f



Kerberos, external-keyx authentication, Mac OS X

Hello:

I am trying to build OpenSSH with Kerberos support on my iBook and
having a lot of trouble.

The configure script lists --with-kerberos5 option and if I compile
with this, the libraries are found and I get this at the end of
configure



OpenSSH has been configured with the following options:
                     User binaries: /usr/bin
                   System binaries: /usr/sbin
               Configuration files: /usr/etc
                   Askpass program: /usr/libexec/ssh-askpass
                      Manual pages: /usr/share/man/manX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
                    Manpage format: doc
                       PAM support: no
                   OSF SIA support: no
                 KerberosV support: yes
                   SELinux support: no
                 Smartcard support: no
                     S/KEY support: no
              TCP Wrappers support: no
              MD5 password support: no
                   libedit support: no
  Solaris process contract support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: no
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY

              Host: powerpc-apple-darwin7.9.0
          Compiler: gcc
    Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -
Wsign-compare
Preprocessor flags: -I/usr/include  -I/usr/local/include -I/usr/local/
include/gssapi
      Linker flags: -L/usr/lib  -L/usr/local/lib
         Libraries:   -lcrypto -lz  -lgssapi_krb5 -lkrb5 -lk5crypto -
lcom_err



This looks good, and "make; make install" succeeds without a hitch,
but still, the final product seems to have no concept of the "external-
keyx" Authentication which the Fermi Lab server is trying to use.  In
detail:



crs@crsibook: ssh -v -Y crs@server.gov -o "PreferredAuthentications
external-keyx"
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /Users/crs/.ssh/config
debug1: Reading configuration data /usr/etc/ssh_config
debug1: Connecting to server.gov [...] port 22.
debug1: Connection established.
debug1: identity file /Users/crs/.ssh/identity type -1
debug1: identity file /Users/crs/.ssh/id_rsa type 1
debug1: identity file /Users/crs/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1f12
debug1: match: OpenSSH_3.5p1f12 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server.gov' is known and matches the RSA host key.
debug1: Found key in /Users/crs/.ssh/known_hosts:26
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: external-
keyx,gssapi,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (external-keyx,gssapi,keyboard-interactive).




For comparison, a successful log-in on a linux machine using an older
version of OpenSSH looks like



crs@crs1 hmc: ssh35p1f12 -v -X server.gov -o "PreferredAuthentications
external-keyx"
OpenSSH_3.5p1f12, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
31505: debug1: Reading configuration data .../.ssh/config
31505: debug1: Reading configuration data /etc/ssh/ssh_config
31505: debug1: Applying options for *
31505: debug1: Rhosts Authentication disabled, originating port will
not be trusted.
31505: debug1: ssh_connect: needpriv 0
31505: debug1: Connecting to server.gov [... ] port 22.
31505: debug1: Connection established.
31505: debug1: identity file .../ crs/.ssh/identity type -1
31505: debug1: identity file .../crs/.ssh/id_rsa type -1
31505: debug1: identity file .../crs/.ssh/id_dsa type -1
31505: debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1f12
31505: debug1: match: OpenSSH_3.5p1f12 pat OpenSSH*
31505: debug1: Enabling compatibility mode for protocol 2.0
31505: debug1: Local version string SSH-2.0-OpenSSH_3.5p1f12
31505: debug1: SSH2_MSG_KEXINIT sent
31505: debug1: SSH2_MSG_KEXINIT received
31505: debug1: kex: server->client aes128-cbc hmac-md5 none
31505: debug1: kex: client->server aes128-cbc hmac-md5 none
31505: debug1: dh_gen_key: priv key bits set: 124/256
31505: debug1: bits set: 543/1024
31505: debug1: Calling gss_init_sec_context
31505: debug1: Delegating credentials
31505: debug1: Received GSSAPI_COMPLETE
31505: debug1: Calling gss_init_sec_context
31505: debug1: Delegating credentials
31505: debug1: bits set: 516/1024
31505: debug1: kex_derive_keys
31505: debug1: newkeys: mode 1
31505: debug1: SSH2_MSG_NEWKEYS sent
31505: debug1: waiting for SSH2_MSG_NEWKEYS
31505: debug1: newkeys: mode 0
31505: debug1: SSH2_MSG_NEWKEYS received
31505: debug1: done: ssh_kex2.
31505: debug1: send SSH2_MSG_SERVICE_REQUEST
31505: debug1: service_accept: ssh-userauth
31505: debug1: got SSH2_MSG_SERVICE_ACCEPT
31505: debug1: authentications that can continue: external-
keyx,gssapi,keyboard-interactive
31505: debug1: next auth method to try is external-keyx
31505: debug1: ssh-userauth2 successful: method external-keyx
31505: debug1: channel 0: new [client-session]
31505: debug1: send channel open 0
31505: debug1: Entering interactive session.


