Search Results

Search found 3673 results on 147 pages for 'pop3 ssl'.

Page 115/147 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122 | Next Page >

Puppet claims to be unable to resolve domains even if domain properly resolves

- by gparent

I have a fairly simple puppet setup, one master and one node, both running Debian Squeeze 6.0.4. I have DNS entries for the two machines, client and master respectively. Both client and master's DNS entries resolve correctly on both machines to the right IPs. On my client, I have this configuration: [main] server = master.example.org logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true templatedir=/var/lib/puppet/templates Key exchange seems to fail, according to this messages in /var/log/syslog: localhost puppet-agent[11364]: Could not request certificate: getaddrinfo: Name or service not known Why is resolution not working only for puppet?

Read the article
Protocol Security With PPTP

- by why

I find these words in pptp client source : Summary by Peter Mueller PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead. (Posted on [1]2005-08-10 to the [2]mailing list) But as far as i know, there are many people use PPTP as a VPN, because there is no need to install client on windows, what do you think about pptp ?

Read the article
Wine not finding some files

- by Levans

I'm having strange issues with Wine : If I look a C:\windows\system32\drivers\ in wine explorer, the directory looks empty, while the directory ~/.wine/drive_c/windows/system32/drivers is not. Plus, having the H: drive mapped to my home directory, I can look at H:\.wine\drive_c\windows\system32\drivers and it is not empty, the files are here ! Thus it seems Wine has the rights to access these files. So why don't they appear on the C: drive ? Some of my programs need them. I'm using Gentoo Linux, and Wine is version 1.7.0 compiled with these useflags (from eix) : X alsa cups fontconfig gecko jpeg lcms ldap mono mp3 ncurses nls openal opengl perl png prelink run-exes ssl threads truetype udisks xcomposite xinerama xml -capi -custom-cflags -dos -gphoto2 -gsm -gstreamer -odbc -opencl -osmesa -oss -pulseaudio -samba -scanner -selinux -test -v4l ABI_MIPS="-n32 -n64 -o32" ABI_X86="32 64 -x32" ELIBC="glibc" EDIT: I just updated to wine 1.7.4 and nothing changed.

Read the article
Nginx server_name is set to mydomain.com, so why is www.mydomain.com getting served too?

- by Lorenz Forvang

I have my Nginx conf set up as follows: server { listen 443 ssl; server_name mydomain.com; ... } When I load https://mydomain.com, the site loads fine. But when I load https://www.mydomain.com, the site loads as well. Why is this happening? I set up the DNS records using Amazon Route 53 as: A mydomain.com xxx.xxx.xxx.xxx (IP) CNAME www.mydomain.com mydomain.com So is a request to www.mydomain.com arriving at Nginx as a request to mydomain.com? If so, how do I differentiate requests to www.mydomain.com and mydomain.com at my server?

Read the article
Escape a ! in the password parameter of wget

- by Dave

I'm trying to execute something like this: wget --user=foo --password=bar! url The ! in the password is causing problems. I've tried escaping it with \, as in --password=bar\! I've tried encapsulating in single and double quotes. I put the password in a separate file and tried --password=cat pass.txt Each time, I get a 403 Forbidden. Using -d, I see that the SSL handshake is successful. On the Windows command line, the command works. My assumption is that I need to escape the ! differently, but I don't know how else.

Read the article
Where to obtain openssl-devel for SunOS 5.10

- by user35949

So I am having an issue that I have seen other people have on many different systems. I have to build Subversion on a SunOS 5.10 box and have run into issues. I have the openssl source code installed and in the subversion-1.6.9 folder, I run the following: ./configure --with-ssl --with-libs=/opt/exp/lib/openssl/lib and receive the error: checking for library containing RSA_new... not found configure: error: could not find library containing RSA_new configure failed for neon I have also tried running the command without the "lib" on the end of the --with-libs path. I read online that I need the openssl-devel packages, but I have been unable to find them for SunOS 5.10, and they do not show up already installed on my system when running pkginfo. I have looked online including http://www.sunfreeware.com/ which I was told was a good SunOS software source. Any help you can provide would be welcomed. Thanks, Sean

Read the article
Get Jira to run on shared Windows server on port 80

- by codeulike

I know this can be done on Linux with JIRA, using mod_proxy, but I'm not sure if its possible on Windows: Say we have a Windows server running IIS 7.0 and serving up pages on port 80, via an address like: http://twiddle.something.com We then install JIRA on the server, it uses its bundles Apache web server to serve stuff up on port 8080, like this: http://twiddle.something.com:8080 Is there a way to configure IIS and Apache so that JIRA runs off a port 80 folder, as in: http://twiddle.something.com still hits IIS http://twiddle.something.com/Jira hits JIRA on Apache? Thanks edit: I guess we might also want to throw SSL into the mix for JIRA too....

