summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Correct style.obrien2012-08-221-1/+1
|
* * Reinstate r128059's consumption of our best entropy first.obrien2012-08-221-8/+13
| | | | | | | | | r128060 for "hardware-supplied entropy" reversed this without reason, seems a typo. * Isolate "better than nothing" implementation to a function. Submitted by: obrien & Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks
* The entire comment block is now spell checked this time -- I promise.obrien2012-08-221-2/+2
|
* Allow - be used in the name of a provider. Without this change it's notdelphij2012-08-222-2/+2
| | | | possible to specify a gptid in geli_devices.
* Fix comment misspelling.obrien2012-08-221-1/+1
| | | | Submitted by: kargl
* Depend on the new 'postrandom' instead of random.obrien2012-08-221-1/+1
| | | | | We need to limit the amount of time between consuming the entropy seeds and removing it in case of a kernel panic.
* Remove old entropy seeding after consumption initializing /dev/random PRNG.obrien2012-08-222-1/+45
| | | | | | | Not doing so opens us up to replay attacks. Submitted by: Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks
* Add dependencies based on security(7).obrien2012-08-221-0/+1
|
* As of r232844 we no longer need the maxpoll 9 workaround.delphij2012-08-201-8/+7
| | | | MFC after: 3 days
* Upgrade our copy of llvm/clang to trunk r162107. With thanks todim2012-08-201-1/+1
| | | | Benjamin Kramer and Joerg Sonnenberger for their input and fixes.
* - Allow to pass extra parameters for each jails.kuriyama2012-08-192-5/+20
| | | | | | | - To achieve above, convert jail(8) invocation to use new style command line "-c" flag. Reviewed at: freebsd-jail@
* Regenerate usb.confhselasky2012-08-051-13/+269
| | | | MFC after: 2 weeks
* Revert SVN r238628 (mistake).dteske2012-07-191-1/+1
|
* Fix syntax errors (s/:=/:-/).dteske2012-07-192-2/+2
| | | | | | Reviewed by: emaste (mentor) Approved by: emaste (mentor) MFC after: 3 days
* Allow to specify no source-address-selection policyemax2012-07-191-0/+3
| | | | MFC after: 1 week
* Add share/examples/libusb20 to the list of directories.joerg2012-07-191-0/+2
|
* Move -n ${_jail} before ${_flags} so that any -n options in ${_flags}des2012-07-181-1/+1
| | | | will override ours instead of the other way around.
* MFP4 214344:brooks2012-07-131-1/+1
| | | | | | | Tighten the regular expression that checks for an md /tmp such that no /tmp mount and an md / isn't improperly matched. Sponsored by: DARPA/AFRL
* Whitespace nitkevlo2012-07-1312-16/+16
|
* Fix a missing ";".hrs2012-07-091-1/+1
|
* - Add IFT_L2VLAN (vlan(4)) support.hrs2012-07-091-1/+2
| | | | | | - Add -P option to support PID file. When -a is specified /var/run/rarpd.pid is used, and when an interface is specified /var/run/rarpd.<ifname>.pid is used by default.
* Make ipfw0 logging pseudo-interface clonable. It can be created automaticallyhrs2012-07-092-0/+5
| | | | | | | by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8) after a boot. Discussed on: freebsd-ipfw@
* Name jails automatically.des2012-07-041-1/+1
| | | | MFC after: 1 week
* Revert r238004 as more review has come in and there is now a discussionsbruno2012-07-021-1/+1
| | | | on how to best proceed.
* Cosmetic display change of Cx states via cx_supported sysctl entries.sbruno2012-07-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adjust power_profile script to handle the new world order as well. Some vendors are opting out of a C2 state and only defining C1 & C3. This leads the acpi_cpu display to indicate that the machine supports C1 & C2 which is caused by the (mis)use of the index of the cx_state array as the ACPI_STATE_CX value. e.g. the code was pretending that cx_state[i] would always convert to i by subtracting 1. cx_state[2] == ACPI_STATE_C3 cx_state[1] == ACPI_STATE_C2 cx_state[0] == ACPI_STATE_C1 however, on certain machines this would lead to cx_state[1] == ACPI_STATE_C3 cx_state[0] == ACPI_STATE_C1 This didn't break anything but led to a display of: * dev.cpu.0.cx_supported: C1/1 C2/96 Instead of * dev.cpu.0.cx_supported: C1/1 C3/96 MFC after: 2 weeks
* Similar to all.log, mention that /var/log/console.log has to be created and ↵brueffer2012-07-011-0/+1
| | | | | | | | | | chmod'ed to make logging work. PR: 168889 Submitted by: Robert Simmons <rsimmons0@gmail.com> MFC after: 1 week
* Only output a list of file systems that need to be dumped if the systemjhb2012-06-201-5/+8
| | | | | | | has a non-empty dumpdates file. Reviewed by: brooks MFC after: 1 week
* Install filemon.h into /usr/include for userland consumption.obrien2012-06-201-0/+2
|
* Passive mode is the default, and has been for a while.des2012-06-191-1/+1
| | | | MFC after: 1 week
* Switch the default password hash from md5 to sha512.des2012-06-191-1/+1
| | | | MFC after: 1 week
* Finally nuke auth.conf, nine years after it was deprecated. The onlydes2012-06-122-10/+1