I am trying to use the most recent version of OpenSSH, 4.6p1, but I
have also tried with the 3.5p1, which the server uses, and have the
same problem.  I have looked online for help and not been able to find
it. ... I would appreciate any help you can give me.

0
7/3/2007 10:20:27 PM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

1 Replies
551 Views

Similar Articles

[PageSpeed] 31

> Hello:
> I am trying to build OpenSSH with Kerberos support on my iBook and
> having a lot of trouble.
> 
> The configure script lists --with-kerberos5 option and if I compile
> with this, the libraries are found and I get this at the end of
> configure
> 
> 
> 
> OpenSSH has been configured with the following options:
>                      User binaries: /usr/bin
>                    System binaries: /usr/sbin
>                Configuration files: /usr/etc
>                    Askpass program: /usr/libexec/ssh-askpass
>                       Manual pages: /usr/share/man/manX
>                           PID file: /var/run
>   Privilege separation chroot path: /var/empty
>             sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
>                     Manpage format: doc
>                        PAM support: no
>                    OSF SIA support: no
>                  KerberosV support: yes
>                    SELinux support: no
>                  Smartcard support: no
>                      S/KEY support: no
>               TCP Wrappers support: no
>               MD5 password support: no
>                    libedit support: no
>   Solaris process contract support: no
>        IP address in $DISPLAY hack: no
>            Translate v4 in v6 hack: no
>                   BSD Auth support: no
>               Random number source: OpenSSL internal ONLY
> 
>               Host: powerpc-apple-darwin7.9.0
>           Compiler: gcc
>     Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -
> Wsign-compare
> Preprocessor flags: -I/usr/include  -I/usr/local/include -I/usr/local/
> include/gssapi
>       Linker flags: -L/usr/lib  -L/usr/local/lib
>          Libraries:   -lcrypto -lz  -lgssapi_krb5 -lkrb5 -lk5crypto -
> lcom_err
> 
> 
> 
> This looks good, and "make; make install" succeeds without a hitch,
> but still, the final product seems to have no concept of the "external-
> keyx" Authentication which the Fermi Lab server is trying to use.  In
> detail:
> 
> 
> 
> crs@crsibook: ssh -v -Y crs@server.gov -o "PreferredAuthentications
> external-keyx"
> OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
> debug1: Reading configuration data /Users/crs/.ssh/config
> debug1: Reading configuration data /usr/etc/ssh_config
> debug1: Connecting to server.gov [...] port 22.
> debug1: Connection established.
> debug1: identity file /Users/crs/.ssh/identity type -1
> debug1: identity file /Users/crs/.ssh/id_rsa type 1
> debug1: identity file /Users/crs/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.5p1f12
> debug1: match: OpenSSH_3.5p1f12 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.6
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'server.gov' is known and matches the RSA host key.
> debug1: Found key in /Users/crs/.ssh/known_hosts:26
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: external-
> keyx,gssapi,keyboard-interactive
> debug1: No more authentication methods to try.
> Permission denied (external-keyx,gssapi,keyboard-interactive).
> 
> 
> 
> 
> For comparison, a successful log-in on a linux machine using an older
> version of OpenSSH looks like
> 
> 
> 
> crs@crs1 hmc: ssh35p1f12 -v -X server.gov -o "PreferredAuthentications
> external-keyx"
> OpenSSH_3.5p1f12, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> 31505: debug1: Reading configuration data .../.ssh/config
> 31505: debug1: Reading configuration data /etc/ssh/ssh_config
> 31505: debug1: Applying options for *
> 31505: debug1: Rhosts Authentication disabled, originating port will
> not be trusted.
> 31505: debug1: ssh_connect: needpriv 0
> 31505: debug1: Connecting to server.gov [... ] port 22.
> 31505: debug1: Connection established.
> 31505: debug1: identity file .../ crs/.ssh/identity type -1
> 31505: debug1: identity file .../crs/.ssh/id_rsa type -1
> 31505: debug1: identity file .../crs/.ssh/id_dsa type -1
> 31505: debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.5p1f12
> 31505: debug1: match: OpenSSH_3.5p1f12 pat OpenSSH*
> 31505: debug1: Enabling compatibility mode for protocol 2.0
> 31505: debug1: Local version string SSH-2.0-OpenSSH_3.5p1f12
> 31505: debug1: SSH2_MSG_KEXINIT sent
> 31505: debug1: SSH2_MSG_KEXINIT received
> 31505: debug1: kex: server->client aes128-cbc hmac-md5 none
> 31505: debug1: kex: client->server aes128-cbc hmac-md5 none
> 31505: debug1: dh_gen_key: priv key bits set: 124/256
> 31505: debug1: bits set: 543/1024
> 31505: debug1: Calling gss_init_sec_context
> 31505: debug1: Delegating credentials
> 31505: debug1: Received GSSAPI_COMPLETE
> 31505: debug1: Calling gss_init_sec_context
> 31505: debug1: Delegating credentials
> 31505: debug1: bits set: 516/1024
> 31505: debug1: kex_derive_keys
> 31505: debug1: newkeys: mode 1
> 31505: debug1: SSH2_MSG_NEWKEYS sent
> 31505: debug1: waiting for SSH2_MSG_NEWKEYS
> 31505: debug1: newkeys: mode 0
> 31505: debug1: SSH2_MSG_NEWKEYS received
> 31505: debug1: done: ssh_kex2.
> 31505: debug1: send SSH2_MSG_SERVICE_REQUEST
> 31505: debug1: service_accept: ssh-userauth
> 31505: debug1: got SSH2_MSG_SERVICE_ACCEPT
> 31505: debug1: authentications that can continue: external-
> keyx,gssapi,keyboard-interactive
> 31505: debug1: next auth method to try is external-keyx
> 31505: debug1: ssh-userauth2 successful: method external-keyx
> 31505: debug1: channel 0: new [client-session]
> 31505: debug1: send channel open 0
> 31505: debug1: Entering interactive session.
> 
> I am trying to use the most recent version of OpenSSH, 4.6p1, but I
> have also tried with the 3.5p1, which the server uses, and have the
> same problem.  I have looked online for help and not been able to find
> it. ... I would appreciate any help you can give me.

