From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 02:34:59 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D414616A4CE for ; Tue, 25 Jan 2005 02:34:59 +0000 (GMT) Received: from web80910.mail.scd.yahoo.com (web80910.mail.scd.yahoo.com [66.218.95.76]) by mx1.FreeBSD.org (Postfix) with SMTP id 9140943D1D for ; Tue, 25 Jan 2005 02:34:59 +0000 (GMT) (envelope-from esuprana@yahoo.com) Received: (qmail 6095 invoked by uid 60001); 25 Jan 2005 02:34:59 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=Jzh9z7PS95+XEgawawLtF/dnxuRfsn3kWzC+OyWjzky+VeaAJcyMOYrqImFbrTnlpMVYMZifzU5LZ6dm+zU0qTdaa626DXMg6zubERlVKYrmptng7hTqQQFS+jFplWtmuQIUHk5e1+Ss41iktZQkTd5t8euDAf0uvK3/jDU7baM= ; Message-ID: <20050125023459.6093.qmail@web80910.mail.scd.yahoo.com> Received: from [202.158.91.20] by web80910.mail.scd.yahoo.com via HTTP; Mon, 24 Jan 2005 18:34:59 PST Date: Mon, 24 Jan 2005 18:34:59 -0800 (PST) From: Endin Suprana To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 02:35:00 -0000 Hi all, I'm just setup a new freebsd to be a ftp server. ftp-ing from localhost was success, but when i was trying to ftp from other ip, got result "Connection closed by remote host." Kernel already configure with firewall (with options FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already contain "firewall_type=open". What could be the problem? I can seem to solve this problem. Please help. __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 06:37:59 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A407C16A4CE for ; Tue, 25 Jan 2005 06:37:59 +0000 (GMT) Received: from Neo-Vortex.Ath.Cx (203-217-82-1.dyn.iinet.net.au [203.217.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACD6E43D31 for ; Tue, 25 Jan 2005 06:37:58 +0000 (GMT) (envelope-from root@Neo-Vortex.Ath.Cx) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id j0P6bs6x053829; Tue, 25 Jan 2005 16:37:55 +1000 (EST) (envelope-from root@Neo-Vortex.Ath.Cx) Date: Tue, 25 Jan 2005 16:37:54 +1000 (EST) From: Neo-Vortex To: Endin Suprana In-Reply-To: <20050125023459.6093.qmail@web80910.mail.scd.yahoo.com> Message-ID: <20050125163641.O53818@Neo-Vortex.Ath.Cx> References: <20050125023459.6093.qmail@web80910.mail.scd.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 06:37:59 -0000 check ipfw show to look at the currently loaded ruleset, something else may have added some other rules. also, check that there is no firewall/etc blocking the ftp connection from the client side and other things (such as isps/etc) blocking it. On Mon, 24 Jan 2005, Endin Suprana wrote: > Hi all, > > I'm just setup a new freebsd to be a ftp server. > ftp-ing from localhost was success, but when i was > trying to ftp from other ip, got result "Connection > closed by remote host." > > Kernel already configure with firewall (with options > FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already > contain "firewall_type=open". > > What could be the problem? I can seem to solve this > problem. Please help. > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - Helps protect you from nasty viruses. > http://promotions.yahoo.com/new_mail > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 07:24:23 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BD7316A4CE for ; Tue, 25 Jan 2005 07:24:23 +0000 (GMT) Received: from hawk.ruscomnet.ru (hawk.ruscomnet.ru [80.249.129.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23D5B43D41 for ; Tue, 25 Jan 2005 07:24:22 +0000 (GMT) (envelope-from aak@ruscomnet.ru) Received: from terra (terra [80.249.130.132]) by hawk.ruscomnet.ru (8.11.7/8.11.7) with ESMTP id j0P7OGj35911; Tue, 25 Jan 2005 10:24:16 +0300 (MSK) (envelope-from aak@ruscomnet.ru) From: "Alexander A. Kabenin" To: freebsd-security@freebsd.org Date: Tue, 25 Jan 2005 10:24:15 +0300 User-Agent: KMail/1.7.1 References: <20050125023459.6093.qmail@web80910.mail.scd.yahoo.com> In-Reply-To: <20050125023459.6093.qmail@web80910.mail.scd.