diff --git a/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml b/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
index 641b060563..639d826538 100644
--- a/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
@@ -1,972 +1,988 @@
Localization - I18N/L10N Usage and SetupContributed by &a.ache;Rewritten by &a.keichii;, 30 Nov 2000.SynopsisThis section of the handbook discusses the internationalization
and localization of FreeBSD to different countries and different
settings. If the users wish to use languages other than the system
default English, he/she will have to setup the system accordingly.
Please note that language support for each language varies in level.
Hence, the user should contact the respective FreeBSD local group
that is responsible for each language.The author realizes that he may have been incomplete in the
description of the I18N process in FreeBSD. Due to the various
levels of I18N implementation in both the system and application
levels, we advise you to refer to individual documentation, man
pages, READMEs, and so forth.Should you have any questions or suggestions regarding this
chapter, please email the author.The BasicsWhat is I18N/L10N?internationalizationlocalizationDevelopers shortened internationalization into the term I18N,
counting the number of letters between the first and the last
letters of internationalization. L10N uses the same naming
scheme, coming from "localization". Combined
together, I18N/L10N methods, protocols, and applications allow
users to use languages of their choice.I18N applications are programmed using I18N kits under
libraries. It allows for developers to write a simple file and
translate displayed menus and texts to each language. We strongly
encourage programmers to follow this convention.Why should I use I18N/L10N?I18N/L10N is used whenever you wish to either view, input, or
process data in non-English languages.What languages are supported in the I18N effort?I18N and L10N are not FreeBSD specific. Currently, one can
choose from most of the major languages of the World, including
but not limited to: Chinese, German, Japanese, Korean, French,
Russian, Vietnamese and others.Using LocalizationIn all its splendor, I18N is not FreeBSD-specific and is a
convention. We encourage you to help FreeBSD in following this
convention.localeLocalization settings are based on three main terms:
Language Code, Country Code, and Encoding. Locale names are
constructed from these parts as follows:LanguageCode_CountryCode.EncodingLanguage and Country Codeslanguage codescountry codesIn order to localize a FreeBSD system to a specific language
(or any other I18N-supporting Unixes), the user needs to find out
the codes for the specify country and language (country
codes tell applications what variation of given
language to use). In addition, web
browsers, SMTP/POP servers, web servers, etc. make decisions based on
them. The following are examples of language/country codes:Language/Country CodeDescriptionen_USEnglish - United Statesru_RURussian for Russiazh_TWTraditional Chinese for TaiwanEncodingsencodingsASCIISome languages use non-ASCII encodings that are 8-bit, wide
or multibyte characters, see &man.multibyte.3; for more
details. Older applications do not recognize them
and mistake them for control characters. Newer applications
usually do recognize 8-bit characters. Depending on the
implementation, users may be required to compile an application
with wide or multibyte characters support, or configure it correctly.
To be able to input and process wide or multibyte characters, the FreeBSD Ports collection has provided
each language with different programs. Refer to the I18N
documentation in the respective FreeBSD Port.Specifically, the user needs to look at the application
documentation to decide on how to configure it correctly or to
pass correct values into the configure/Makefile/compiler.Some things to keep in mind are:Language specific single C chars character sets
(see &man.multibyte.3;), i.e.,
ISO-8859-1, ISO-8859-15, KOI8-R, CP437.Wide or multibyte encodings, f.e. EUC, Big5.You can check the active list of character sets at the
IANA Registry.I18N applicationsIn the FreeBSD Ports and Package system, I18N applications
have been named with I18N in their names for
easy identification. However, they do not always support the
language needed.Setting LocaleTheoretically, one only needs to export the value of his/her
locale name as LANG in the login shell and is
usually done through the user's
~/.login_conf or the user login shell
configuration (~/.profile,
~/.bashrc, ~/.cshrc).
