Re: raid kernel
On Sat, 27 Aug 2005, Jim Razmus wrote: Just curious, what does the dev team think about Vinum? the conclusion is it doesn't do anything you can't do now. -- And that's why I started this thread.
L7 failover
Hi i want to know if some folks from openbsd (or others) have a solution for L7 failover. more precisely, what are good solutions for a proxy (be it, http, ftp, smtp, or else; transparent or not) to have active/active failover or active/passive but in all case keep sessions ? or best is to use dedicated load-balancer to do it (alteon, F5, and co ...) ? for people who use CARP in production, do you alse made a HA solution for L7 ? or only L4 ? (be it on same or different servers) not find much on google, except LVS http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.L7_switch.html an interesting one on SIP failover http://www.cs.columbia.edu/techreports/cucs-011-04.pdf and commercial products ? http://www.bluecoat.com/products/sg800/features.html thanks Regards Julien
Re: ThinkPad testers required
imEnsion wrote: I have a thinkpad x22.. not sure if I can help, but if i can slap a snapshot on the lappy, would it be of any help? Unfortunately not: Can people with the following laptops: - ThinkPad R50, R50p, R51, R52 - ThinkPad T41, T41p, T42, T42p, T43, T43p - ThinkPad X40 - ThinkPad X41, X41 Tablet The reason is quite simple: x22 (and the x24 I own) do not have the aps system in them. Testing snapshots regularily is however a good way to produce a stable release, so it should be done frequently. I like the idea of running -current on the laptop and test boxes and releases on the servers in production. That way you can play with new stuff quickly and be alerted when something changes that impacts you (proper mmap()-based malloc() comes to mind).
sendmail authentication starttls problem
Hi, (I'm sendmail and openssl novice) I'm setting up my first email server. I followed this article: http://www.pingwales.co.uk/tutorials/openbsd-mail-server-config.html I found this article really useful as I wanted to keep the standard openbsd installation as clean and as original as possible. Actually this will be a low traffic mail server that will mainly be used with my pocketpc phone. I would like to securily send and receive mail via gprs (server should not allow relaying and require encrypted authentication before being able to send mail). Unfortunately it looks like the starttls and/or authentication methods are not supported by the pocketpc (windows mobile 2003 se phone edition). The server tls/ssl config works well with workstation mail clients like: thunderbird, outlook 2003,x', express but not with pocket outlook or webis from pocketinformant. I would like more info about the following setting: confAUTH_OPTIONS I was not able to find useful info via google. The sendmail website and the README says the following: If this option is 'A' then the AUTH= parameter for the MAIL FROM command is only issued when authentication succeeded. Other values (which should be listed one after the other without any intervening characters except for space or comma) are a, c, d, f, p, and y. See doc/op/op.me for details. I had a look at the op.me file but it is rather confusing and I was not able to get useful info from that file. May be someone has link to some doc that have a detailed explanation : A,a,c,d,f,p,y parameters? I would also appreciate if someone has more info and samples about: confAUTH_MECHANISMS and TRUST_AUTH_MECH Thank you for hints, tips and any kind of help didier
標題: Re: ThinkPad testers required
--- Jesper Louis Andersen [EMAIL PROTECTED] ;!!G imEnsion wrote: I have a thinkpad x22.. not sure if I can help, but if i can slap a snapshot on the lappy, would it be of any help? Unfortunately not: Can people with the following laptops: - ThinkPad R50, R50p, R51, R52 - ThinkPad T41, T41p, T42, T42p, T43, T43p - ThinkPad X40 - ThinkPad X41, X41 Tablet The reason is quite simple: x22 (and the x24 I own) do not have the aps system in them. Testing snapshots regularily is however a good way to produce a stable release, so it should be done frequently. I like the idea of running -current on the laptop and test boxes and releases on the servers in production. That way you can play with new stuff quickly and be alerted when something changes that impacts you (proper mmap()-based malloc() comes to mind). I have a R51. Is there any difference if I installed the current-i386 on it using external disk through usb connection ? clarence ___ 7Q'Y.I,(l7s email 3q*!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
Re: problems using usb keyboard on sunblade 100
Robert Storey wrote: Glad that somebody else broached this topic, I was about to ask the same question. No. Your problem is completely unrelated to a Sunblade 100. You've hijacked someone else's thread. Your report is useless. It is DEAD WRONG. USB keyboards work just fine on i386 machine, assuming the HW support is there for it (plugged one into my Athlon system last weekend to fix a wedged PS/2 keyboard problem, in fact). Sounds like that isn't the case on your machine. But since you posted a useless message, we have no idea. Now...learn how to do problem reporting and start your own thread. And don't even think of posting anything without a COMPLETE dmesg. Nick.
