Re: serious watchdog timeout issues with em driver

On 08/12/15 21:47, Kapetanakis Giannis wrote: The event happened only once and it's network recovered after a few seconds. no reboot. G Well that didn't last long. Today I found the server hanged at ddb after a new watchdog timeout on em0. Keyboard was not working so I could not get all

Re: Empty MFS on root

2015-12-08 21:18 GMT+01:00 Alexander Hall : > On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek > wrote: > >On Tue, Dec 08, 2015 at 03:03:14PM +, Tati Chevron wrote: > > > >> Currently, it's possible, (as root), to do something like: > >> # mount_mfs

Re: Octeon snapshots

> [1]: https://www.mail-archive.com/tech%40openbsd.org/msg26048.html You have to use the octeon native objcopy by building the cross compiler: # cd /usr/src # make -f Makefile.cross TARGET=octeon cross-gcc And then use the objcopy from

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

On 2015-12-08 Tue 12:06 PM |, szs wrote: > So with letsencrypt here, how about making the main site > default to https? Is this a good idea or is this a great idea? > Copy & Paste from 2013: "OpenBSD site SSL" http://marc.info/?t=13815459562=1=2 Please don't. That would slow it down &

Re: Octeon snapshots

Hi Everybody, Has anyone successfully installed on a D-Link DSR-500N (HW A1)? I have tried again with the last snapshot, and I am still stuck [1]. Thanks, [1]: https://www.mail-archive.com/tech%40openbsd.org/msg26048.html On 12/06/15 05:54, Daniel Ouellet wrote: On 12/5/15 8:01 PM, jungle

kerberos

What is/are the alternative(ies) for kerberos on openbsd ? (Since is was removed from the distribution). Thanks.

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

Kevin Chadwick writes: > The cvs page fingerprint page could be https enabled, however you can > use googles cache over https, also buy a CD to help the project greatly > would do far more for world security than TLS everywhere and even look > at mailing list archives over https as a web of trust.

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

Em 08-12-2015 23:23, Stuart Henderson escreveu: > I wasn't aware that > it lets you disregard the CAs though Once the client has the two certs pinned (the primary and the backup), if a malicious CA try to impersonate the server using a forged (although perfectly valid) certificate, the client

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

> In the case of www.openbsd.org, using HTTPS isn't so much about > privacy as it is about integrity. Yes, signify(1) is a thing, but > using HTTPS in addition to it would make release and package > downloads more difficult to tamper with. Well packages usually come from mirrors which I know from

Re: kerberos

On 09/12/15 15:13, Friedrich Locke wrote: What is/are the alternative(ies) for kerberos on openbsd ? (Since is was removed from the distribution). Thanks. Don't know if you can compile it, but the commit-remove msg is all time classic :) http://marc.info/?l=openbsd-cvs=139816103911227=2 G

Re: kerberos

On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote: > What is/are the alternative(ies) for kerberos on openbsd ? (Since is was > removed from the distribution). I use kerberos from ports every day with FF. Unfortunatelly other apps from ports don't have krb flavor so you either have

Re: kerberos

On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote: > What is/are the alternative(ies) for kerberos on openbsd ? (Since is was > removed from the distribution). It depends on your exact needs, but there's: ports/security/heimdal ports/sysutils/login_krb5 -- Antoine

Re: Empty MFS on root

Alexander Hall wrote: > > I've been thinking about having mount_mfs mounting the new mfs in some > temporary place prior to /bin/pax the lot into it, and then unmount it > and mount it into its final destination. I guess I just have not had > any use for that yet. :-) This would be beneficial

Re: Empty MFS on root

On Wed, Dec 09, 2015 at 09:02:25AM +0100, Janne Johansson wrote: > 2015-12-08 21:18 GMT+01:00 Alexander Hall : > > > On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek > > wrote: > > >On Tue, Dec 08, 2015 at 03:03:14PM +, Tati Chevron wrote: > > > > >

