On 2015-05-31 02:46, tsu2 wrote:
>
> Prune;2712886 Wrote:
>> I hope the choice of quote is incidental and not to imply that, in my
>> concern with digital adversaries, I am tilting at windmills.
>
> I’m sure that Carlos was directing his comment to me…
Yep.
I was only trying to demonstrate that I could write a long paragraph
with many spaces without it wrapping around. And I failed somewhat,
there seems to be a limit to the width.
And about the choice of text, it happens that whenever I want to fill
some text I type, from memory, the start of El Quijote (in Spanish).
This time, I selected the text in English from the Gutemberg project,
instead of translating such a difficult text. Please don’t attach any
meaning to the contents whatsoever, I could just as well typed aaa bbb
ccc ddd… The Quixote is more entertaining
> For some reason, at least as I was building my post when I changed the
> block code from QUOTE to CODE, the emoticons still showed up.
> Maybe might have been different if I built the post using CODE blocks
> from the beginning…
I don’t know. I know little of the web side. Malcolm’s suggestion about
disabling emoticon conversion seems interesting.
Thx,
I’ll look for that again. I was sure it should have been there but I didn’t see it… and then started looking all over the place including in Forum settings and my profile… unsuccessfully.
Was curious about the zypper reference to ntlm and digest which as the OP suggests should be given priority over BASIC authentication if available.
I still am not sure whether ntlm and digest are built into zypper and can be implemented without much work or additional installables, but I was as much interested in whether there is “standalone” support for ntlm and digest in Linux today without implementing MS security…
And there is in the OSS. For anyone who might be interested in this app called “cntlm”, it looks very interesting. To be expected, it’s very tiny but immensely powerful and functional.
For those who may not know what ntlm is, it’s a strong cryptographic method alternative to SSL, TLS, and VPNs. It’s commonly used to extend LAN strength security across the Internet, able to easily traverse network devices unlike many VPNs(eg kerberos and L2TP). And, it’s simple. It “just works” and typically only needs to be implemented as the encryption protocol of choice in a web server frontend.
cntlm can be a standalone proxy implementing any version of ntlm (although should enforce using only ntlmv2) connectivity to remote clients.
If your network already has a proxy, cntlm can also be configured as a “client” in the LAN between your app and the actual proxy. I haven’t looked at this closely, but IMO may simply be a fairly common “proxy chain” setup.
Interestingly, although proxy firewalls/servers by reputation introduce noticeable latency, the MAN pages suggest cntlm is blazingly fast. IMO this might be because cntlm may only do one main function… encrypt/decrypt and proxy connections… and may not have all the filtering, caching, and inspection a full blown proxy FW/server might do.
Well, in the end it looks like the our maintainer overlords agreed with my view that client certificate authentication support is appropriate, and pursuant to my bugzilla report, this has now been fixed in both 13.1 and 13.2: 932393 – Zypper doesn't support client certificate authentication