Short answer: stock OpenSSH does not support external-keyx authentication.

Explanation: external-keyx is an older name for what is now called
gssapi-keyex (the modern method is also improved technically).  SSH
authentication proceeds in two phases.  First, during a part of connection
setup called the "key exchange," the client authenticates the server, to
prevent spoofing and man-in-the-middle attacks.  Later on, the server
authenticates the client, in order to grant access to resources
(e.g. allow you to login to some account).  If you use Kerberos in the
first phase, to authenticate the server, then because of the way Kerberos
works you authenticate the client as well in the same exchange.  The
gssapi-keyex client authentication methods says, "Look -- you already
authenticated me during the key exchange; just look at that and let me
in." 

Note that gssapi-keyex is not the only way to get kerberized client
authentication; it's just an optimization in case you happen to have used
Kerberos during the key exchange.  You can always just use Kerberos
directly.  This is what the gssapi-with-mic method does.  Similarly, this
method has an older version called just "gssapi", which is now deprecated
and often no longer implemented because of security problems.

OpenSSH as it comes from openssh.com supports Kerberos only for client
authentication, not server, and hence does not implement gssapi-keyex.
However, there are common derivatives of OpenSSH which do implement both.
There is a patch which adds both to OpenSSH:

http://www.sxw.org.uk/computing/patches/openssh.html

In addition, the Debian ssh-krb5 package and the OS X build of OpenSSH
both support these.  So, the ssh that is already on your OS X box would in
principle be able to use Kerberos to log into your server.  But it won't,
because your server is using the older, obsolete protocols external-keyx
and gssapi, instead of the modern versions that OS X OpenSSH supports,
gssapi-keyex and gssapi-with-mic.  The OpenSSH you built would not do a
kerberized key exchange, but would be able to use Kerberos for client
authentication -- except that it too no longer implements "gssapi" in
favor of gssapi-with-mic.