This should set all of the locale subsets (such as
LC_CTYPE, LC_CTIME, etc.). Please
refer to language-specific FreeBSD documentation for more
information.You should set the following two values in your configuration
files:POSIXLANG for POSIX &man.setlocale.3; family
functionsMIMEMM_CHARSET for applications' MIME character
setThis includes the user shell config, the specific application
config, and the X11 config.Setting Locale Methodslocalelogin classThere are two methods for setting locale, and both are
described below. The first (recommended one) is by assigning
the environment variables in login
class, and the second is by adding the environment
variable assignments to the system's shell startup file.Login Classes MethodThis method allows environment variables needed for locale
name and MIME character sets to be assigned once for every
possible shell instead of adding specific shell assignments to
each shell's startup file. User
Level Setup can be done by an user himself and Administrator Level Setup require
superuser privileges.User Level SetupHere is a minimal example of a
.login_conf file in user's home
directory which has both variables set for Latin-1
encoding:german:German User:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO_8859-1:Traditional Chinese / BIG-5 encodingHere is an example of a
.login_conf that sets the variables
for Traditional Chinese in BIG-5 encoding. Notice the many
more variables set because some software does not respect
locale variables correctly for Chinese, Japanese, and Korean.#Users who do not wish to use monetary units or time formats
#of Taiwan can manually change each variable
taiwan:Taiwanese User:\
lang=zh_TW.Big5:\
lc_all=zh_TW.Big:\
lc_collate=zh_TW.Big5:\
lc_ctype=zh_TW.Big5:\
lc_messages=zh_TW.Big5:\
lc_monetary=zh_TW.Big5:\
lc_numeric=zh_TW.Big5:\
lc_time=zh_TW.Big5:\
charset=big5:\
xmodifiers="@im=xcin": #Setting the XIM Input ServerSee Administrator Level
Setup and &man.login.conf.5; for more details.Administrator Level SetupCheck that /etc/login.conf have the
correct language user's class. Make sure these settings
appear in /etc/login.conf:language_name:accounts_title:\
:charset=MIME_charset:\
:lang=locale_name:\
:tc=default:So sticking with our previous example using Latin-1, it
would look like this:german:German Users Accounts:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO_8859-1:\
:tc=default:Changing Login Classes with &man.vipw.8;
- vipw
+
+ vipw
+ Use vipw to add new users, and make
the entry look like this:user:password:1111:11:language:0:0:User Name:/home/user:/bin/shChanging Login Classes with &man.adduser.8;
- adduser
+
+ adduser
+ login classUse adduser to add new users, and do
the following:Set defaultclass =
language in
/etc/adduser.conf. Keep in mind
you must enter a default class for
all users of other languages in this case.An alternative variant is answering the specified
language each time that
Enter login class: default []:
appears from &man.adduser.8;Another alternative is to use the following for each
user of a different language that you wish to
add:&prompt.root; adduser -class languageChanging Login Classes with &man.pw.8;
- pw
+
+ pw
+ If you use &man.pw.8; for adding new users, call it in
this form:&prompt.root; pw useradd user_name -L languageShell Startup File MethodThis method is not recommended because it requires a
different setup for each possible login program chosen. Use
the Login Class Method
instead.MIMElocaleTo add the locale name and MIME character set, just set
the two environment variables shown below in the
/etc/profile and/or
/etc/csh.login shell startup files. We
will use the German language as an example below:In /etc/profile:LANG=de_DE.ISO_8859-1; export LANGMM_CHARSET=ISO-8859-1; export MM_CHARSETOr in /etc/csh.login:setenv LANG de_DE.ISO_8859-1setenv MM_CHARSET ISO-8859-1Alternatively, you can add the above instructions to
/usr/share/skel/dot.profile (similar to
what was used in /etc/profile above), or
/usr/share/skel/dot.login (similar to
what was used in /etc/csh.login
above).For X11:In $HOME/.xinitrc:LANG=de_DE.ISO_8859-1; export LANGOr:setenv LANG de_DE.ISO_8859-1Depending on your shell (see above).Console SetupFor all single C chars character sets, set the correct
console fonts in /etc/rc.conf for the
language in question with:font8x16=font_name
font8x14=font_name
font8x8=font_nameThe font_name here is taken from
the /usr/share/syscons/fonts directory,
without the .fnt suffix.
- sysinstall
+
+ sysinstall
+ keymapscreenmapAlso be sure to set the correct keymap and screenmap for your
single C chars character set through
/stand/sysinstall.