Read the article
Is it possible to use a static IP assigned by my ISP for an offsite web server on a VPS (different ISP)?

- by NightOwl888

I have a web server on a Virtual Private Server with a hosting provider. Unfortunately, they are really stingy with IP addresses and I need to run several SSL certificates on my server, so I will need a few more than I have. I have a block of 5 static IP addresses on a business package through a different ISP and I am only using 1 of them for connectivity in the office. What I am wondering is if it is possible to use the 4 unused static IP addresses from this ISP on my VPS, which is hosted by another ISP? The VPS (web server) is running Windows Server 2008 R2 Web Edition. If this can be done, please let me know how to configure it.

Read the article
PHP does not allow https connections

- by FunkyChicken

Hey guys im running PHP 5.4.0 and I cannot cURL nor files_get_content() https connections. Using curl in a PHP script shows: [root@ns1]# /opt/php/bin/php -q test.php * About to connect() to www.google.com port 443 * Trying 74.125.225.210... * connected * Connected to www.google.com (74.125.225.210) port 443 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Segmentation fault Using file_get_contents() shows: Warning: file_get_contents(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in /test.php OpenSSL and OpenSSL-devel are installed, and PHP is also configured with cURL support for SSL connections. See: http://i.imgur.com/ExAIf.png Any idea what might be going wrong? Further info: CentOS 5.8(64) with Nginx 1.2.4

Read the article
vsftpd with pam_winbind.so

- by David

I'm trying to setup vsftpd to use logins from our domain. I want the ftp users to be able to login using their active directory username/password and have be able to have full access to /media/storage/ftp/username. I setup pptp using winbind and it is working fine, so I belive the issue is with vsftpd and pam. The ftp server runs and gives 530 for the login. I turned on debug for the pam module, but I see nothing in the syslog. Vsftp only logs a wrong login in its log. /etc/pam.d/vsftpd auth required pam_winbind.so debug /etc/vsftpd.conf listen=YES listen_ipv6=NO connect_from_port_20=YES anonymous_enable=NO local_enable=YES write_enable=YES xferlog_enable=YES idle_session_timeout=600 data_connection_timeout=120 nopriv_user=ftp ftpd_banner=Welcome to Scantiva! Authorized access only! local_umask=022 local_root=/media/storage/ftp/$USER user_sub_token=$USER chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd guest_enable=YES guest_username=ftp ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES rsa_cert_file=/etc/ssl/private/vsftpd.pem

Read the article
How to limit access to Exchange 2003 Mobile Activesync server by user?

- by micilin

So I was asked to set up an Exchange Activesync mobile gateway. That's done. It's a separat eExchange 2003 front-end server configured for SSL, and I've put an off-domain ISA server in front of it. Now I'm being asked to limit which users can connect to it. By default an Exchange front-end server allows any user who has a mail account to connect to the front -end server. So I'm looking at the permissions on the various IIS sites/apps on the server, but I know that it's easy to break Exchange Front-end server perms. So I've got the following in IIS: Exadmin Exchange EchWeb Microsoft-SErver-ActiveSync MobileAdmin OMA And a couple of others that I dont think are relevant. Can I change the permissions on one of these to restrict who can connect to Activesync? As a bonus: Can I do it in a way that does not affect ordinary browser based Exchange Access? Thanks in Advance!!

Read the article
ASP.NET directories blocked from VisualSVN Server behind reverse proxy in IIS 6

- by user143344

I’ve got VisualSVN Server running behind a reverse proxy in IIS 6, Windows Server 2003. This isn’t ideal, but for the main web app on the server I’ve only got one IP address and SSL certificate available. Everything works except for when trying to commit to or browse the default ASP.NET directories (App_Browsers, App_Code, App_Data). SVN commits fail for these directories – which I believe is because IIS will never serve them by default. The reverse proxy uses a virtual directory in IIS – is there a change I can make in the web.config for this virtual directory to get around the issue?

Read the article
Debian: SSH: "PermitRootLogin=forced-commands-only" stopped working

- by Brent

I have several servers running Debian Lenny. Just recently I discovered the PermitRootLogin=forced-commands-only directive for ssh, which allows me to run a scripted rsync as root with an ssl key, without enabling more generalized root ssh access. However, last week this stopped working - it appears on all of my servers - and I can't figure out why. Everything continues to work fine with PermitRootLogin=yes, but I would prefer to block root logins - especially via passwords. The day it stopped working, we reconfigured some of the ports on one of our switches (which we later reverted), but I can't see that affecting this, since it still works with PermitRootLogin set to yes. How can I diagnose why the forced-commands-only directive has apparently stopped working?

Read the article
Internal Outlook clients prompted for OWA login when only accessing local internal Exchange server?