-- 
  Richard Silverman
  res@qoxp.net

0
res49 (1410)
7/4/2007 5:50:39 AM
Reply:

Similar Artilces:

Mac OS X Kerberos Extras updated for Mac OS X 10.3
-----BEGIN PGP SIGNED MESSAGE----- Just a reminder to coincide with today's release of Mac OS X 10.3 ("Panther"), the MIT Kerberos team has released an updated version of the Mac OS X Kerberos Extras that work with both Mac OS X 10.2 (Jaguar) and Mac OS X 10.3 (Panther). The Mac OS X Kerberos Extras allow CFM-based applications, such as Eudora and Fetch, to work with OS X's built-in Kerberos. Older releases of the OS X Kerberos Extras will not work with Mac OS X 10.3. You must have the latest release (which was released back in June) for it to work with Panther. However...

[ANN] Graphviz for Mac OS X 1.12 (v10) [ANN] Graphviz for Mac OS X 1.12 (v8) [ANN] Graphviz for Mac OS X 1.12 (v8)
Hi all, Yet another Graphviz version. The old application icon had been voted off the island, and brand new application and document icons flown in for the task. Comprehensive help features in this version too. http://www.pixelglow.com/graphviz/ What's new: ------------ Added new application and document icons. Added comprehensive help. Fixed changes not affecting graph size displaying incorrectly [BTr]. Fixed export then close crashing the export of an open window. Improved shadowed frame for graph [NRi]. Improved status display [NRi]. Changed sources to pure BSD license. Cheers, Gl...

[ANN] Graphviz for Mac OS X 1.13 (v13) [ANN] Graphviz for Mac OS X 1.12 (v8) [ANN] Graphviz for Mac OS X 1.12 (v8)
Dear All, I've just released the newest version of Mac Graphviz, featuring shapefile support and enhanced zoom. http://www.pixelglow.com/graphviz/ Shapefiles supported include PDF, EPS, PS, JPEG, PNG and all Quicktime formats. Either specify an absolute or relative (to working directory) file path, or a URL using the shapefile attribute. Developers can now also use the graphviz.framework directly with #include headers in C e.g. using Xcode "Add Frameworks..."; documentation is available from the main Graphviz site -- http://www.research.att.com/sw/tools/graphviz/libguide.pdf...

[ANN] Graphviz for Mac OS X 1.12 (v12) [ANN] Graphviz for Mac OS X 1.12 (v8) [ANN] Graphviz for Mac OS X 1.12 (v8)
Dear All: Them pesky bugs. A few more squashed courtesy of the sleepy pixel. http://www.pixelglow.com/graphviz/ What's new in v11 ------------ Fixed some comprehensive help [NRi]. Fixed scale option placeholder [NRi]. Improved application and document icons. Example files now double-click to open in application. What's new in v12 ------------ Added layout option tooltips [NRi]. Fixed layout popup button changing wrong graph [MKe]. Clicking on warning icon now opens Activity window [NRi, AM]. Revert menu item now disabled. Cheers, Glen Low --- pixelglow software | simply brillian...

[ANN] Graphviz for Mac OS X 1.12 (v8) [ANN] Graphviz for Mac OS X 1.12 (v8) [ANN] Graphviz for Mac OS X 1.12 (v8)
Hi all, It's been a busy week or two at Pixelglow Software. Here's a brand new version of Graphviz, all spit and polish now. You'll enjoy the integrated color and font panel support, hand cursor panning and remembered settings. And everyone's most asked for -- a single click on the Edit tool will now bring up the DOT code for you to edit, and of course when you save it the graph automatically re-renders. http://www.pixelglow.com/graphviz/download/ Here's the lowdown: Added edit, render and stop toolbar items [PCh]. Added integrated font and color fields and panels. Adde...

Mac Security: New: Mac OS X Security Configuration Guides
Come and get them! Apple and the NSA (National Security Agency) of the USA have collaborated on two Mac OS X Security Configuration Guides. They are dated 2/15/2007. One is for Mac OS X Server 10.4 Tiger and the other is for the client version of Mac OS X 10.4 Tiger. You can obtain both documents in PDF format at: <http://www.apple.com/server/documentation/> Ars Technica did a quick review of the document: Apple posts NSA-approved Tiger security configuration guides By Iljitsch van Beijnum | Published: March 20, 2007 - 02:48PM CT <http://arstechnica.com/journals/apple.ars/2...