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200501251024.16156.aak@ruscomnet.ru> X-Spam-Status: No, hits=-4.0 required=6.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on hawk.ruscomnet.ru cc: Endin Suprana Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 07:24:23 -0000 Hi! Check /etc/inetd.conf ftp stream tcp nowait root /usr/libexec/ftpd ftpd -ll should not be commented out. Regards, Alexander. On Tuesday 25 January 2005 05:34, Endin Suprana wrote: > Hi all, > > I'm just setup a new freebsd to be a ftp server. > ftp-ing from localhost was success, but when i was > trying to ftp from other ip, got result "Connection > closed by remote host." > > Kernel already configure with firewall (with options > FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already > contain "firewall_type=open". > > What could be the problem? I can seem to solve this > problem. Please help. > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - Helps protect you from nasty viruses. > http://promotions.yahoo.com/new_mail > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 07:50:15 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 34CB616A4CF for ; Tue, 25 Jan 2005 07:50:15 +0000 (GMT) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E76F43D1F for ; Tue, 25 Jan 2005 07:50:14 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (localhost [127.0.0.1]) by ns.pro.sk (8.12.11/8.12.11) with SMTP id j0P7oAKX049275 for ; Tue, 25 Jan 2005 08:50:10 +0100 (CET) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.12.11/8.12.11) with SMTP id j0P7o43r049270 for ; Tue, 25 Jan 2005 08:50:05 +0100 (CET) (envelope-from prosa@pro.sk) Message-ID: <00b201c502b2$6cda0970$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Security" References: <20050125023459.6093.qmail@web80910.mail.scd.yahoo.com> <200501251024.16156.aak@ruscomnet.ru> Date: Tue, 25 Jan 2005 08:49:39 +0100 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.3 (ns.pro.sk [192.168.1.1]); Tue, 25 Jan 2005 08:50:05 +0100 (CET) Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 07:50:15 -0000 Check-out /etc/hosts.allow. THE FIRST UNCOMMENTED line should read (for trying purpose) ALL : ALL : allow After success tighten the rules (read carefully what is in example file). Following should turn on IPFW verbose: # sysctl net.inet.ip.fw.verbose=1 Type-in, try ftp-connect from remote and check-out /var/log/security. Peter Rosa From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 07:55:59 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08B6E16A4CE for ; Tue, 25 Jan 2005 07:55:59 +0000 (GMT) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3391C43D45 for ; Tue, 25 Jan 2005 07:55:58 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (localhost [127.0.0.1]) by ns.pro.sk (8.12.11/8.12.11) with SMTP id j0P7trZa049534 for ; Tue, 25 Jan 2005 08:55:53 +0100 (CET) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.12.11/8.12.11) with SMTP id j0P7tmaj049529 for ; Tue, 25 Jan 2005 08:55:48 +0100 (CET) (envelope-from prosa@pro.sk) Message-ID: <00c201c502b3$39958930$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Security" Date: Tue, 25 Jan 2005 08:55:23 +0100 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.3 (ns.pro.sk [192.168.1.1]); Tue, 25 Jan 2005 08:55:48 +0100 (CET) Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 07:55:59 -0000 > Kernel already configure with firewall (with options > FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already May be I'm wrong and you have it OK, but the kernel-option should read: options IPFIREWALL_DEFAULT_TO_ACCEPT You have a typo *IP*FIREWALL.... If so, type: # ipfw add 10 allow all from any to any and try ftp-connet from remote. Peter Rosa From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 07:57:40 