Boot-time Bios Mods - Still Possible?
A long time ago I added a little bios code to my pc by programming and installing an eprom on a post card. The code was executed at boot time before most of the bios code was executed. Is this still possible with current desktops? Thanks, Dave Feustel -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
Re: kernel page fault on initial login (OpenBSD 3.7 Release)
*sigh* found this sitting on the not done pile from over a week ago... 8-/ Dave Wickberg wrote: On 8/19/05, Nick Holland [EMAIL PROTECTED] wrote: Dave Wickberg wrote: Hi, I've just recently installed OpenBSD 3.7 (Release) on a Celeron 466 w/ 256MB of RAM. I created a boot floppy and from there the install went flawlessly. However, after booting the systems for first time I am getting a kernel page fault error as soon as I try to type in a userid. This is what I'm seeing after waiting for the login prompt and hitting one key: --- OpenBSD/i386 (wormy.starbase) (ttyC0) login: kernel: page fault trap, code = 0 Stopped atpckbc_enqueue_cmd+0x7d: sbbb 0(%eax),%al ddb kernel: page fault trap, code = 0 Faulted in DDB; continuing... ddb --- do you happen to see a message about including a ps and trace with your problem report? Actually no, just what I have above - I guess that would have come after the Faulted in DDB; continuing... line? Here's the output from ps and trace respectively: interesting. I think that's what is refered to as a double fault...and yes, the ps and trace warning probably got smushed by the second fault. PID PPID PGRPUID SFLAGS WAITCOMMAND 17210 6950 17210 0 3 0x4086 ttyin csh 8950 2863 6950 0 3 0x4084 select sshd 28407 1 28407 0 3 0x4086 ttyin getty 11599 1 11599 0 3 0x4086 ttyin getty 2024 1 2024 0 3 0x4086 ttyin getty 3200 1 3200 0 3 0x4086 ttyin getty 20666 1 20666 0 3 0x4086 ttyin getty 14322 1 14322 0 3 0x84 select cron 18567 1 18567 0 3 0x40184 select sendmail 2863 1 2863 0 3 0x84 select sshd 19286 1 19286 0 30x184 select inetd 6021 1 6021 0 3 0x84 pollntpd 21199 1 13058 83 30x186 pollntpd 3268 31864 31864 73 30x184 pollsyslogd 31864 1 31864 0 3 0x84 netio syslogd 16126 1 16126 77 30x184 polldhclient 2558 1 13058 0 3 0x86 polldhclient 11 0 0 0 3 0x100204 crypto_wa crypto 10 0 0 0 3 0x100204 aiodonedaiodoned 9 0 0 0 3 0x100204 syncerupdate 8 0 0 0 3 0x100204 cleaner cleaner 7 0 0 0 3 0x100204 reaper reaper 6 0 0 0 3 0x100204 pagedaemon pagedaemon 5 0 0 0 3 0x100204 usbtask usbtask 4 0 0 0 3 0x100204 usbevt usb0 3 0 0 0 3 0x100204 apmev amp0 2 0 0 0 3 0x100204 kmalloc kmthread 1 0 0 0 3 0x4084 waitinit 0 0 0 0 3 0x80204 scheduler swapper pckbc_enqueue_cmd(d05aad20,0,d06d3d86,2,0) at pckbc_enqueue_cmd+0x7d pckbd_set_leds(d0b5dd00,f10e,f103,80) at pckbd_set_leds+0x3c wskbd_translate(d05aa480,2,1d,1d) at wskbd_translate+0x101 wskbd_input(d0b5fe00,2,1d,1) at wskbd_input+0x3e pckbd_input(d0b5dd00,1d,80dd,16) at pckbd_input+0x53 pckbcintr(d0b5dd80) at pckbcintr+0x9f Xrecurse_legacy1() at Xrecurse_legacy1+0x86 --- interrupt --- idle_loop(d065ed80,28,0,0,8000) at idle_loop+0x21 bpendtsleep(d05b2260,4,d04f5931,0,0,,d04afc2c,0) at bpendsleep uvm_scheduler(d05b2258,3,0,d04afc2c,fff) at uvm_scheduler+0x6b check_console(0,0,0,0,0) at check_console you have a few extra things in there -- I'd remove them. The ISA NIC, the audio card (if possible, disable in BIOS if not possible to physically remove), see if the thing settles down. The ISA NIC has got my attention. I'm not certain how that would mess it up in this way, but it's the best idea I have at the moment. Makes sense. I first took out the ISA NIC and then disabled the on-board sound checking each time to see if there was any change - in each case the problem still occurred. New dmesg is: hm. ok, a couple other tests... 1) What happens if you try to bring the system up in Single User mode (boot -s from the boot prompt). I'm not sure what conclusion to draw either way on that...but... 2) What happens if you install a snapshot kernel? (that should have been my first suggestion, find out if the problem is already fixed! :) Nick.