PDF to EPS workarounds for Mac OS X Attention TeXy, TeXy peoples: PDF to EPS workarounds for Mac OS X Attention TeXy, TeXy peoples: PDF to EPS workarounds for Mac OS X Attention TeXy, TeXy
Attention TeXy, TeXy peoples: (excuse the mispronunciation; punny licence) It seems that Mac OS X has partially documented issues (http://altair.ific.uv.es/~JaxoDraw/Bugparade/bugparade.htm, http://developer.apple.com/java/faq/issues.html#anchor6) with the generation of EPS, and I'm trying to find a workaround. The Preview application cannot export to eps, but it can read it (converting it to PDF). If I use Adobe Acrobat to read the PDF generated by Preview, the EPS it generates sometimes (inconsistently) causes dvips to make an unreadable file. What I'm trying to do is the followi...

Kerberos & Mac OS X login authentication
Mr. Ling, et all, My name is Kraig Schmidt, and I am a member of the Computer Technology staff at the University of Virginia School of Architecture. In our attempt to implement improved security measures for our network, we are trying to Kerberize the login process for all of our public Mac OS X clients. Mr. Ling, I saw your note from March on the kerberos mailing list archive and I though perhaps you might have some advice for the problem we have encountered... We are using Mac OS 10.2.6, and a Windows 2000 Server for ActiveDirectory and KDC services. We have successfully implemen...

Mac OS X & Mac OS X Server
Hi, I'm currently using a 9i developer release on Mac OS X (10.3) which has proved very stable so far. My understanding of the various Oracle press releases is that 10G will be released for Mac OS X, are there any beta testers out there wiling to comment on availabilitu/quality/performance issues for 10G on Mac OS X? Another question is whether tools such as the OEM will be available in 10G for Mac OS X, does anybody know? Yours in anticipation! Steve Steve <steve@nospam.com> wrote in message news:<2004013008345616807%steve@nospamcom>... > releases is that 10G wil...

Mac OS 9.x included in Mac OS X?
Hi, I read that Mac OS X has a so-called classic mode which emulates Mac OS 9.x so that older applications can still be run. Provided one is not an upgrader from Mac OS 9.x, does Mac OS X include Mac OS 9.x required for the classic mode or does it have to be bought separately? Peter >Provided one is not an upgrader from Mac OS 9.x, does Mac OS X include >Mac OS 9.x required for the classic mode or does it have to be bought >separately? If you buy the installer for OS X it *does not* include OS 9. You generally use the copy of OS 9 that came with your computer in order to install C...

Kerberos/ssh ticket forwarding sometimes fails in Mac OS X
Hi, I can always get kerberos tickets on my Powerbook, but the tickets don't always get forwarded if I ssh to a kerberized host (i.e. I can ssh to a remote host without getting prompted for a password, but logging in from there to another remote host does prompt for a password), and the ssh loging hangs for some 10s of seconds; it tends to work directly after restarting my computer, but I haven't been able to figure out under which exact circumstances it works or doesn't work. Has anyone encountered this problem before? Is there a thread in this or another newsgroup that talks abo...

Are Mac OS X 10.5.8's iLife programs safe to use in Mac OS X 10.7.x and 10.8.x?
Hi. Someone told me that Mac OS X 10.7.x and 10.8.x do not come with iLife like the older Mac OS X versions (e.g., 10.5.x). I did not know this! Since my client uses iPhoto that came preinstalled on his old 2008 MacBook Pro's Mac OS X 10.5.x (10.5.8 right now), can he use the old one from 10.5.8? Or will he need a third party replacement (needs to import/copy the old image files) or buy a new iPhoto version for his photo(graph)s? I recalled he did not like iPhoto and wonder if the new one is any better. Thank you in advance. :) -- Quote of the Week: "Every ruler...

Your Mac won't start up in Mac OS X (Mac OS X 10.3.9 or earlier)
Your Mac won't start up in Mac OS X (Mac OS X 10.3.9 or earlier) Nothing can be more frustrating than turning on your Mac only to find that it won't start up. Instead of seeing the Finder, you see a blue or gray screen, an icon of a broken folder, a kernel panic, a flashing question mark, or a computer that just sits there. What can you do? Don't worry. It could be a simple issue that you can fix yourself. Note: This article applies to Mac OS X 10.3.9 or earlier. Tip: If your computer won't start at all, skip to "You see a blank, gray screen" below. The first step ...