Once inside sysinstall, choose Configure, then
Console. Alternatively, you can add the
following to /etc/rc.conf:scrnmap=screenmap_name
keymap=keymap_name
keychange="fkey_number sequence"The screenmap_name here is taken
from the /usr/share/syscons/scrnmaps
directory, without the .scm suffix. A
screenmap with a corresponding mapped font is usually needed as a
workaround for expanding bit 8 to bit 9 on a VGA adapter's font
character matrix in pseudographics area, i.e., to move letters out
of that area if screen font uses a bit 8 column.If you have the moused daemon
enabled by setting the following
in your /etc/rc.conf:moused_enable="YES"then examine the mouse cursor information in the next
paragraph.
- moused
+
+ moused
+ By default the mouse cursor of the syscons driver occupies the
0xd0-0xd3 range in the character set. If your language uses this
range, you need to move the cursor's range outside of it. To enable
the workaround for FreeBSD versions before 5.0, insert the following
line into your kernel config:options SC_MOUSE_CHAR=0x03For the FreeBSD versions 5.0 and up insert the following line
into /etc/rc.conf:mousechar_start=3The keymap_name here is taken from
the /usr/share/syscons/keymaps directory,
without the .kbd suffix.The keychange is usually needed to program
function keys to match the selected terminal type because
function key sequences cannot be defined in the key map.Also be sure to set the correct console terminal type in
/etc/ttys for all ttyv*
entries. Current pre-defined correspondences are:Character SetTerminal TypeISO-8859-1 or ISO-8859-15cons25l1ISO-8859-2cons25l2KOI8-Rcons25rKOI8-Ucons25uCP437 (hardware default)cons25For wide or multibyte characters languages, use the correct
FreeBSD port in your
/usr/ports/language
directory. Some ports appear as console while the system sees it
as serial vtty's, hence you must reserve enough vtty's for both
X11 and the pseudo-serial console. Here is a partial list of
applications for using other languages in console:LanguageLocationTraditional Chinese (BIG-5)/usr/ports/chinese/big5conJapanese/usr/ports/japanese/ja-kon2-* or
/usr/ports/japanese/Mule_WnnKorean/usr/ports/korean/ko-hanX11 SetupAlthough X11 is not part of the FreeBSD Project, we have
included some information here for FreeBSD users. For more
details, refer to the XFree86
web site or whichever X11 Server you use.In ~/.Xresources, you can additionally
tune application specific I18N settings (e.g., fonts, menus,
etc.).Displaying FontsX11 True Type font serverInstall the X11 True Type-Common server (XTT-common) and
install the language truetype fonts. Setting the correct
locale should allow you to view your selected language in menus
and such.Inputting Non-English CharactersX11 Input Method (XIM)The X11 Input Method (XIM) Protocol is a new standard for
all X11 clients. All X11 applications should be written as XIM
clients that take input from XIM Input servers. There are
several XIM servers available for different languages.Printer SetupSome single C chars character sets are usually hardware
coded into printers. Wide or multibyte
character sets require special setup and we recommend using
apsfilter. You may also convert the
document to PostScript or PDF formats using language specific
converters.Kernel and File SystemsThe FreeBSD FFS filesystem is 8-bit clean, so it can be used
with any single C chars character set (see &man.multibyte.3;),
but there is no character set
name stored in the filesystem; i.e., it is raw 8-bit and does not
know anything about encoding order. Officially, FFS does not
support any form of wide or multibyte character sets yet. However, some
wide or multibyte character sets have independent patches for FFS
enabling such support. They are only temporary unportable
solutions or hacks and we have decided to not include them in the
source tree. Refer to respective languages' web sites for more
informations and the patch files.DOSUnicodeThe FreeBSD MS-DOS filesystem has the configurable ability to
convert between MS-DOS, Unicode character sets and chosen
FreeBSD filesystem character sets. See &man.mount.msdos.8; for
details.Advanced TopicsIf you wish to compile I18N applications or program I18N
compliant applications, please read this section.Compiling I18N ProgramsMany FreeBSD Ports have been ported with I18N support. Some
of them are marked with -I18N in the port name. These and many
other programs have built in support for I18N and need no special
consideration.