Re: Boot-time Bios Mods - Still Possible?
--On 28 August 2005 10:22 -0500, Dave Feustel wrote: A long time ago I added a little bios code to my pc by programming and installing an eprom on a post card. The code was executed at boot time before most of the bios code was executed. Is this still possible with current desktops? Yes, it's how things like RAID cards and PXE-capable network cards work. With some boards, you can also add modules to the file that is flashed onto the BIOS EEPROM on the motherboard (using cbrom from DOS or a similar tool) so you don't need an extra card (sometimes done to e.g. boot from a SCSI card which doesn't have it's own BIOS).
Re : RE: sendmail authentication starttls problem
Hi,
Thank you for answerING, unfortunately it did not help still the same problem:
server says this:
Aug 28 18:44:54 djerba sm-mta[16232]: STARTTLS=server, error: accept failed=-1,
SSL_error=2, timedout=0, errno=4
And webis client says this:
Transport error: the server did not respond properly after a period of time:
Service: test mail
Server: mail.test.mail
Protocol: SMTP, Port: 25. SSL: Off
Error Code: #80C00014
- Message d'origine -
De: Openbsd [EMAIL PROTECTED]
Date: Dimanche, Ao{t 28, 2005 3:36 pm
Objet: RE: sendmail authentication starttls problem
I had the same issue with my secure email server but was able to
figure out
webis to get it to function. Copy of email used to setup pocketpc
2003mobile devices.
---
The built-in INBOX will not work with our system as it cannot do
authenticated SSL connections. I found a program that will work
though and
you can try it out:
http://www.webis.net/?p_id=mail
If you download the WebIS Mail 2 client you can click on their
configurationbutton (right next to the NEW button) and choose services
Add a new pop3 service
General TAB _
service name=mail.youremailserver
Realname, address = standard
Incoming Server Tab
Host address: mail.yourmailserver
Port 995
Username, password = standard
Use Secure connection - Implicit and check SSL 2, SSL 3, TLS 1
Outgoing Server Tab
Host address: mail.yourmailserver
Port 25
Authentication Required - use same settings as incoming mail server
Use Secure Connection - Explicit - SSL2 SSL 3 TLS 1 Use ONLY strong
encryption algorithms (128bits and more)
Rest is optional.
-Original Message-
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of
Didier Wiroth
Sent: Sunday, August 28, 2005 6:12 AM
To: misc@openbsd.org
Subject: sendmail authentication starttls problem
Hi,
(I'm sendmail and openssl novice)
I'm setting up my first email server.
I followed this article:
http://www.pingwales.co.uk/tutorials/openbsd-mail-server-config.html
I found this article really useful as I wanted to keep the standard
openbsd
installation as clean and as original as possible.
Actually this will be a low traffic mail server that will mainly be
usedwith my pocketpc phone.
I would like to securily send and receive mail via gprs (server
should not
allow relaying and require
encrypted authentication before being able to send mail).
Unfortunately it looks like the starttls and/or authentication
methods are
not supported by the pocketpc
(windows mobile 2003 se phone edition). The server tls/ssl config
works well
with workstation mail
clients like: thunderbird, outlook 2003,x', express but not with
pocketoutlook or webis from
pocketinformant.
I would like more info about the following setting:
confAUTH_OPTIONS
I was not able to find useful info via google. The sendmail website
and the
README says the following:
If this option is 'A' then the AUTH= parameter for the MAIL FROM
commandis only issued
when authentication succeeded. Other values (which should be listed
oneafter the other without any
intervening characters except for space or comma) are a, c, d, f,
p, and y.
See doc/op/op.me for details.
I had a look at the op.me file but it is rather confusing and I was
not able
to get useful info
from that file. May be someone has link to some doc that have a
detailedexplanation :
A,a,c,d,f,p,y parameters?
I would also appreciate if someone has more info and samples about:
confAUTH_MECHANISMS and TRUST_AUTH_MECH
Thank you for hints, tips and any kind of help
didier
Re: Boot-time Bios Mods - Still Possible?
