You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
(2) |
Dec
(3) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(8) |
2004 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(12) |
Nov
|
Dec
|
2007 |
Jan
|
Feb
|
Mar
|
Apr
(10) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Eugene S. <se...@in...> - 2001-12-27 19:59:05
|
Manuel Hesse writes: > Hi, > > I just started playing with shibboleth and got a lot of error messages, mostly caused > by wrong file permissions. To check permissions there is shibboleth-check.pl. Run it with that user you run shibboleth in usual mode and it will complain about all wrong permissions. > Now I'm stuck with this: > > when I send a join, leave or add-new-user command I get the following message (in > Subject) and the members file has a length of '0'. [skip...] > Can you guess what I misconfigured? Apparently there is a misconception. The prime goal of Shibboleth is security and privacy. That's why membership in shibboleth-driven lists is only by invitation. Thus `join' command means to join another group for already registered user. To add new users to members DB you have to run shibboleth-bot with -i command switch (means interactive) and then type in your commands like: $ shibboleth-bot.pl -i -c ../etc/shibboleth.conf add-new-user conny_hesse "Conny Hesse" co...@ho... conny@.*\\.manoo\\.de ".*\\.manoo\\.de (Note double backslashes. Use two backslashes in e-mail requests as well) Also you can register you PGP public key (beware that fact that currently is only pgp 2.6.* supported, patches are welcome) with bot, and then send PGP signed message with commands. The sender have to be registered as an admin in config file (see accompanying documentation). Eugene |
From: Manuel H. <ma...@po...> - 2001-12-27 01:24:35
|
Hi, I just started playing with shibboleth and got a lot of error messages, mostly caused by wrong file permissions. Now I'm stuck with this: when I send a join, leave or add-new-user command I get the following message (in Subject) and the members file has a length of '0'. -rw-rw-r-- 1 sersi wheel 0 Dec 26 23:38 members Can you guess what I misconfigured? Manuel ------- Weitergeleitete Nachricht / Forwarded message ------- ... To: ser...@po..., ma...@ho... Subject: Shibboleth-Bot: /usr/local/shibboleth/src/shibboleth-bot.pl: readline() on closed filehandle main::IN at /usr/local/shibboleth/src//shi bboleth-loaders.pl line 276. From: ser...@po... (.?. Shibboleth Serv) ----- Error-triggering message follows ----- ... su add-new-user conny_hesse "Conny Hesse" co...@ho... conny@.*\.manoo\.de ".*\.manoo\.de end --- Ende der weitergeleiteten Nachricht / End of forwarded message --- |
From: Matt C. <cmc...@in...> - 2001-12-07 23:21:47
|
>>>>> "Migs" == Migs Paraz <ma...@in...> writes: Migs> I'm looking at a small list of only 20 or so people, at only Migs> tens of messages a day. It's actually for a security Migs> organization's discussion. Cool. That would probably not be too tough to keep on top of. Migs> I might be interested in doing the GPG... are there enough Migs> Shibboleth users who might want it to make it worthwhile? We have had some folks ask about it, but honestly, we don't seem to have a large number of users. I'd use the code, though. :-) -- Matt Curtin, Founder Interhack Corporation http://web.interhack.com/ My new book, "Developing Trust: Online Privacy and Security," is now available. See site for details. research | development | consulting |
From: Matt C. <cmc...@in...> - 2001-11-26 15:22:09
|
>>>>> "Migs" == Migs Paraz <ma...@in...> writes: Migs> 1. Is it feasible to encrypt messages going to the Migs> destination, with the public key of each recipient? To ensure Migs> that they don't get captured on the way. It's very expensive, computationally. Whether it's feasible will depend on the number of recipients, the amount of processing cycles your machine has, and just what kind of volume the list has. It's noteworthy that taking an encrypted message and reencrypting it to each destination is likely to open the message up to certain avenues of cryptanalysis that might be used in attacks against keys. I wouldn't expect that there would be any direct attack, but a sophisticated attacker, given enough time and effort, might be able to find some attacks that would work. I don't think that anyone using Shibboleth on the Internet, though, would be dealing with anything sensitive enough to worry about the attack. Migs> 2. The PGP code is specific to the original PGP I think... how Migs> about GPG? The GPG? library? We have looked at other interfaces. At the time that we developed the interface, there was no other workable interface to PGP, and GPG wasn't yet out. We'd like for Shibboleth to support GPG, but we just don't have the cycles to devote to adding new features right now. We're happy to accept patches, though. :-) Of course, in writing the above, I'll probably find that someone already wrote some code for it and it just needs to be committed. ;-) -- Matt Curtin, Founder Interhack Corporation http://web.interhack.com/ "Building the Internet, Securely." research | development | consulting |
From: Migs P. <ma...@in...> - 2001-11-25 07:36:26
|
Hi, 1. Is it feasible to encrypt messages going to the destination, with the public key of each recipient? To ensure that they don't get captured on the way. 2. The PGP code is specific to the original PGP I think... how about GPG? The GPG? library? Thanks! |
From: Matt C. <cmc...@in...> - 2001-10-12 15:54:19
|