| | | | | | | | | | | | | | | | | | thing it was still used for was to set the "global default" password hash. Since the stock auth.conf contained nothing but comments, the global default was actually the first algorithm in crypt(3)'s list, which happens to be DES; I take the fact that nobody noticed as proof that it was not used outside of crypt(3). The only other use in our tree was in the Kerberos support code in in tinyware's passwd(1). I removed that code in an earlier commit; it would not have compiled anyway, as it only supported Kerberos IV. The auth_getval() function is now a stub that always returns NULL, which has the same effect as a functional auth_getval() with an empty auth.conf. MFC after: 3 weeks
* Don't attempt to delete .sujournal in /tmpeadler2012-05-301-0/+1
| | | | | | | PR: conf/163828 Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> Approved by: cperciva MFC after: 1 week
* - FreeBSD ships a KDE PAM module in base, but it's missing support for ↵miwi2012-05-302-20/+0
| | | | | | | | | | | passwordless login (kde-np), and it doesn't really belong in base system. PR: misc/167261 Submitted by: avilla@ Approved by: rwatson (mentor) MFC after: 3 days
* Regenerate usb.confhselasky2012-05-211-5/+13
| | | | MFC after: 3 days
* Add support for our own DTrace scripts and those from the DTraceToolkitgnn2012-05-181-0/+4
| | | | | | | | to the build system. FreeBSD written scripts are stored in src/share and the toolkit scripts are brought from the cddl directory into a working tree via install. MFC after: 2 weeks
* Import work done under project/nand (@235533) into head.gber2012-05-171-0/+4
| | | | | | | | | | | | | | The NAND Flash environment consists of several distinct components: - NAND framework (drivers harness for NAND controllers and NAND chips) - NAND simulator (NANDsim) - NAND file system (NAND FS) - Companion tools and utilities - Documentation (manual pages) This work is still experimental. Please use with caution. Obtained from: Semihalf Supported by: FreeBSD Foundation, Juniper Networks
* Submitted by: gavin, pjdeadler2012-05-091-2/+2
| | | | | Approved by: cperciva MFC after: 3 days
* Display dropped transmit packets in the daily network interface output.jhb2012-05-071-2/+2
| | | | | | PR: conf/165956 Submitted by: Jeremy Chadwick MFC after: 1 week
* - Change kfd rc script to be more conformant with rcNG conventions:stas2012-05-062-9/+7
| | | | | | | | | | o change rcname to kfd; o move mandatory options to command_args; o add missing "shutdown" keyword; o fix require line. Kfd doesn't really need to be started before daemons. Suggested by: dougb
* - Don't log messages saying that accounting is being disabled and enabledjhb2012-05-021-3/+1
| | | | | | | | | | if the accounting log file is atomically replaced with a new file (such as during log rotation). - Simplify accounting log rotation a bit. There is no need to re-run accton(8) after renaming the new log file to it's real name. PR: kern/167321 Tested by: Jeremy Chadwick
* Upgrade our copy of llvm/clang to trunk r154661, in preparation of thedim2012-04-161-1/+1
| | | | | | | upcoming 3.1 release (expected in a few weeks). Preliminary release notes can be found at: <http://llvm.org/docs/ReleaseNotes.html> MFC after: 2 weeks
* - remove the length shortening on the patheadler2012-04-111-6/+5
| | | | | | | | | | - make the default prompt a bit more like scp - make the user show as root even when using 'su' instead of 'su -' - the key bindings didn't hurt anything but likely hide a bug - merge history instead of overwriting it Submitted by: gavin, joel Approved by: cperciva
* - Add rc.d script for kfd, kerberos forwarded tickets daemon.stas2012-04-103-0/+22
|
* Add MySQL port 3306ivoras2012-03-261-0/+2
| | | | | Obtained from: http://www.iana.org/assignments/port-numbers MFC after: 1 week
* Fix build by adding new directory to mtree in r233429eadler2012-03-241-0/+2
| | | | | | Submitted by: flo Approved by: cperciva MFC after: 1 week
* - Make the default values for tcsh more user friendlyeadler2012-03-241-6/+18
| | | | | | | | | - Add an examples file with many of the not accepted suggestions from the discussion PR: conf/160689 Reviewed by: many Discussed on: current Approved by: cperciva
* Clean up of fs/fifofs include directory after fifo.h removal.pluknet2012-03-231-2/+0
| | | | Glanced by: kib
* - Update FreeBSD Heimdal distribution to version 1.5.1. This also bringsstas2012-03-221-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service. We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509. - The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5. - Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf. - libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next. - Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well. - This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
| * - Import Heimdal 1.5 distribution.stas2011-10-054-49/+140
| |
| * - Flatten the vendor heimdal tree.stas2011-09-293-0/+692
|
OpenPOWER on IntegriCloud