On Sunday 28 August 2005 10:53, Stuart Henderson wrote: --On 28 August 2005 10:22 -0500, Dave Feustel wrote: A long time ago I added a little bios code to my pc by programming and installing an eprom on a post card. The code was executed at boot time before most of the bios code was executed. Is this still possible with current desktops? Yes, it's how things like RAID cards and PXE-capable network cards work. With some boards, you can also add modules to the file that is flashed onto the BIOS EEPROM on the motherboard (using cbrom from DOS or a similar tool) so you don't need an extra card (sometimes done to e.g. boot from a SCSI card which doesn't have it's own BIOS). Along the same line, has anyone worked with motherboards (Eg TYAN) that support use of the Linux Bios? Once the Linux Bios was working, it would be easy to piggy-back additional code. -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
core dumps disabled after chroot?
Hi,
I want to chroot an application I'm developing, but I still want
coredumps...
_dump.c_
#include stdlib.h
int main() {
abort();
}
# gcc dump.c -o dump
# ./dump
Abort trap (core dumped)
# chroot ./ ./dump
Abort trap[note that no core was dumped!]
Anybody?
Kent
Re: raid kernel
I want a raid model that acts as if it is a regular scsi drive, ie. sdN. Like our hardware raid controllers work. Right now what we have in the tree is poo, and vinum is just as much poo too. Is there any hope to see the live network backup that NetBSD's developer der Mouse presented at BSDCan 2005? ( http://www.bsdcan.org/2005/activity.php?id=54 ) And by the way, do you think that NetBSD's cgd is poo too, or do you plan to import it?
Re: core dumps disabled after chroot?
Kent Watsen wrote: I want to chroot an application I'm developing, but I still want coredumps... This fixes it: echo 'ulimit -c unlimited' /root/.profile # Han
Re: core dumps disabled after chroot?
I want to chroot an application I'm developing, but I still want
coredumps...
_dump.c_
#include stdlib.h
int main() {
abort();
}
# gcc dump.c -o dump
# ./dump
Abort trap (core dumped)
# chroot ./ ./dump
Abort trap[note that no core was dumped!]
At the moment there is no solution for this. Coredumps cannot happen
in those processes.
Re: Boot-time Bios Mods - Still Possible?
Hi Dave, On 29/08/2005, at 3:49 AM, Dave Feustel wrote: On Sunday 28 August 2005 10:53, Stuart Henderson wrote: --On 28 August 2005 10:22 -0500, Dave Feustel wrote: A long time ago I added a little bios code to my pc by programming and installing an eprom on a post card. The code was executed at boot time before most of the bios code was executed. Is this still possible with current desktops? Yes, it's how things like RAID cards and PXE-capable network cards work. With some boards, you can also add modules to the file that is flashed onto the BIOS EEPROM on the motherboard (using cbrom from DOS or a similar tool) so you don't need an extra card (sometimes done to e.g. boot from a SCSI card which doesn't have it's own BIOS). The kind of board you describe is just what I'm looking for if I can't find a stand-alone pci card into which I could flash my own code. What are some examples? cbrom is used with AWARD Modular BIOS. I don't know if it works with any other BIOS' or if any other BIOS has similar abilities. But with the AWARD Modular BIOS boards which I used years ago (BX boards), I could read out the BIOS to an image file, add a network boot ROM for my dc cards, burn that modified image to the board and then choose to boot from LAN or SCSI to get the netboot ROM booting. You might find this page useful: http://goe.net/anleitungen/award_board.html Sometimes you would have to remove something from the BIOS to allow your new code to fit. I'd remove built-in NCR SCSI firmware which seemed to be included in motherboards even if they didn't have any on-board SCSI. I never noticed any side-effects of this. AOpen AX6B worked fine for me. An old board designed for PII's. Shane
Re: 標題: Re: ThinkPad testers required
man Chan wrote: I have a R51. Is there any difference if I installed the current-i386 on it using external disk through usb connection ? You can try: if you see you dmesg including a line like: aps0 at isa0 port 0x1600/31 Then please try looking at the output of sysctl hw.sensors and see if the numbers change when you tilt the laptop. Next, suspend and resume and see if they still respond to tilting. Thanks, Damien Miller
Re: raid kernel
On Sun, 28 Aug 2005, Ed White wrote: And by the way, do you think that NetBSD's cgd is poo too, or do you plan to import it? do you think the archives are poo too, or do you plan to read them? -- And that's why it's so good.