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D68216A4CE for ; Tue, 25 Jan 2005 07:57:40 +0000 (GMT) Received: from web80905.mail.scd.yahoo.com (web80905.mail.scd.yahoo.com [66.218.95.68]) by mx1.FreeBSD.org (Postfix) with SMTP id 32AEA43D39 for ; Tue, 25 Jan 2005 07:57:40 +0000 (GMT) (envelope-from esuprana@yahoo.com) Received: (qmail 92211 invoked by uid 60001); 25 Jan 2005 07:57:40 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=AAx4vHeXBllDpY6jW1RA5DhiI8Y8ihhAQ38BaAqdEcxoSoF8OjCerq+IQFg4Xl/w0K69SCrSltUFmOas4yFaAqd0PGC+kZNijgtNDTzARoHwcf0xuxM4Ti5KwzwD4TQdVq4FFKMW1cax803ewadOp8NA/A1d071zSE9Wh8rIvQY= ; Message-ID: <20050125075740.92209.qmail@web80905.mail.scd.yahoo.com> Received: from [202.158.91.20] by web80905.mail.scd.yahoo.com via HTTP; Mon, 24 Jan 2005 23:57:40 PST Date: Mon, 24 Jan 2005 23:57:40 -0800 (PST) From: Endin Suprana To: Neo-Vortex In-Reply-To: <20050125163641.O53818@Neo-Vortex.Ath.Cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-security@freebsd.org Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 07:57:40 -0000 Hi, ipfw show result: # ipfw show 65535 13118 1218053 allow ip from any to any # have uncommented out ftp line in inetd.conf as well. the client (windows box) can ftp to other side except this freebsd server. fyi, i tried to test from a same local segment. seems a simple step to enable ftp (based on the handbook), but it works only from localhost..:-/ I didn't configure any firewall setting, since i'm new to this freeBSD (i'm using freeBSD 4.9.STABLE-RELEASE). I apologize for basic questions here... :-). I'm afraid there's a default security issue or TCP wrapper related to freeBSD. Any suggestion where to start find out the problem should be very appreciable for me. thx. rgrds, Endin Suprana --- Neo-Vortex wrote: > check ipfw show to look at the currently loaded > ruleset, something else > may have added some other rules. > > also, check that there is no firewall/etc blocking > the ftp connection from > the client side and other things (such as isps/etc) > blocking it. > > On Mon, 24 Jan 2005, Endin Suprana wrote: > > > Hi all, > > > > I'm just setup a new freebsd to be a ftp server. > > ftp-ing from localhost was success, but when i was > > trying to ftp from other ip, got result > "Connection > > closed by remote host." __________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 08:16:34 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A62BD16A4CE for ; Tue, 25 Jan 2005 08:16:34 +0000 (GMT) Received: from web80902.mail.scd.yahoo.com (web80902.mail.scd.yahoo.com [66.218.95.65]) by mx1.FreeBSD.org (Postfix) with SMTP id 600C243D1D for ; Tue, 25 Jan 2005 08:16:34 +0000 (GMT) (envelope-from esuprana@yahoo.com) Received: (qmail 28385 invoked by uid 60001); 25 Jan 2005 08:16:34 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=bwfouxL0fFgNZ3BShCKZ/3XOIejq+jRrIZ/sYT1L6Tf+/5XNIML4Ozx3KBruqZbRrhJpo1uU0Ndd+XWRjit4uCeV0ratY16m4sxvZcjYkWey7+f6IUXw2QYYAAZIKAdSfg0PI1pVWidqJYViSlBBLRAr3tPClozpX5Iez3ATMow= ; Message-ID: <20050125081634.28383.qmail@web80902.mail.scd.yahoo.com> Received: from [202.158.91.20] by web80902.mail.scd.yahoo.com via HTTP; Tue, 25 Jan 2005 00:16:34 PST Date: Tue, 25 Jan 2005 00:16:34 -0800 (PST) From: Endin Suprana To: FreeBSD Security In-Reply-To: <00c201c502b3$39958930$3501a8c0@pro.sk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 08:16:34 -0000 Thx for reply, You're right i have typo it..:-) I did what you suggest, uncommented entry "ALL : ALL : allow" in /etc/hosts.allow and turn on IPFW verbose. Also add rule for ipfw: # ipfw add 10 allow all from any to any i've checked /var/log/security, but nothing's logged there. rgrds, endin suprana --- Peter Rosa wrote: > > Kernel already configure with firewall (with > options > > FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already > > May be I'm wrong and you have it OK, but