>>>>> "Lorens" == Lorens Kockum <shi...@li...> writes: Lorens> Now if the admin verifies that the mail is OK and should go Lorens> out as such, what is he supposed to do? You should resend the message, with a PGP signature from the moderator, just as you would approve a new thread posted to a moderated list. The SMTP headers will be ignored if the moderator's PGP signature is good. Lorens> What I would have thought appropriate would have been a Lorens> function whereby the admin would reply to the "Error Header" Lorens> mail, specifying in some way "pass this message through this Lorens> once" or "these headers are OK, add them to the user's Lorens> config and send out the message". The way to handle these cases are: o You can sign the message (accept once) o You can send the add-mx commands (add path) -- Matt Curtin, Founder Interhack Corporation http://web.interhack.com/ "Building the Internet, Securely." research | development | consulting |
From: Lorens K. <shi...@li...> - 2001-10-12 12:20:33
|
When a mail is received that has some problem with its headers, such as a user sending from sowehere else than his usual MX, no response is sent to the user, and the mail ends up as an "Error Header" mail to the admin. If the admin decides he doesn't want the mail to go out, he does nothing. So far so good. Now if the admin verifies that the mail is OK and should go out as such, what is he supposed to do? At this time, I manually telle shibboleth that the headers are OK, and then I edit the original mail to remove evidence that I got it it, and then I pipe it to shibboleth as if it had just arrived from the MTA. I find that a bit ugly, especially as a shibboleth list admin should not have to have that kind of access. What I would have thought appropriate would have been a function whereby the admin would reply to the "Error Header" mail, specifying in some way "pass this message through this once" or "these headers are OK, add them to the user's config and send out the message". Does something like this exist already? Or is it maybe foreseen? Just the function "define a mail's headers as valid and adjust the user's config accordingly" would be helpful when subscribing new users. -- #include <std_disclaim.h> Lorens Kockum |
From: Eugene S. <se...@in...> - 2001-10-11 19:47:12
|
shi...@ri... writes: > I have setup all the locations, and the shibboleth-check.pl script is > happy. I have told shibboleth that the personm to send to when everything > goes wrong is me (actual user, not shibboleth alias). I have setup an an > "all" list, and currently, there are no other lists, and no users. It seems that you have no user in your members DB. > > Aparently, shibboleth expects "a list for the list's hosts, those > responsible for the operation of the lists". No, this is not required, all lists can operate without it. Hosts is just another built-in list, and only special about it is header substitution. > I do not understand how or where "Table 1" (top of page 26) in the PDF > documentation for admins fits in to anything. This is a legend for bot's commands which are follow. > I have a problem creating a mailing list, or doing anything. Any mail I > send to the shibboleth bot is sent to the admin (me) saying that it > doesn't know who I am. The mail is pgp signed, and I have already put my > key into the keyring of the shibboleth bot. Ok, you need to designate yourself as a top-admin (see shibboleth.conf file) and in this case you can talk to bot sending PGP signed mail to it. Another way is to talk to bot interactively, running it locally with -i command line flag. > Any ideas? Any more information you need? This is a "to be tinkered > with" installation of shibboleth, so I have no bproblem with sending out > the config files to you (aside from the bot's passphrase, obviously) First, check admin's mail you have to get bounces with bot commands to add new user. To manage Shibboleth you need to issue commands to its bot. The full commands set is described in admin documentation. As a first thing you need to specify all you users along with their MX'es. To let any command be passed to bot you have to be an admin and PGP sign the message, of course, your PGP key have to be introduced to the bot but you've done it already. Eugene |
From: <shi...@ri...> - 2001-10-09 18:56:49
|
Hi all, Having read the description and the paper about Shibboleth, I decided it would be the mailing list manager for a server I run. Unfortunately I'm having a problem with it. I have setup all the locations, and the shibboleth-check.pl script is happy. I have told shibboleth that the personm to send to when everything goes wrong is me (actual user, not shibboleth alias). I have setup an an "all" list, and currently, there are no other lists, and no users. Aparently, shibboleth expects "a list for the list's hosts, those responsible for the operation of the lists". I hav enot got this, but I do not understand how to setup a list, and populate it by hand. Likewise, I do not understand how or where "Table 1" (top of page 26) in the PDF documentation for admins fits in to anything. I have a problem creating a mailing list, or doing anything. Any mail I send to the shibboleth bot is sent to the admin (me) saying that it doesn't know who I am. The mail is pgp signed, and I have already put my key into the keyring of the shibboleth bot. Any ideas? Any more information you need? This is a "to be tinkered with" installation of shibboleth, so I have no bproblem with sending out the config files to you (aside from the bot's passphrase, obviously) TIA, rik -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net |