"passwordtime" is what passwd(1) has actually been using. I suspect
passwordperiod was the original intent. I can't figure-out which,
if either, BSDi uses. If anyone knows...
thing to use it at startup, when you don't know if the user can
handle vi or not, but yet another thing to leave it as a permanent
land mine for root.
2. Put /usr/X11R6/bin in path; it makes getting the desktop up a lot easier.
automagically find all the partitions. This is to be preferred to the
somewhat emetic usage of vinum_slices and the equally obnoxious 'vinum
read' command.
log_in_vain:
log_in_vain turns on logging for packets to ports for which
there is no listener.
rc.sysctl:
A generic way to set sysctl values. It reads /etc/syslog.conf
and sets values based on that. No /etc/syslog.conf has been
checked in yet, and I've not added this to the makefile yet
until I get more feedback.
Reviewed by: -current, -hackers and bde especially
enable_quotas - use quotas on your system
check_quotas - check for violations on startup
By assuming that a system was neat and without violation before it booted
we can skip a long (and at that point needless) process.
Submitted by: Alex Perel <veers@disturbed.net>
suitable defaults pointing to the FreeBSD-shipped versions. This will allow
for easier integration of third-party replacements for these daemons.
Reviewed by: Several members of -committers
he moved rc.conf. Then he deleted rc.diskless when it ( of course ) didn't
work. Now I'm putting the originally accidently removed rc.diskless{1,2}
back in.
we set in rc.conf.
Background: the `vinum read' command has changed. For a short period
of time, it required the names of the slices on which vinum was
stored. Now it requires the names of the drives.
Strictly speaking, it is not necessary; the screen saver will load
even if the splash module is still in memory. But still, it is the right
thing to do, otherwise the splash decoder module just wasts the kernel space.
Discussed with: des
let it rotate /var/log/wtmp again, and update monthly/200.accounting to
take this into account. (Some sites might want to change the parameters
of the rotation; it's easier to do this when it's all centralized in
newsyslog.conf.)
variable and propogates back to /etc/rc where it will be used to
locate the rc.local file. The local variable will also be used by
/etc/rc.conf. Note that /etc/rc.conf reverts to its prior operation
of accessing /etc/rc.conf.local if run standalone.
rc.conf should only contain simple ops. We still keep the conf_dir
override, however, and this will be used when rc.conf is run from
/etc/rc in a diskless configuration.
about this becase that makes it get run *before* the filesystems are
mounted. If people have added stuff to their rc.conf or rc.conf.local
that uses stuff outside of /bin and /sbin, this will break.
since the kernel must be booted from something ( like a floppy ). This
script must occur near the beginning of the rc file in order to support
read-only NFS mounts, which in turn allows all the BOOTP machines to use
the same / and /usr.
The companion rc.diskless script is forthcoming.
This means that if(when) you go "sh MAKEDEV all" in /dev
the devices get remade; you don't get errors.
A lot of the changes are for info only; they are commented out.
Not exactly shot to pieces by: bde
This should be merged into RELENG_3 and a similar patch may be needed
for RELENG_2_2, should that deemed necessary.
Make world succeeded with these patches in my tree.
Submitted by: "Kaleb S. KEITHLEY" <kaleb@ics.com>
vinum_slices to the names of all slices (block device) which are under
the control of vinum. The configuration will be read in from each in
turn, starting with the most recently updated.
Reviewed-by: jkh
normal ifconfig stuff, one might need to pass down authentication
parameters for them.
This is closely tied to Hellmuth's impending rc patches for ISDN, but
sppp can also be used separately (thus it doesn't go directly into the
planned ISDN section of rc.conf).
Reviewed by: hm
I have not enabled rbl by default, I understand an 'opt-in' is a key part
of it's legal protection.
Activate a few optional features (access_db, virtusertable, etc) which will
operate if (and only if) the corresponding table is created.
I've also turned on the MIME buffer overflow checking with sendmail.org's
recommended values (256/128).
to be written to /etc.
The only essential change is in paths.h, so any third-party software
written correctly will pick it up in the next rebuild.
Reviewed by: the committers list (actually an old version)
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.
PR: bin/9091
Submitted By: Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list
man(1) will utilize manpath(1) if MANPATH is unset in the environment,
and with our existing manpath.config it is enough to find the X11
pages among others.
PR: 8587
Submitted by: Marc Slemko <marcs@znep.com>
mechanisms ('bind' user and group) in place so the feature can be easily
turned on. There were too many complaints. The security(1) man
page will be created/updated to include the appropriate info.
Delete rc.local from CVS tree, its remaining functionality has been
moved to /etc/rc. /etc/rc still supports an rc.local but it is now
a 100% user-controlled file.
Commit changes to rc and rc.local, removing the remaining minimal
functionality of rc.local into rc and commenting it out of rc.local
prior to the deletion of rc.local from the CVS tree.
(3?) people will make an effort to help those who would have benefitted from
this change. And just telling them that they should read and understand
the significance of each message posted to -current is not really good
enough IMHO.