the > kernel-option should read: > options IPFIREWALL_DEFAULT_TO_ACCEPT > > You have a typo *IP*FIREWALL.... > > If so, type: > # ipfw add 10 allow all from any to any > and try ftp-connet from remote. > > Peter Rosa > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue Jan 25 17:23:00 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 520E416A4CE for ; Tue, 25 Jan 2005 17:23:00 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5C6443D1D for ; Tue, 25 Jan 2005 17:22:57 +0000 (GMT) (envelope-from swhetzel@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so426717wri for ; Tue, 25 Jan 2005 09:22:57 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=RrkR3YBshn8EE/eKEFpqTgmXz5BFhAvpFpGRrVVgZiLIrmfBoEigCmAFyLfP+p22EAwT7LXp2aHb3wAiQevgUgw9IdswPlDfQx2WVMQ0nbEkdoCd1XuZb4UL0ljHkfv5VciY5k7bNJjaQRZ30b/BKX/HTmHgmo8Sc9RgvMvS90o= Received: by 10.54.49.9 with SMTP id w9mr100296wrw; Tue, 25 Jan 2005 09:22:57 -0800 (PST) Received: by 10.54.29.48 with HTTP; Tue, 25 Jan 2005 09:22:56 -0800 (PST) Message-ID: <790a9fff050125092264ab2008@mail.gmail.com> Date: Tue, 25 Jan 2005 11:22:56 -0600 From: Scot Hetzel To: Endin Suprana In-Reply-To: <20050125081634.28383.qmail@web80902.mail.scd.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <00c201c502b3$39958930$3501a8c0@pro.sk> <20050125081634.28383.qmail@web80902.mail.scd.yahoo.com> cc: FreeBSD Security Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Scot Hetzel List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 17:23:00 -0000 On Tue, 25 Jan 2005 00:16:34 -0800 (PST), Endin Suprana wrote: > Thx for reply, > > You're right i have typo it..:-) > > I did what you suggest, uncommented entry "ALL : ALL : > allow" in /etc/hosts.allow and turn on IPFW verbose. > Also add rule for ipfw: > # ipfw add 10 allow all from any to any > > i've checked /var/log/security, but nothing's logged > there. > It could be a reverse DNS lookup problem. As the ftpd is trying to get the reverse name and it is timingout the connection due to it is waiting for a reply from the DNS servers. Check to make sure the host your trying to connect from is in your DNS servers (or add it to the /etc/hosts file on the ftpd server). Scot From owner-freebsd-security@FreeBSD.ORG Wed Jan 26 07:55:21 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F8CE16A4CE for ; Wed, 26 Jan 2005 07:55:21 +0000 (GMT) Received: from web80910.mail.scd.yahoo.com (web80910.mail.scd.yahoo.com [66.218.95.76]) by mx1.FreeBSD.org (Postfix) with SMTP id E684B43D45 for ; Wed, 26 Jan 2005 07:55:20 +0000 (GMT) (envelope-from esuprana@yahoo.com) Received: (qmail 56993 invoked by uid 60001); 26 Jan 2005 07:55:20 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=kFhetF04kcrX6mW7YmdnChLbFX5rJsWUhF/xp2xrVXMJM71YwSWFiCD7P/3oxM0nX2CUsNvgk/JCdqWIAJQjcwiRTLXiyd1ucqwd4MY1tY+zWVF+yq7ytlIaVudQ3jGILHS00+GhHp86sJIYl+kv3iHrirQ8Ex75HWR8F1U+gjA= ; Message-ID: <20050126075520.56991.qmail@web80910.mail.scd.yahoo.com> Received: from [202.158.91.20] by web80910.mail.scd.yahoo.com via HTTP; Tue, 25 Jan 2005 23:55:20 PST Date: Tue, 25 Jan 2005 23:55:20 -0800 (PST) From: Endin Suprana To: FreeBSD Security In-Reply-To: <790a9fff050125092264ab2008@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: ftp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2005 07:55:21 -0000 Finally it's yours that save my day. Thx a lot. Sorry for starting this thread, as I thought it could be a security-misconfiguration of my freebsd. Hope all of you understand that. I think this thread is closed now..:-) best rgrds, Endin Suprana --- Scot Hetzel wrote: > It could be a reverse DNS lookup problem. As the > ftpd is trying to get > the reverse name and it is timingout the connection > due to it is > waiting for a reply from the DNS servers. Check to > make sure the host > your trying to connect from is in your DNS servers > (or add it to the > /etc/hosts file on the ftpd server). > > Scot > _______________________________________________ __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 From owner-freebsd-security@FreeBSD.ORG Wed Jan 26 17:11:05 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D521F16A4CE for ; Wed, 26 Jan 2005 17:11:05 +0000 (GMT) Received: from tx0.mail.ox.ac.uk (tx0.mail.ox.ac.uk [129.67.1.