Problems installing on my AMD64
Hi all New user here.. I was trying to install OpenBSD, so I burned the cd 37.iso to a bootable CD, then partition my harddrive accordingly in setup, setup root disk, etc.. But when it's time for me to select my method of getting the system (which would be FTP or HTTP) the net instantly fails, so it wasn't auto-detected.. My motherboard is a DFI Lanparty nForce3 Ultra-D, and the box to my mobo says it uses 'nVidia Gigabit Ethernet' the link to the manufacturer is http://www.dfi.com.tw/Product/xx_product_spec_details_r_us.jsp?PRODUCT_ID=2840CATEGORY_TYPE=MBSITE=US As I said, I'm a new user, so can someone please tell me what I need to do to get my ethernet working? Thanks all
Re: raid kernel
Is there any hope to see the live network backup that NetBSD's developer der Mouse presented at BSDCan 2005? ( http://www.bsdcan.org/2005/activity.php?id=54 ) I may not be a developer of OpenBSD, but I think that anything Mike Parker says or does should be ignored, just because of the kind of person he is, he's a kid that needed to be spanked more when he was still a child. It's sad that NetBSD lets Mike use that as a mockery of Theo instead of have him like a grown up and make use of his real name. I'd not want someone like that associated with my project. _ Take charge with a pop-up guard built on patented Microsoft. SmartScreen Technology. http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN. Premium right now and get the first two months FREE*.
src/sys/usr.bin/ssh/auth-password.c patch for bots.
This patch is in no way intended for real use, and does not really do anything other than provide me with a completely useless placebo effect. But thought I would pass it on. http://www.linbsd.org/openssh-samepasswd.patch What it tries to do, and this remains to be seen, is slowdown the sequential scans that seem to plaque every server I have with a thirty second sleep on any login attempt for a user that does not exist, or when a login and password are the same. e.g. login:mike passwd:mike. Let the flames begin :D
Re: core dumps disabled after chroot?
Theo de Raadt wrote:
I want to chroot an application I'm developing, but I still want
coredumps...
_dump.c_
#include stdlib.h
int main() {
abort();
}
# gcc dump.c -o dump
# ./dump
Abort trap (core dumped)
# chroot ./ ./dump
Abort trap[note that no core was dumped!]
At the moment there is no solution for this. Coredumps cannot happen
in those processes.
Really? By at the moment, do you mean to suggest that this might be
made to work? I tried to look up what POSIX defines, but google results
aren't very helpful these days. I tested on RedHat 8 and it does dump
core after chroot...
If I may try to make a case for enabling dumps after chroot, please
consider that the intent of chroot is the increase security by
preventing a compromised app from accessing the file-system outside.
But the app was compromised in the first place by exploiting a bug in
the code (i.e. buffer overrun) and bugs are many times fixed through
stacktrace analysis. Especially with 3.8's new memory-management
(mmap'ed guard pages, etc.) and the fact that OBSD's user-base is
paranoid enough to chroot as much as possible - I would think that dumps
after chroot would be helpful...
BTW, I not only want to use chroot to secure my application, but also to
aids in software deployment - that is, the installer prompts the user
where to install (which will become the chroot) - not only does this
free up my logic from having to figure out where it was installed using
path manipulation (it can always assume / for its file access needs),
but I can also have multiple instances installed - as the global
filesystem's namespace is no longer an issue. [I guess in a way, this
is some of what has motivated the development of FreeBSD's jailNG,
UserModeLinux, and Vmware's ESX/GSX servers...]
I am aware that root can bust out of a chroot and so dropping perms via
setuid() and its variants is fairly common. I also know that setuid()
disables cores [a policy I disagree with for the same reasons], but I
have found a way to get around that using a combination of fork() and
execv() - so my only remaining issue is with chrooted processes not
dumping core...
Kent
Re: Win XP VPN
Just to let you know, I spend better part of night configuring my old setup in VMWare machines and everything work as expected. I will try add NATing if I found time. Best regards Petr R. On 8/23/05, Steve Murdoch [EMAIL PROTECTED] wrote: Hi all. I have several sites linked with ipsec on 3.7 release. Everything works great. I have tried to add some remote win xp machines into the mix using the howto http://openbsd.cz/~pruzicka/vpn.html without any joy. the winxp in my test case is behind a nat router will this cause me grief ? Secondly has anyone found an ipsec client that will work with pocket pc 2003 connecting to openbsd ? I guess thirdly, is poptop under openbsd recommended ? Any other thoughts or recommendations appreciated. Steve
Off Topic: Good Luck
Good luck to our community members in the New Orleans and greater Gulf of Mexico coastline. - Eric
