FreeBSD Sudo Upgrade Gone Wrong, Password No longer working with Sudo 1.7.2p2 / 1.7.2p3, Sudo Broken

Posted by Benjamin Close on April 14, 2010 under FreeBSD | Be the First to Comment

Recently a port audit security advisor was released that indicated an exploit with sudoedit of the security/sudo FreeBSD port. At the time I was running sudo 1.6.9 and being a responsible system administrator, I decided to upgrade sudo to the latest revision of the port (1.7.2p2 at the time). The upgrade went very smoothly, with [..more..]

Removing .htaccess Authentication Restrictions

Posted by Benjamin Close on November 8, 2008 under Computers, OpenSource | Read the First Comment

Removing .htaccess Authentication Restrictions Have you ever found yourself needing to remove authentication from part of a website? This actually happens fairly regularly. The way you do it is as follows: .htaccess AuthType none Satisfy Any The AuthType none directive indicates apache should not prompt for a password, whilst the Satisfy Any directive tells apache [..more..]

OPIE – One Time Keys

Posted by Benjamin Close on under Other | Read the First Comment

Using External SSH access with normal password authentication is dangerous. It is susceptible to the following problems: People can use weak passwords which are easy to hack A remote machine may have a key logger on it Someone may be performing a man-in-the-middle type attack Hence if you wish to access a shell account or [..more..]