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88F2743D2F for ; Wed, 26 Jan 2005 17:11:05 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from scan0.mail.ox.ac.uk ([129.67.1.162] helo=localhost) by tx0.mail.ox.ac.uk with esmtp (Exim 4.42) id 1Ctqh6-0007kb-28 for freebsd-security@freebsd.org; Wed, 26 Jan 2005 17:11:04 +0000 Received: from rx0.mail.ox.ac.uk ([129.67.1.161]) by localhost (scan0.mail.ox.ac.uk [129.67.1.162]) (amavisd-new, port 25) with ESMTP id 29600-06 for ; Wed, 26 Jan 2005 17:11:04 +0000 (GMT) Received: from smtp2.herald.ox.ac.uk ([163.1.0.235]) by rx0.mail.ox.ac.uk with esmtp (Exim 4.42) id 1Ctqh6-0007kW-10 for freebsd-security@freebsd.org; Wed, 26 Jan 2005 17:11:04 +0000 Received: from dhcp1151.wadham.ox.ac.uk ([163.1.161.151]) by smtp2.herald.ox.ac.uk with esmtp (Exim 3.35 #1) id 1Ctqh6-000754-3n for freebsd-security@freebsd.org; Wed, 26 Jan 2005 17:11:04 +0000 Message-ID: <41F7CF27.1070200@freebsd.org> Date: Wed, 26 Jan 2005 17:11:03 +0000 From: Colin Percival User-Agent: Mozilla Thunderbird 1.0 (X11/20050113) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <20050125170210.GA50042@bloom.cse.buffalo.edu> In-Reply-To: <20050125170210.GA50042@bloom.cse.buffalo.edu> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 27 Jan 2005 14:24:12 +0000 Subject: Re: [FreeBSD-Announce] FreeBSD 4.11-RELEASE is now available X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2005 17:11:06 -0000 Ken Smith wrote: > The Release Engineering Team is happy to announce the availability > of FreeBSD 4.11-RELEASE, the latest release of the FreeBSD Legacy > development branch... Just in case anyone is wondering why FreeBSD Update isn't working on FreeBSD 4.11 yet: My D.Phil thesis defence is tomorrow, and I haven't had time to set up my buildbox to handle FreeBSD 4.11 yet. It should be working by the end of the week (and the delay shouldn't matter, since there aren't going to be any security advisories released for FreeBSD 4.11 in the next few days). Colin Percival From owner-freebsd-security@FreeBSD.ORG Thu Jan 27 14:52:41 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A6E416A4CE for ; Thu, 27 Jan 2005 14:52:41 +0000 (GMT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id D028243D41 for ; Thu, 27 Jan 2005 14:52:39 +0000 (GMT) (envelope-from roam@ringlet.net) Received: (qmail 24499 invoked from network); 27 Jan 2005 14:52:30 -0000 Received: from unknown (HELO straylight.ringlet.net) (213.16.36.109) by gandalf.online.bg with SMTP; 27 Jan 2005 14:52:30 -0000 Received: (qmail 96489 invoked by uid 1000); 27 Jan 2005 14:52:33 -0000 Date: Thu, 27 Jan 2005 16:52:33 +0200 From: Peter Pentchev To: Colin Percival Message-ID: <20050127145233.GA95482@straylight.m.ringlet.net> Mail-Followup-To: Colin Percival , freebsd-security@freebsd.org References: <20050125170210.GA50042@bloom.cse.buffalo.edu> <41F7CF27.1070200@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: <41F7CF27.1070200@freebsd.org> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD 4.11-RELEASE is now available X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 14:52:41 -0000 --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 26, 2005 at 05:11:03PM +0000, Colin Percival wrote: > Ken Smith wrote: > >The Release Engineering Team is happy to announce the availability > >of FreeBSD 4.11-RELEASE, the latest release of the FreeBSD Legacy > >development branch... >=20 > Just in case anyone is wondering why FreeBSD Update isn't working on > FreeBSD 4.11 yet: My D.Phil thesis defence is tomorrow... Ahh... Best of luck, then! Sometimes being lucky is better than being prepared ;) [snip] > ...there aren't going to be any security advisories released for > FreeBSD 4.11 in the next few days Promise? Scout's honor? :P G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 When you are not looking at it, this sentence is in Spanish. --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB+QAx7Ri2jRYZRVMRAu+WAKCCTEDN3pDYrGT7gsswGb0ej2qqRQCfQBbJ BDCVQNLXlo5goqZCWf/KsJI= =xLPF -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- From owner-freebsd-security@FreeBSD.ORG Thu Jan 27 15:07:29 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 389B416A4CE for ; Thu, 27 Jan 2005 15:07:29 +0000 (GMT) Received: from mail.freebsd.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with SMTP id C423043D3F for ; Thu, 27 Jan 2005 15:07:18 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 54900 invoked by uid 0); 27 Jan 2005 14:59:05 -0000 Received: from unknown (HELO beastie.frontfree.net) (219.239.99.7) by mail.freebsd.org.cn with SMTP; 27 Jan 2005 14:59:05 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id 4595A1316B4; Thu, 27 Jan 2005 23:07:04 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32440-05; Thu, 27 Jan 2005 23:06:54 +0800 (CST) Received: from localhost.localdomain (unknown [61.49.109.64]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by beastie.frontfree.net (Postfix) with ESMTP id 10A7F1314F1; Thu, 27 Jan 2005 23:06:54 +0800 (CST) From: Xin LI To: Colin Percival In-Reply-To: <41F7CF27.1070200@freebsd.org> References: <20050125170210.GA50042@bloom.cse.buffalo.edu> <41F7CF27.1070200@freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-si5JzBnT79TWWQALYQPK" Organization: The FreeBSD Simplified Chinese Project Date: Thu, 27 Jan 2005 23:05:38 +0800 Message-Id: <1106838338.1800.10.camel@spirit> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port X-Virus-Scanned: by amavisd-new at frontfree.net cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD 4.11-RELEASE is now available X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: delphij@delphij.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 15:07:29 -0000 --=-si5JzBnT79TWWQALYQPK Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =E5=9C=A8 2005-01-26=E4=B8=89=E7=9A=84 17:11 +0000=EF=BC=8CColin Percival= =E5=86=99=E9=81=93=EF=BC=9A > Ken Smith wrote: > > The Release Engineering Team is happy to announce the availability > > of FreeBSD 4.11-RELEASE, the latest release of the FreeBSD Legacy > > development branch... >=20 > Just in case anyone is wondering why FreeBSD Update isn't working on > FreeBSD 4.11 yet: My D.Phil thesis defence is tomorrow, and I haven't [snip] Good luck! BTW. FreeBSD Update is great :-) Cheers, --=20 Xin LI http://www.delphij.net/ --=-si5JzBnT79TWWQALYQPK Content-Type: application/pgp-signature; name=signature.asc Content-Description: =?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?= =?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8?= =?UTF-8?Q?=E5=88=86?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB+QNC/cVsHxFZiIoRAq1HAJ9jFQSug4n8sOlvyIPziQEaf7d3hACfawBm iIB0HA02dIA5lfeQnc3mwWM= =agZ9 -----END PGP SIGNATURE----- --=-si5JzBnT79TWWQALYQPK-- From owner-freebsd-security@FreeBSD.ORG Fri Jan 28 10:19:07 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A53616A4CE for ; Fri, 28 Jan 2005 10:19:07 +0000 (GMT) Received: from ux11.ltcm.net (ux11.ltcm.net [64.215.98.