Re: Octeon snapshots

On 12/09/15 12:58, Paul Irofti wrote: [1]: https://www.mail-archive.com/tech%40openbsd.org/msg26048.html You have to use the octeon native objcopy by building the cross compiler: # cd /usr/src # make -f Makefile.cross TARGET=octeon cross-gcc And then use the objcopy from

kerberos

I am a little outdated, but was heimdal removed from the bsd world or it was just moved from the base system to the ports collection ? Thanks.

authentication infra structure

If you had about 10k users and 5k machine how would you manage authenticating issues? Keep in mind that this is a very heterogenous environment with ldap, ftp, smtp, pop3, traditional unix boxes etc

Re: kerberos

On 12/09/15 17:45, Friedrich Locke wrote: > I am a little outdated, but was heimdal removed from the bsd world or it > was just moved from the base system to the ports collection ? > > Thanks. > > Ports /usr/ports/security/heimdal

Re: cyrus-sasl2

On Wed, Dec 09, 2015 at 04:15:07PM -0200, Friedrich Locke wrote: > Does security/cyrus-sasl2 include support for GSSAPI (I am in need of > kerberos) ? Not currently. They removed that support when they kicked Heimdal out of base. One of my spare time projects is looking how to put that back in

cyrus-sasl2

Does security/cyrus-sasl2 include support for GSSAPI (I am in need of kerberos) ? Thanks in advance.

Re: cyrus-sasl2

On Wed, Dec 09, 2015 at 10:31:01PM +0100, Antoine Jacoutot wrote: > On Wed, Dec 09, 2015 at 01:32:31PM -0500, Kurt Mosiejczuk wrote: > > On Wed, Dec 09, 2015 at 04:15:07PM -0200, Friedrich Locke wrote: > > > Does security/cyrus-sasl2 include support for GSSAPI (I am in need of > > > kerberos) ? >

Disabling dedicated GPU on Macbook Pro

I have tried to get an OpenBSD desktop running on my MacBookPro10,1 (the first Retina model). But I only get VESA working on a terrible res while the machine is running extremely hot. This is the case for most (all?) MacBook's with 2 GPUs. On linux (and osx recovery mode?) one can use this script

Re: authentication infra structure

--On Wednesday, December 09, 2015 05:25:14 PM -0200 Friedrich Locke wrote: > If you had about 10k users and 5k machine how would you manage > authenticating issues? Keep in mind that this is a very heterogenous > environment with ldap, ftp, smtp, pop3, traditional unix

Re: cyrus-sasl2

On Wed, Dec 09, 2015 at 01:32:31PM -0500, Kurt Mosiejczuk wrote: > On Wed, Dec 09, 2015 at 04:15:07PM -0200, Friedrich Locke wrote: > > Does security/cyrus-sasl2 include support for GSSAPI (I am in need of > > kerberos) ? > > Not currently. They removed that support when they kicked Heimdal out

Re: authentication infra structure

On Wed, Dec 09, 2015 at 01:21:19PM -0700, Devin Reade wrote: > --On Wednesday, December 09, 2015 05:25:14 PM -0200 Friedrich Locke > wrote: > > > If you had about 10k users and 5k machine how would you manage > > authenticating issues? Keep in mind that this is a very

Interaction seen between dhcp renewal and iked session forcing it to try to switch to NAT-T and die form then on.

Sorry for the long details here. It may be relevant or related to some comment I have seen in regards to DHCP client killing traffic in the last few days on tech@ I have seen and that may be it might be useful. If not just ignore as i am still digging why iked session are unstable long term.

Re: Chelsio T4 10g adapters support ?

> On 10 Dec 2015, at 12:28, Brendan Horan wrote: > > Hi, > > I am looking at building a system running OpenBSD to deal with 10g networks. > > It would seem there is good support for Intel cards via the "ix" driver. > However I was looking at Chelsio cards. > It seems

Chelsio T4 10g adapters support ?

Hi, I am looking at building a system running OpenBSD to deal with 10g networks. It would seem there is good support for Intel cards via the "ix" driver. However I was looking at Chelsio cards. It seems the "che" driver only supports T3 series and the PE9000 cards. However the T3 series is PCIe