You cannot install Mac OS X on this volume. Mac OS X cannot start up from this volume.
Hi Group, Decided to reinstall OSX today on my MAC Book. _ Boy was this a mistake_ I booted off the DVD and changed the partition setup to two instead of one using the disk utility program. Selected MAC OSX Extended Journaled for both paritions. Now in the installer when I come to select the drive to install on I get the message "You cannot install Mac OS X on this volume. Mac OS X cannot start up from this volume." There is a red explaination mark on the drive. I have reboot, reformatted the drive back one parition using the disk util program and I still have the same proble...

Mac Security: Mac OS X mDNSResponder Vulnerability
The SANS Institute has noted the discovery of a 'MODERATE' vulnerability in Mac OS X 10.4.x. Thankfully they restrained themselves from their usual inane editorial commentary. The announcement was in last night's '@ RISK: The Consensus Security Vulnerability Alert Volume 6 Number 30. You can join this newsletter at the SANS Institute site: <http://www.sans.org/> The two summaries of this problem provided in the newsletter are posted below. > MODERATE: Apple Mac OS X Unconfirmed Remote Code Execution > Affected: > Apple Mac OS X versions 10.4.10 and prior...

Mac OS X 1.0 x86 and Mac OS X 10.4 x86
I wonder of OS X on Intel runs binaries made for Mac OS X Server 1.0 or earlier x86 versions of NEXTSTEP... There should be some interesting error messages to find. I'll try it out with OmniWeb 3 one day... -- Andrew J. Brehm Marx Brothers Fan PowerPC/Macintosh User Supporter of Chicken Sandwiches In article <1gxrpng.qcld42zk38uoN%ajbrehm@gmail.com>, ajbrehm@gmail.com (Andrew J. Brehm) wrote: > I wonder of OS X on Intel runs binaries made for Mac OS X Server 1.0 or > earlier x86 versions of NEXTSTEP... > > There should be some interesting error messages to find. &...

FS: Mac OS X v10.2 and Mac OS X v10.3 (Panther)
clearing up my storeroom. we have moved to tiger. OS10.2 are the original two cds from apple OS10.3 (Panther) are the original three cds from apple. prices: best offer -- getting out of bed in the morning is an act of false confidence - jules feifer to email me, delete syzygy. from my return address ...

Security Expert: Windows 7 Is More Secure Than Mac OS X
http://www.winsupersite.com/article/paul-thurrotts-wininfo/security-expert-windows-7-secure-mac-os-140118 -- MFB On 8/10/11 8:09 AM, Flint wrote: > http://www.winsupersite.com/article/paul-thurrotts-wininfo/security-expert-windows-7-secure-mac-os-140118 Figures you would link to a Windoze advocacy site. In article <j1tvug$m57$1@dont-email.me>, Flint <agent1@section31.org> wrote: > http://www.winsupersite.com/article/paul-thurrotts-wininfo/security-expert-win > dows-7-secure-mac-os-140118 Riiiiiight. Because someone who runs something called, "Paul Thurrott's Supersite for Windows" is your best source for unbiased reporting on Windows vs. Mac OS X... Interesting that he provides no link to his source, isn't it? -- "The iPhone doesn't have a speaker phone" -- "I checked very carefully" -- "I checked Apple's web pages" -- Edwin on the iPhone "It is Mac OS X, not BSD.' -- 'From Mac OS to BSD Unix." -- "It's BSD Unix with Apple's APIs and GUI on top of it' -- 'nothing but BSD Unix' (Edwin on Mac OS X) '[The IBM PC] could boot multiple OS, such as DOS, C/PM, GEM, etc.' -- 'I claimed nothing about GEM other than it was available software for the IBM PC. (Edwin on GEM) 'Solaris is just a marketing rename of Sun OS.' -- 'Sun OS is not included on the timeline of Solaris because it's a ...

Mac Security: Firmware Updates In Mac OS X 10.4.6
Apple have released two articles regarding an update to the firmware in BOTH EFI using Macs (Macintels) AND OpenFirmware using Macs (PPCs). These firmware updates are part of the Mac OS X 10.4.6 update. They result in the following: - EFI Macs will boot a second time after the 10.4.6 update is installed. - OF Macs will boot a second AND third time after the 10.4.5 update is installed. So, when you get these extra reboots, don't worry. You are not on Windows. These are just firmware updates. Why the updates? To provide better security when using firmware passwords. Here are the t...