- MySQL
+
+ MySQL
+ However, some applications such as
MySQL need to be have the
Makefile configured with the specific
charset. This is usually done in the
Makefile or done by passing a value to
configure in the source.Programming I18N Compliant ApplicationsQtGTKTo make your application more useful for speakers of other
languages, we hope that you will program I18N compliant. The GNU
gcc compiler, GUI Libraries like QT and GTK support I18N through
special handling of strings. Making a program I18N compliant is
very easy. It allows contributors to port your application to
other languages quickly. Refer to library specific I18N
documentation for more details.To the contrary of common perception, I18N compliant code is
easy to write. Usually, it only involves wrapping your strings
with library specific functions. In addition, please be sure to
allow for wide or multibyte characters support.A Call to Unify the I18N effortIt has come to our attention that the individual I18N/L10N
efforts for each country has been repeating each others'
efforts. Many of us have been reinventing the wheel repeatedly
and inefficiently. We hope that the various major groups in
I18N could congregate into a group effort similar to the Core
Team's responsibility.Currently, we hope that, when you write or port I18N
programs, you would send it out to each country's related
FreeBSD mailing lists for testing. In the future, we hope to
create applications that work in all the languages
out-of-the-box without dirty hacks.The mailing list FreeBSD-I18N@FreeBSD.org
has been established. If you are an I18N/L10N developer,
please send your comments, ideas, questions, and anything
you deem related to it. Michael C. Wu will be maintaining an I18N works in progress
homepage at http://www.FreeBSD.org/~keichii/i18n/index.html
Please also read the BSDCon2000 I18N paper and presentations
by Clive Lin, Chia-Liang Kao, and Michael C. Wu at http://www.FreeBSD.org/~keichii/papers/Perl and Python
- Perl
- Python
+
+ Perl
+
+
+ Python
+ Perl and Python have I18N and wide characters handling
libraries. Please use them for I18N compliance.In older FreeBSD versions,
Perl may gives warning about not having a wide characters locale
that is already installed in your system. You can set the
environmental variable LD_PRELOAD to
/usr/lib/libxpg4.so in your shell.In sh-based shells:LD_PRELOAD=/usr/lib/libxpg4.soIn C-based shells:setenv LD_PRELOAD /usr/lib/libxpg4.soLocalizing FreeBSD to Specific LanguagesRussian Language (KOI8-R encoding)Russian localizationOriginally contributed by
&a.ache;.For more information about KOI8-R encoding, see the KOI8-R References
(Russian Net Character Set).Locale SetupPut the following lines into your
~/.login_conf file:me:My Account:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:See earlier in this chapter for examples of setting up the
locale.Console SetupFor the FreeBSD versions before 5.0 add the following line
to your kernel configuration file:options SC_MOUSE_CHAR=0x03For the FreeBSD versions 5.0 and up insert the following
line into /etc/rc.conf:mousechar_start=3Use following settings in
/etc/rc.conf:keymap="ru.koi8-r"
scrnmap="koi8-r2cp866"
font8x16="cp866b-8x16"
font8x14="cp866-8x14"
font8x8="cp866-8x8"For each ttyv* entry in
/etc/ttys, use
cons25r as the terminal type.See earlier in this chapter for examples of setting up the
console.Printer SetupprintersSince most printers with Russian characters come with
hardware code page CP866, a special output filter is needed for
KOI8-R -> CP866 conversion. Such a filter is installed by
default as /usr/libexec/lpr/ru/koi2alt.
A Russian printer /etc/printcap entry
should look like:lp|Russian local line printer:\
:sh:of=/usr/libexec/lpr/ru/koi2alt:\
:lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:See &man.printcap.5; for a detailed description.MS-DOS FS and Russian FilenamesThe following example &man.fstab.5; entry enables support
for Russian filenames in mounted MS-DOS filesystems:/dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0See &man.mount.msdos.8; for a detailed description of the
and options.X11 SetupDo non-X locale
setup first as described.The Russian KOI8-R locale
may not work with old XFree86 releases (lower than 3.3).
The XFree86 port from
/usr/ports/x11/XFree86 already is the
most recent XFree86 version, so it will work if you
install XFree86 from the port. This should not be an
issue unless you are using an old version of
FreeBSD.Go to the
/usr/ports/russian/X.language directory
and issue the following command:&prompt.root; make installThe above port installs the latest version of the KOI8-R
fonts. XFree86 3.3 already has some KOI8-R fonts, but these
are scaled better.Check the "Files" section
in your /etc/XF86Config file.
