and using these list addresses as return addys? It's W32/[EMAIL PROTECTED] It's spreading *fast* -- brandon s. allbery[linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH URGENT! E-xpedient nuked APK subdomains; kf8nh.apk.net is DEAD. Sorry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: when should 5.x be stable enough for web servers
On Saturday 16 August 2003 18:10, Eriq Lamar wrote: On i386 hardware and two processors amd mp. should I wait for 5.2. You should probably wait until a release is tagged RELENG_5, indicating that it's considered stable. -- brandon s. allbery [linux,solaris,freebsd,perl] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineering, carnegie mellon univ. KF8NH URGENT! E-xpedient nuked APK subdomains; kf8nh.apk.net is DEAD. Sorry. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gaim Crashing X
On Fri, 2003-07-25 at 06:33, Rus Foster wrote: I've beenfinding that when running gaim that its causing X to crash back down to the shell prompt. This has happened with both vesa, nv and nvidia drivers. Doing a latest buildworld still hasn't helped. Anyone got any insite in to this? This is more of an anecdote than anything else, since I don't have any systems running -current at the moment, but it might be helpful in tracking it down. I haven't had it crash X, but it tends to die with SIGILL when someone logs out; turning on show offline buddies makes it happen less often. If it's dying after sending a partial X protocol request to the server, that would probably do it; XFree86 doesn't seem to deal with that very well, in my experience. -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Shell programming 101: Is this an expr(1) bug ?
On Tue, 2003-02-18 at 06:39, Poul-Henning Kamp wrote: + expr ad0 : ^ad\([0-9]\)$ + a0=0 syv# echo $? 1 syv# That looks like a bug to me... hilfy:202 Z$ /bin/expr ad0 : '^ad\([0-9]\)$' 0 zsh: exit 1 /bin/expr ad0 : '^ad\([0-9]\)$' (Solaris 8 box) The Solaris manpage claims: EXIT STATUS As a side effect of expression evaluation, expr returns the following exit values: (...) 1 if the expression is either NULL or 0 So it looks like correct behavior, if slightly odd in this particular context. -- brandon s allbery [openafs/solaris/japh/freebsd] [EMAIL PROTECTED] system administrator [linux/heimdal/too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: comms/birda on -current and PalmPilot sync.
On Mon, 2003-02-03 at 22:28, Mikhail Teterin wrote: Anyone has a success to share? I tried both birda-1.00 from the ports and the later 1.1 -- without visible differences. Thanks! Guess I should look at upgrading the port I don't have a -current system at present, and the test machine I was trying to build the other day (several missing packages with 5.0-RELEASE, sigh) doesn't have IR capability. If you run irs in the foreground (drop -Y, add -v 9) and attempt to hotsync, does irs report discovery of the Pilot? If not then you need to check that you're using the right serial port and that it is configured properly (don't use PnP autoconfiguration, and if possible set it as an SIR port in the BIOS). -- brandon s allbery [openafs/solaris/japh/freebsd] [EMAIL PROTECTED] system administrator [linux/heimdal/too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Cisco vpnclient
On Fri, 2003-01-31 at 21:20, Marcin Dalecki wrote: The connection hijack by Cisco is indeed a very silly thing, Unfortunately, it's there because some corporate network policies demand it. And some companies are loath to allow Linux/FreeBSD/etc. on their networks because it can be defeated. -- brandon s allbery [openafs/solaris/japh/freebsd] [EMAIL PROTECTED] system administrator [linux/heimdal/too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: what is interference?
On Sun, 2002-12-29 at 19:06, redjupiter wrote: pid 2612 (interference), uid 1001: exited on signal 11 (core dumped) Dec 29 22:40:09 byblos kernel: pid 2612 (interference), uid 1001: exited on signal 11 (core dumped) what the heck is this? Most probably it's -r-xr-xr-x 1 root wheel 32016 Nov 17 12:28 /usr/X11R6/bin/xscreensaver-hacks/interference* In my experience it's not especially unusual for xscreensaver hacks to occasionally bomb out on any platform; unless there's some other reason to suspect a problem, I'd not worry about it too much. -- brandon s allbery [openafs/solaris/japh/freebsd] [EMAIL PROTECTED] system administrator [linux/heimdal/too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: sa_handler and sigaction...
