Search results

Depends on what you are trying to do. I use security/pam_google_authenticator on my publicly accessible server to require TOTP 2FA. Another option would be something like a Yubikey. I've got a Yubikey 4 setup in PIV mode that use store my SSH key on.

If you are looking for something to run at boot time, you could either create an rc.d script or use crond to execute with an @reboot command in the crontab.

Your user is getting blocked because of the reject_unauth_destination in smtpd_recipient_restrictions. The verbiage for that (found at http://www.postfix.org/postconf.5.html#reject_unauth_destination) is: I don't see in the logs that the user is using SASL, so maybe they aren't authenticating?

Note, while using SHA-512 is pretty good, it was not designed as a way to secure passwords. You didn't salt your password. Additionally, using something like bcrypt is far better as it was designed to be a password hashing algorithm, not a digesting algorithm.

Generally the receiving syslogd server will add the remote node that it received the message from.

Remember, su is also a SUID program. So I wouldn't exactly say that one is worse than the other, they both have purpose for use. I use sudo on my personal hosts as well, I think the security model works easier for me. I often use it on throwaway VMs with NOPASSWD to make my life easier for...

We use Likewise at my work for our Mac's. The advantage of Likewise (now owned by BeyondTrust if memory serves) is the ability to apply Windows GPOs and have them mapped to a Unix host. Seems a little hacky to me, but we use it with good effect at work. Still, depending on how many FreeBSD hosts...

Technically, you should probably be calling geteuid and not getuid. Probably not a problem as you shouldn't be installing this program setuid, but nevertheless....

Back in the dotcom days of 2000, I was working at an online greeting card company. We used a NetApp filer for backend storage for all of the cards. I was working on cleaning a directory structure up that didn't have any cards in it. Unfortunately, I was in the wrong directory and a simple rm -rf...

If you want to restore the default files that are in /etc, look in /usr/src/etc. It mirrors the path in /etc.

I suspect they want to be the center of the IPv6 universe, not unlike how people like Level3 are the center of the IPv4 universe.

You aren't waiting for the server responses. You aren't even checking the server responses. Use a mail library, don't write your own.

See my post on a similar thread: http://forums.freebsd.org/showthread.php?t=21554

#! /bin/sh got_tool() { local IFS=: for dir in $PATH; do if [ -x "$dir/$1" ]; then return 0 fi done return 1 } got_tool cat echo $? got_tool notatool echo $?

This isn't something the shell can do.

You can use NIS to be your directory service without any passwords (ie, all locked accounts) and just used some other authentication mechanism. LDAP is a PITA to setup, NIS is simpler from that point of view.

I wouldn't recommend recompiling your base OS with anything other than the compiler it shipped with. Unpredictable results will probably crop up. For your system compiler, stability is generally more important than the theoretical 3% speed boost you get compared to a different compiler.

Try running id -P test.account. Does it return anything? You might need to check /etc/nsswitch.conf to ensure that it is using compat with nis as the compat sourcetype.

I would agree that it is less than useful. I was thinking the Single Unix Specification might shed some light on it, but it doesn't address the local shell builtin. It does have the readonly builtin: From that point of view, it's pretty clear, once readonly, always readonly, no matter the scoping.

There are 2 variables, but the readonly flag is preserved. From the sh page: So, it continues to be readonly in this case.