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
to the comments in named.conf to describe to the user how to create it.
(named.conf does not use /etc/namedb/s by default anyway so us not
pre-created it in the mtree does not hurt us terribly).
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
subdirectory (user bind, group bind) to hold secondaries, adjust
comments in named.conf to reflect new secondary scheme. (Note that
core read-only zone files are left owned by root, increasing security even
more).
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
methods used by login. Changes to "/usr/bin/login" to use it will
be committed later today. The format of the file is described in
pam(8).
This sample file makes login behave in the traditional way. To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.
As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.
This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
header files go. I am not too happy about the name. But if we are
to have any hope of being able to use 3rd party PAM modules, we'll
have to live with it.
Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:
# cd /usr/src/usr.sbin/xntpd/util
# make all install
There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.
Kinda-approved-by: phk
rwho iff /var/rwho is empty. Call `uptime' instead. This doesn't
belong under `network' right away, but at least reports the same
informaton about the local system. rwhod is not turned on by default
(for good reason), and i've already seen too many of the above
messages...
original contents of the file preserved as examples for administrators
that need to enable them.
Also add a comment to the examples pointing out that the authentication
functionality is largely unused and requires rebuilding libutil.
Reviewed by: jkh
file formats. I have added a new rc.conf variable ${ldconfig_paths_aout}
which is like ${ldconfig_paths}, but only for a.out shared libraries.
On a "standard" ELF system, the ELF ldconfig path is taken from
${ldconfig_paths}, while the a.out ldconfig path is taken from
${ldconfig_paths_aout}.
On a not-yet-converted a.out system, only the a.out ldconfig path
is set, and it is taken from ${ldconfig_paths_aout}. If that
variable is unset, /etc/rc defaults it to the value of ${ldconfig_paths},
on the assumption that the system's "/etc/rc.conf" file hasn't been
updated.
committed a fix for in 2 days and 3 different people have forgotten
to update this file. GRRR! What's it going to take, electrodes to
the sensitive bits, people?? :-)
===================================
HARP | Host ATM Research Platform
===================================
HARP 3
What is this stuff?
-------------------
The Advanced Networking Group (ANG) at the Minnesota Supercomputer Center,
Inc. (MSCI), as part of its work on the MAGIC Gigabit Testbed, developed
the Host ATM Research Platform (HARP) software, which allows IP hosts to
communicate over ATM networks using standard protocols. It is intended to
be a high-quality platform for IP/ATM research.
HARP provides a way for IP hosts to connect to ATM networks. It supports
standard methods of communication using IP over ATM. A host's standard IP
software sends and receives datagrams via a HARP ATM interface. HARP provides
functionality similar to (and typically replaces) vendor-provided ATM device
driver software.
HARP includes full source code, making it possible for researchers to
experiment with different approaches to running IP over ATM. HARP is
self-contained; it requires no other licenses or commercial software packages.
HARP implements support for the IETF Classical IP model for using IP over ATM
networks, including:
o IETF ATMARP address resolution client
o IETF ATMARP address resolution server
o IETF SCSP/ATMARP server
o UNI 3.1 and 3.0 signalling protocols
o Fore Systems's SPANS signalling protocol
What's supported
----------------
The following are supported by HARP 3:
o ATM Host Interfaces
- FORE Systems, Inc. SBA-200 and SBA-200E ATM SBus Adapters
- FORE Systems, Inc. PCA-200E ATM PCI Adapters
- Efficient Networks, Inc. ENI-155p ATM PCI Adapters
o ATM Signalling Protocols
- The ATM Forum UNI 3.1 signalling protocol
- The ATM Forum UNI 3.0 signalling protocol
- The ATM Forum ILMI address registration
- FORE Systems's proprietary SPANS signalling protocol
- Permanent Virtual Channels (PVCs)
o IETF "Classical IP and ARP over ATM" model
- RFC 1483, "Multiprotocol Encapsulation over ATM Adaptation Layer 5"
- RFC 1577, "Classical IP and ARP over ATM"
- RFC 1626, "Default IP MTU for use over ATM AAL5"
- RFC 1755, "ATM Signaling Support for IP over ATM"
- RFC 2225, "Classical IP and ARP over ATM"
- RFC 2334, "Server Cache Synchronization Protocol (SCSP)"
- Internet Draft draft-ietf-ion-scsp-atmarp-00.txt,
"A Distributed ATMARP Service Using SCSP"
o ATM Sockets interface
- The file atm-sockets.txt contains further information
What's not supported
--------------------
The following major features of the above list are not currently supported:
o UNI point-to-multipoint support
o Driver support for Traffic Control/Quality of Service
o SPANS multicast and MPP support
o SPANS signalling using Efficient adapters
This software was developed under the sponsorship of the Defense Advanced
Research Projects Agency (DARPA).
Reviewed (lightly) by: phk
Submitted by: Network Computing Services, Inc.
addresses by default.
Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".
Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).
Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>