On Thu, 2002-12-26 at 19:02, Tim Robbins wrote: On Thu, Dec 26, 2002 at 12:27:43PM -0600, Dan Nelson wrote: In the last episode (Dec 26), Donn Miller said: Just tried compiling the mgv port on current. It bombs out with the following error message: Making all in toolbar cc -DPACKAGE=\mgv\ -DVERSION=\3.1.5\ -DHAVE_PUTENV=0 -DUSE_DMALLOC=0 -DHAVE_XPM=1 -DHAVE_X11_XPM_H=1 -DHAVE_MOTIF=1 -DHAVE_LIBHELP=0 -DHAVE_EDITRES=1 -I. -I. -I. -Iwlib -I/usr/X11R6/include -O2 -Os -pipe -march=pentium3 -D_POSIX_SOURCE -I/usr/X11R6/include -c Ghostview.c Ghostview.c: In function `Input': Ghostview.c:487: structure has no member named `sa_handler' Ghostview.c: In function `StopInterpreter': Ghostview.c:1529: structure has no member named `sa_handler' *** Error code 1 It looks like it should compile, but it doesn't. I mean, sys/signal.h does have a #define for sa_handler. But not in the -D_POSIX_SOURCE case. Could someone with the POSIX spec see whether sa_handler is supposed to be visible or not? From the SUSv3 System Interfaces volume (excuse the bad formatting): I don't have the spec, but a perusal of secondary sources has P1003.1-1990 specifying sa_handler and P1003.1-1993 adding sa_sigaction. I should add that sigaction() without sa_handler is almost entirely useless for portable programming, so it would be downright bizarre for POSIX to specify sigaction() and yet omit sa_handler. -- brandon s allbery [openafs/solaris/japh/freebsd] [EMAIL PROTECTED] system administrator [linux/heimdal/too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: implementing linux mmap2 syscall
On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: Maybe the argument isn't where you expect it to be, but is there. Can you make a test program which calls mmap2 with its 6th arg as something unique like 0xdeadbeef? Then print out (in hex :) the trapframe from the linux prepsyscall routine see if you can find the deadbeef. My recollection is that beyond 5 arguments, a pointer to the remaining ones is passed. (But my recollection may be wrong and I don't wish to subject myself to the source cesspool at the moment) -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: disklabel(8) floppy panic
On Tue, 2002-04-02 at 13:35, Joerg Wunsch wrote: j@uriah 92% ls -l /dev/fd1* (...) lrwxr-xr-x 1 root wheel4 Apr 2 20:34 /dev/fd1c@ - fd0 Uh? -- brandon s allbery [openafs/solaris/japh/freebsd] [EMAIL PROTECTED] system administrator [linux/heimdal/too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: malloc() and the stock Perl in -CURRENT (and -STABLE)
On Thu, 2002-03-14 at 01:48, Kris Kennaway wrote: It should be benchmarked more thoroughly before the switch is made; there's only one datapoint at the moment, which isn't enough to decide whether it's a net win. Another thing to watch out for: we now force -Uusemymalloc in perl builds because mixing malloc() implementations can lead to core dumps when a chunk of memory is handed to the wrong version of free() (or realloc()). (A test of this is to use Data::Dumper-Dump() (*not* Dumpxs()! that is in fact the workaround...) to print lots of complex hashes; this fairly reliably makes perl dump core (or sometimes just die with a Bizarre copy of ...) on all our supported platforms when perl's malloc() is used. Of course, that might just be a bug in 5.00503, since I never tried 5.6.x with perl's own malloc()...) -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: ACPI issues and questions (Dell Inspiron 3700)
On Sun, 2002-03-03 at 16:42, Michael Smith wrote: Well, except that it has no flow control, is only half-duplex, and you might want to attach an IrDa stack to the device. If all the IrDa stack work is being done in userland, then this probably makes sense. If not, then at the very least, sio(4) needs to behave differently in the case of a SIR port. While IrDA support is in userland at the moment (comms/birda port), someone is working on a netgraph interface for IrDA. I'm under the impression that this will include FIR device drivers; but since it's also based on birda, it will likely use sio for SIR devices. (Although the person(s) doing the ng work should probably speak up and correct me now) -- brandon s. allbery [linux][solaris][japh][freebsd] [EMAIL PROTECTED] system administrator [openafs][heimdal][too many hats] [EMAIL PROTECTED] electrical and computer engineering KF8NH carnegie mellon university[better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
RE: Junior Annoying Hacker Task
On Mon, 2002-02-04 at 11:03, Patrick Bihan-Faou wrote: Some may argue that storing userland data in the kernel space is Not A Nice Thing(tm) but it certainly makes things a lot easier. Why am I reminded of when terminal type information was bodged into the stty settings as a 2-character code? -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Junior Annoying Hacker Task
On Sat, 2002-02-02 at 05:59, Thomas Hurst wrote: Maybe some sort of hierachy would be good.. /etc/rc.conf/services # sendmail, bind etc /etc/rc.conf/security # firewall, secure levels /etc/rc.conf/system # library paths and other low level tweakables SuSE Linux does this (/etc/rc.config for system-wide entries, /etc/rc.config.d/* for specific subsystems). It works fairly well aside from having to run a program to propagate entries. (Although that actually is something of a feature, since there's almost always an entry to tell SuSEconfig to leave the real files alone instead of propagating, so you can run things the old way if you want or if you can't DTRT using the rc.config entries.) Also, I think they borrowed this setup from DU / OSF/1. -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Junior Annoying Hacker Task
On Sat, 2002-02-02 at 08:52, Emiel Kollof wrote: Oh, I am not volunteering, it's way beyond my capabilities. Hm, Darwin is (userspace-wise) mostly FreeBSD 3.x, isn't it? I wouldn't expect porting its NetInfo implementation to be particularly difficult. -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Junior Annoying Hacker Task
On Sat, 2002-02-02 at 14:50, Pete French wrote: AFAIK, Netinfo on Mac OS X is implemented deep. That is, it overrules standard libc behaviour (like the resolver, fstab and other things), Yes it's userspace jim, but not as we know it :) This was certainly true on NeXT's - you needed special versions of most programs (e.g. sendmail, bind, login etc...) that were netinfo aware too. If its going to be done it needs doing very thoroughly and carefully as it replaces more of the /etc files with netinfo equivalents. On the other doesnt YP do somethign similar ? (I've never had to use YP, thought I have been on the receiving end of some of the consequences). And I, somehow, had failed to notice that there's no NSS on FreeBSD. *smacks self on head* Not quite so simple after all, I guess -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: kernel build fails
On Sun, 2002-01-06 at 19:38, Doug White wrote: Why are there C-style comments in a Perl script? At a guess, it's a here document. -- brandon s. allbery [os/2][linux][solaris][japh] [EMAIL PROTECTED] system administrator [WAY too many hats][EMAIL PROTECTED] electrical and computer engineeringKF8NH carnegie mellon university [better check the oblivious first -ke6sls] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