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A5FA43D1D for ; Fri, 28 Jan 2005 10:19:06 +0000 (GMT) (envelope-from mipam@ibb.net) Received: from ux11.ltcm.net (mipam@localhost.ltcm.net [IPv6:::1]) by ux11.ltcm.net (8.12.9/8.12.9/UX11TT) with ESMTP id j0SAJ395005117 for ; Fri, 28 Jan 2005 11:19:04 +0100 (MET) Received: from localhost (mipam@localhost) by ux11.ltcm.net (8.12.9/8.12.9/Submit) with ESMTP id j0SAJ2dw030912 for ; Fri, 28 Jan 2005 11:19:03 +0100 (MET) X-Authentication-Warning: ux11.ltcm.net: mipam owned process doing -bs Date: Fri, 28 Jan 2005 11:19:02 +0100 (MET) From: Mipam X-X-Sender: mipam@ux11.ltcm.net To: freebsd-security@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: fbsd not vulnerable to recent bind issues? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2005 10:19:07 -0000 Hi, Recently some security issues with bind have come up. NetBSD patched it's version of 9.3.0: http://mail-index.netbsd.org/source-changes/2005/01/27/0009.html Is the version in RELENG_5 not affected? (ftp://ftp.isc.org/isc/bind/9.3.0/9.3.0-patch1) Bye, Mipam. From owner-freebsd-security@FreeBSD.ORG Thu Jan 27 14:59:17 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37BF516A4CE; Thu, 27 Jan 2005 14:59:17 +0000 (GMT) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1B9843D1F; Thu, 27 Jan 2005 14:59:16 +0000 (GMT) (envelope-from trhodes@FreeBSD.org) Received: from mobile.pittgoth.com (64-144-75-100.client.dsl.net [64.144.75.100]) (authenticated bits=0) by pittgoth.com (8.12.10/8.12.10) with ESMTP id j0RExFKw009413 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 27 Jan 2005 09:59:16 -0500 (EST) (envelope-from trhodes@FreeBSD.org) Date: Thu, 27 Jan 2005 09:59:25 -0500 From: Tom Rhodes To: Peter Pentchev Message-ID: <20050127095925.0774f753@mobile.pittgoth.com> In-Reply-To: <20050127145233.GA95482@straylight.m.ringlet.net> References: <20050125170210.GA50042@bloom.cse.buffalo.edu> <41F7CF27.1070200@freebsd.org> <20050127145233.GA95482@straylight.m.ringlet.net> X-Mailer: Sylpheed-Claws 0.9.13 (GTK+ 1.2.10; i386-portbld-freebsd5.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 28 Jan 2005 13:28:27 +0000 cc: freebsd-security@FreeBSD.org cc: Colin Percival Subject: Re: [FreeBSD-Announce] FreeBSD 4.11-RELEASE is now available X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 14:59:17 -0000 On Thu, 27 Jan 2005 16:52:33 +0200 Peter Pentchev wrote: > On Wed, Jan 26, 2005 at 05:11:03PM +0000, Colin Percival wrote: > > Ken Smith wrote: > > >The Release Engineering Team is happy to announce the availability > > >of FreeBSD 4.11-RELEASE, the latest release of the FreeBSD Legacy > > >development branch... > > > > Just in case anyone is wondering why FreeBSD Update isn't working on > > FreeBSD 4.11 yet: My D.Phil thesis defence is tomorrow... > > Ahh... Best of luck, then! Sometimes being lucky is better than being > prepared ;) > > [snip] > > ...there aren't going to be any security advisories released for > > FreeBSD 4.11 in the next few days > > Promise? Scout's honor? :P We can't promise you that, it ruins the element of surprise. hehehe. -- Tom Rhodes From owner-freebsd-security@FreeBSD.ORG Fri Jan 28 18:13:02 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D22A16A4CE for ; Fri, 28 Jan 2005 18:13:02 +0000 (GMT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2166843D41 for ; Fri, 28 Jan 2005 18:13:02 +0000 (GMT) (envelope-from DougB@freebsd.org) Received: from lap (c-24-130-110-32.we.client2.attbi.com[24.130.110.32]) by comcast.net (rwcrmhc13) with SMTP id <20050128181301015009oplle>; Fri, 28 Jan 2005 18:13:01 +0000 Date: Fri, 28 Jan 2005 10:13:00 -0800 (PST) From: Doug Barton To: Mipam In-Reply-To: Message-ID: <20050128101001.N2359@ync.qbhto.arg> References: Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-security@freebsd.org Subject: Re: fbsd not vulnerable to recent bind issues? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2005 18:13:02 -0000 On Fri, 28 Jan 2005, Mipam wrote: > Hi, > > Recently some security issues with bind have come up. > NetBSD patched it's version of 9.3.0: > > http://mail-index.netbsd.org/source-changes/2005/01/27/0009.html > > Is the version in RELENG_5 not affected? > (ftp://ftp.isc.org/isc/bind/9.3.0/9.3.0-patch1) Our version does have the vulerability, however the nature of the vulnerability is such that it's incredibly unlikely that our users would be affected. That said, I am currently working with the 9.3.1 beta sources to be ready to upgrade promptly, and if 9.3.1-REL doesn't come out "soon," I'll import the patch. What I can do today is patch the port, stay tuned for that. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Sat Jan 29 02:59:54 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85B5D16A4CE; Sat, 29 Jan 2005 02:59:54 +0000 (GMT) Received: from harik.murex.com (mail.murex.com [194.98.239.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCFDF43D31; Sat, 29 Jan 2005 02:59:53 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from interscan.fr.murex.com (iscan.murex.fr [172.21.17.207] (may be forged)) by harik.murex.com with ESMTP id j0T2oRgu027748; Sat, 29 Jan 2005 03:50:27 +0100 (CET) Received: from mxmail.murex.com (interscan.murex.fr [127.0.0.1]) by interscan.fr.murex.com (8.11.6/8.11.6) with ESMTP id j0T32X800758; Sat, 29 Jan 2005 04:02:37 +0100 Received: from mteterin.us.murex.com ([172.21.130.86]) by mxmail.murex.com with Microsoft SMTPSVC(6.0.3790.0); Sat, 29 Jan 2005 03:59:21 +0100 From: Mikhail Teterin Organization: Virtual Estates, Inc. To: questions@FreeBSD.org Date: Fri, 28 Jan 2005 21:59:21 -0500 User-Agent: KMail/1.7.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200501282159.21711.mi+mx@aldan.algebra.com> X-OriginalArrivalTime: 29 Jan 2005 02:59:22.0166 (UTC) FILETIME=[8873B560:01C505AE] X-Mailman-Approved-At: Sat, 29 Jan 2005 13:08:55 +0000 cc: freebsd-security@FreeBSD.org Subject: Cyrus IMAP crashes after reading /etc/krb5.conf X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jan 2005 02:59:54 -0000 Hello! I'm trying to configure a freshly built mail/cyrus-imapd22 to work and authenticate accounts -- Kerberos and plain text. The GSSAPI authentication works already. After doing kinit, I can do ``imtest -m GSSAPI hostname'' and it succeeds. Now I'm trying to login with plain text (over SSL). Cyrus' imapd keeps crashing from SIGBUS. According to ktrace, this happens right after reading the krb5.conf (I replaced our domain with "example" below): 29641 imapd CALL open(0x8167e80,0,0x1b6) 29641 imapd NAMI "/etc/krb5.conf" 29641 imapd RET open 12/0xc 29641 imapd CALL fstat(0xc,0xbfbfbb40) 29641 imapd RET fstat 0 29641 imapd CALL read(0xc,0x8172000,0x4000) 29641 imapd GIO fd 12 read 370 bytes "# This is from http://barney.gonzaga.edu/~awithers/integration/ [libdefaults] default_realm = US.EXAMPLE.COM #dns_lookup_realm = true #dns_lookup_kdc = true default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5 [realms] US.MUREX.COM = { kdc = blake.us.example.com:88 kpasswd_server = blake.us.example.com:464 } [domain_realm] .us.example.com = US.EXAMPLE.COM " 29641 imapd RET read 370/0x172 29641 imapd CALL read(0xc,0x8172000,0x4000) 29641 imapd GIO fd 12 read 0 bytes "" 29641 imapd RET read 0 29641 imapd CALL close(0xc) 29641 imapd RET close 0 29641 imapd CALL issetugid 29641 imapd RET issetugid 0 29641 imapd CALL __sysctl(0xbfbfa6c8,0x2,0xbfbfa6c0,0xbfbfa6c4,0,0) 29641 imapd RET __sysctl 0 29641 imapd PSIG SIGSEGV SIG_DFL 29641 imapd NAMI "imapd.core" Is there anything obviously wrong with the file itself? Why else would Cyrus crash right after reading it? Note, that Blake is a Windows 2000 server... Another change I did was modifying the /etc/pam.d/system to make both unix and krb5 sufficient: --- /usr/src/etc/pam.d/system Sat Jun 14 08:35:05 2003 +++ /etc/pam.d/system Fri Jan 28 20:29:06 2005 @@ -9,5 +9,5 @@ auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass +auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +auth sufficient pam_unix.so no_warn try_first_pass nullok Thank you very much for any hints! -mi