- by TallGuy

Hope someone can help with this one. Scenario is an internal Exchange 2003 server. OWA front end server in the DMZ. OWA logins work fine, with SSL configured. Over the last week (3 times so far) when an internal person opens their Outlook and then tries to open an email with JPG attachments they are prompted for the webmail login. Why? Even if they enter their valid webmail OWA login it fails and reprompts once for each attachment. Once they get through the multiple login prompts, they can double-click to open the attachments, but they are all blank. Any ideas on what could cause this? Why would someone accessing an email from an internal Outlook client get prompted for details of the OWA/webmail server login?

Read the article
Password Self-serve Active Directory via LAMP environment

- by keithosu

I would like to be able to change active directory passwords via a Linux/Apache based webpage. This would be a self serve web page for the user. I have SSL-LDAP setup on the Active Directory to make this happen. Is there any project or code out there that will do this? I've looked at this phpadadmin and I cannot get it to work. I think this is for IIS/php/mySQL Another thing to note is I would like the user to authenticate to change their own password. The product/service should not need a privileged account to run. Thanks Keith

Read the article
Can I optimize this mod_wsgi / apache file better?

- by tomwolber

I am new to Django/Python/ mod_wsgi, and I was wondering if I could optimize this file to reduce memory usage: ServerRoot "/home/<foo>/webapps/django_wsgi/apache2" LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule wsgi_module modules/mod_wsgi.so LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog /home/<foo>/logs/user/access_django_wsgi.log combined ErrorLog /home/<foo>/logs/user/error_django_wsgi.log KeepAlive Off Listen 12345 MaxSpareThreads 3 MinSpareThreads 1 MaxClients 5 MaxRequestsPerChild 300 ServerLimit 4 HostnameLookups Off SetEnvIf X-Forwarded-SSL on HTTPS=1 ThreadsPerChild 5 WSGIDaemonProcess django_wsgi processes=5 python-path=/home/<foo>/webapps/django_wsgi:/home/<foo>/webapps/django_wsgi/lib/python2.6 threads=1 WSGIPythonPath /home/<foo>/webapps/django_wsgi:/home/<foo>/webapps/django_wsgi/lib/python2.6 WSGIScriptAlias /auctions /home/<foo>/webapps/django_wsgi/auctions.wsgi WSGIScriptAlias /achievers /home/<foo>/webapps/django_wsgi/achievers.wsgi

Read the article
Tools to manage large network of heterogeneous web applications?

- by Andrew

I recently started a new job where I've been tasked with managing a global network of heterogenous web applications. There's very little documentation. My first order of business is to create an inventory of all of the web applications. Are there any tools out there to manage a large group of web apps? I'd like to collect a large dataset for each website including: logins for web based control panels logins to FTP/ssh accounts Google analytics tracking code for each site 3rd party libraries used SSL certs, issuers, and expiration dates etc I know I could keep the information in Excel or build a custom database, but I'm hoping there's already a tool out there to help me with this.

Read the article
Postfix configuration w.r.t. port 25

- by Monkey Boson

After a considerable amount of research, I have configured my postfix server to use dovecot to accept SMTPS connections over port 465 and everything works swimmingly. Unfortunately, I forgot that, unless I listen to port 25, I'm not going to receive any e-mail from the net. I'm hoping somebody knows off the top of their head how to open up port 25 on Postfix for anonymous users, but disallow relaying and any other bad things on that port. And to leave the port 465 the way it is. As to my current configuration, I changed the master.cf file: smtps inet n - n - - smtpd and the main.cf file: # Use our SSL certificates smtpd_tls_cert_file = .....cer smtpd_tls_key_file = .....key smtpd_tls_security_level = may # Use Dovecot for SASL authentication smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination Any help is appreciated!

Read the article
Forcing exact hostname match in IIS

- by iis_newbie

I am looking how to force an exact hostname match within IIS when using https. For instance, I want "https://works.mysite.com/resource" to be ok, but "https://noworks.mysite.com/resource" to return 404 (assuming they both resolve to the same IP). IIUC, the default behavior of IIS when going to "https://noworks.mysite.com/resource" is to get a cert warning, if the user presses continue, the user is able to access the URL. I was able to do this by generating a *.mysite.com SSL cert, and then specify the hostname within the bindings in IIS, but without the * in the beginning, the hostname field is disabled and blank. Am I missing something simple here?

Read the article
Mail being sent as root on Ubuntu 14.04

- by Benjamin Allison

I'm really struggling with this. I'm trying to set up this server to send mail using Gmail's SMTP. Google keeps bouncing the messages, saying that that Authentication is required: smtp.gmail.com[74.125.196.109]:25: 530-5.5.1 Authentication Required. Learn more at smtp.gmail.com[74.125.196.109]:25: 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257 But it seems my server is trying to send mail as [email protected]. I'm baffled. Here's what I've done so far: Updated mail.cf relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_use_tls = yes Created /etc/postfix/sasl_passwd: [smtp.gmail.com]:587 [email protected]:password Then did the following: sudo chmod 400 /etc/postfix/sasl_passwd sudo postmap /etc/postfix/sasl_passwd cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem service postfix restart I can't for the life me get a mail message to send, or change the default mail user from [email protected] to [email protected] (FWIW, I'm using Google Apps, that's why it's not a .gmail address).