Mac os 9 Vs. Mac os X
I am porting some windows software to mac os 9. My client has only mac os 9. I would like to use the URLAccessLib for my development. I find no documentation of it on Apple websites as if mac os 9 has fallen off the earth for them. The apple site says One can develop on mac os x and it is backward compatible. What does this mean ? When I install my code on mac os 9 will I need all the mac os x libraries ? can someone throw somelight ? Thanks >The apple site says One can develop on mac os x and it is backward >compatible. What does this mean ? When I install my code on mac os 9 >wi...

Mac OS X Kerberos
Is there anywhere a guide how to work with the Mac GSS Framework ? There are many functions marked as deprecated, but I could not find any instruction how to replace them. Example: error: 'krb5_init_context' is deprecated: use GSS.framework [-Werror,-Wdeprecated-declarations] code = krb5_init_context(&kcontext); ^ Thank you markus ...

security of Mac OS X
Can a user buy a Mac OS X, plug it into a broadband connection, and expect it to be secure, without buying any third-party software? A Windows user cannot currently do this, and I am considering the purchase of a Mac for this reason. > Can a user buy a Mac OS X, plug it into a broadband connection, and > expect it to be secure, without buying any third-party software? A > Windows user cannot currently do this, and I am considering the > purchase of a Mac for this reason. Yes, it's very secure as long as you do the following: turn on the built-in firewall turn off file/print s...

Mac os 9 Vs. Mac os X
I am porting some windows software to mac os 9. My client has only mac os 9. I would like to use the URLAccessLib for my development. I find no documentation of it on Apple websites as if mac os 9 has fallen off the earth for them. The apple site says One can develop on mac os x and it is backward compatible. What does this mean ? When I install my code on mac os 9 will I need all the mac os x libraries ? can someone throw somelight ? Thanks On 21 Nov 2003, dharmesh wrote: > I am porting some windows software to mac os 9. My client has only mac > os 9. I would like to use the URLAccessLib for my development. I find > no documentation of it on Apple websites as if mac os 9 has fallen off > the earth for them. Mac OS 8/9 documentation is at http://developer.apple.com/documentation/macos8/mac8.html (it's in the legacy documentation section) > > The apple site says One can develop on mac os x and it is backward > compatible. What does this mean ? When I install my code on mac os 9 > will I need all the mac os x libraries ? If your application is carbonised (ie you link against CarbonLib instead of InterfaceLib & co) then the same binary will run on OS X and OS 9 Fred I was trying to reference the CarbonLib from visual basic...I was succesful with Interacelib but couldn't access CarbonLib. I dont understand why. The system seems to have CarbonLib 1.4. Thanks for the reply Frederick Cheung <f...

Mac OS X fonts in Mac OS 9
Dear all, Is it possible to use MacOS X fonts in the classic environment? What's the procedure if it is ... Cheers! In article <3bef037b.0411010152.7625d932@posting.google.com>, davidol@hushmail.com (David) wrote: > Is it possible to use MacOS X fonts in the classic environment? > What's the procedure if it is ... No problem: a) TrueType fonts (.ttf - the vast majority) can simply be *moved* to the fonts folder in your Classic system folder. b) OpenType fonts (.otf) can be placed there as well but require Adobe Type Manager Light to work: <http://www.adobe....

Web resources about - Kerberos, external-keyx authentication, Mac OS X - comp.security.ssh

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

Authentication - Facebook-Entwickler
Please note: On October 3, 2012, the offline_access permission will be removed. If you are building...

Facebook Adds Two Factor Authentication for Login and Redesigns Family Safety Center
... announced the release of several new tools to help users stay safe while using the site. Soon, users will be able to enable two factor authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


YouTube - How To Hack Twitter's New Two Factor Authentication
Veröffentlicht am 23.05.2013 Connect! http://toopher.com http://facebook.com/toopherinc http://twitter.com/toopher CEO Josh Alexander wants ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

Hands on: Twitter two-factor authentication
Optus and Vodafone customers need not apply when it comes to Twitter's two-factor authentication.

Resources last updated: 3/7/2016 9:05:29 PM