Read the article
How to suppress "Not collecting exported resources without storeconfigs"?

- by Andy Shinn

I'm getting the following in my Puppet master syslog over and over: Sep 27 11:52:05 puppet1 puppet-master: Not collecting exported resources without storeconfigs Sep 27 11:52:06 puppet1 puppet-master: Not collecting exported resources without storeconfigs Sep 27 11:52:06 puppet1 puppet-master: Not collecting exported resources without storeconfigs I'm not actually using storeconfigs: [ashinn@puppet1 ~]$ cat /etc/puppet/puppet.conf [agent] server = puppet.mydomain.com environment = production report = true [main] logdir = /var/log/puppet vardir = /var/lib/puppet ssldir = /var/lib/puppet/ssl rundir = /var/run/puppet factpath = $vardir/lib/facter pluginsync = true certname = puppet1.mydomain.com [master] modulepath = $confdir/environments/$environment/modules manifest = $confdir/environments/$environment/manifests/site.pp templatedir = $confdir/templates autosign = $confdir/autosign.conf ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY report = true reports = hipchat Any way I can suppress these messages? What do they actually come from?

Read the article
How secure is using "Normal password" for SMTP with connection type = STARTTLS?

- by harshath.jr

I'm using an email client for the first time - for the most part I've always used gmail via the web interface. Now I'm setting up thunderbird to connect to an email server of my own (on my own server, own domain name, etc). The server machine (and the email server on it) was preconfigured for me. Now i figured out away by which I'm able to send and receive email, but I noticed that in the outgoing and incoming servers section, the connection type was STARTTLS (and not SSL/TLS), and the Authentication Type was "Normal Password". Does this mean that the password will be sent across in plain text? I'm very paranoid about security - its the only way that it works for me. Can someone please post links that explain how SMTP (my outbound server) and IMAP (my inbound server) servers work, and what connection type means what? Thanks! PS: If this question does not belong here, please redirect me.

Read the article
Installing php(suexec) for Apache

- by John

I've got Apache installed and running but how do i install and run PHP as fastcgi so it runs as its own user? here is my apache config: ./configure --prefix=/usr/local/apache2 --enable-rewrite=shared --enable-so --enable-suexec --disable-asis --disable-autoindex --enable-cache --enable-deflate --enable-disk-cache --enable-expires --enable-file-cache --enable-mem-cache --enable-ssl --enable-vhost-alias --with-mpm=prefork --with-port=8080 here is my php config: ./configure prefix=/usr/local/php --without-pear --enable-safe-mode --enable-magic-quotes --with-apxs2=/usr/local/apache2/bin/apxs --disable-cli --disable-cgi --enable-force-cgi-redirect --enable-fastcgi --with-mysql --with-gd --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib --enable-calendar --with-curl --enable-mbstring --with-mcrypt

Read the article
Logging the client IP with Nginx/Varnish/Apache

- by jetboy

I have Nginx listening on port 443 as an SSL terminator, and proxying unencrypted traffic to Varnish on the same server. Varnish 3 is handling this traffic, and traffic coming in directly on port 80. All traffic is passed, unencrypted, to Apache instances on other servers in the cluster. The Apache instances use mod_rpaf to replace the logged client IP with the contents of the X-Forwarded-For header. My problem is that if the traffic is coming via Nginx, while the 'correct' client IP is getting logged in the VarnishNCSA logs, it looks as if Varnish is (understandably) replacing Nginx's X-Forwarded-For header with 127.0.0.1 downstream, and this is getting logged with Apache. Is there a nice simple way to stop Varnish rewriting X-Forwarded-For if it's already populated?

Read the article
No remote access to PostgreSQL db

- by gattol

i'm stuck in connecting to a PostresSQL database from remote host. The server is accepting incoming connections on port 5432 and i've configured pg_hba.conf like this: local all all md5 host all all 0.0.0.0/0 md5 and the postgresql.conf like this: listen_addresses = '*' port = 5432 max_connections = 100 I don't have any problem accessing from local but when i try to connect via psql with something like this: psql -U myuser -h hostname db_name I get this error: psql: FATAL: no pg_hba.conf entry for host "87.zz.yy.xxx", user "myuser", database "db_name", SSL off I also tried to put the host 87.zz.yy.xxx in the pg_hba.conf file without success.

Read the article

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122 | Next Page >