The following
lines must be added before any other
FontPath entries:FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/misc"
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/75dpi"
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/100dpi"If you use a high resolution video mode, swap the 75 dpi
and 100 dpi lines.To activate a Russian keyboard, add the following to the
"Keyboard" section of your
XF86Config file.For XFree86 v3.*:XkbLayout "ru"
XkbOptions "grp:caps_toggle"For XFree86 v4.*:Option "XkbLayout" "ru"
Option "XkbOptions" "grp:caps_toggle"Also make sure that XkbDisable is
turned off (commented out) there.The RUS/LAT switch will be CapsLock.
The old CapsLock function is still
available via Shift+CapsLock (in LAT mode
only).If you have Windows keys on your keyboard,
and notice that some non-alphabetical keys are mapped
incorrectly in RUS mode, add the following line in your
XF86Config file.For XFree86 v3.*:XkbVariant "winkeys"For XFree86 v4.*:Option "XkbVariant" "winkeys"The Russian XKB keyboard may not work with old XFree86
versions, see the above
note for more information. The Russian XKB
keyboard may also not work with non-localized
applications as well. Minimally localized applications
should call a XtSetLanguageProc (NULL, NULL,
NULL); function early in the program.
See
KOI8-R for X-Window for more instructions on
localizing X11 applications.Traditional Chinese Localization for TaiwanTraditional Chinese localizationThe FreeBSD-Taiwan Project has an I18N/L10N tutorial for
FreeBSD at http://freebsd.sinica.edu.tw/~ncvs/zh-l10n-tut/index.html
using many /usr/ports/chinese/* applications.
The editor for the zh-L10N-tut is Clive Lin
Clive@CirX.org. You can also cvsup the following
collections at freebsd.sinica.edu.tw:CollectionDescriptionoutta-port tag=.Beta-quality Ports Collection for Chinesezh-L10N-tut tag=.Localizing FreeBSD Tutorial in BIG-5 Traditional
Chinesezh-doc tag=.FreeBSD Documentation Translation to BIG-5 Traditional
ChineseChuan-Hsing Shen s874070@mail.yzu.edu.tw has
created the Chinese
FreeBSD Collection (CFC) using FreeBSD-Taiwan's
zh-L10N-tut. The packages and the script files
are available at ftp://ftp.csie.ncu.edu.tw/OS/FreeBSD/taiwan/CFC/.German Language Localization (For All ISO 8859-1
Languages)German localizationSlaven Rezic eserte@cs.tu-berlin.de wrote a
tutorial how to use umlauts on a FreeBSD machine. The tutorial
is written in German and available at http://www.de.FreeBSD.org/de/umlaute/.Japanese and Korean Language LocalizationJapanese localizationKorean localizationFor Japanese, refer to http://www.jp.FreeBSD.org/,
and for Korean, refer to http://www.kr.FreeBSD.org/.Non-English FreeBSD DocumentationSome FreeBSD contributors have translated parts of FreeBSD to
other languages. They are available through links on the main site or in
/usr/share/doc.
diff --git a/en_US.ISO8859-1/books/handbook/mail/chapter.sgml b/en_US.ISO8859-1/books/handbook/mail/chapter.sgml
index 5b4f20335f..ca219ea68e 100644
--- a/en_US.ISO8859-1/books/handbook/mail/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mail/chapter.sgml
@@ -1,528 +1,528 @@
Electronic MailRewritten by &a.jim;, 02 December 1999. Original work
done by &a.wlloyd;.Synopsisemailelectronic mailElectronic Mail, better known as email, is one of the most
widely used forms of communication today. Millions of people use
email every day, and chances are if you are reading this online,
you fall into that category and probably even have more than one
email address.Electronic Mail configuration is the subject of many System Administration books. If you
plan on doing anything beyond setting up one mailhost for your
network, you need industrial strength help.DNSSome parts of email configuration are controlled in the Domain
Name System (DNS). If you are going to run your own DNS server, be
sure to read through the files in /etc/namedb
and man -k named.Using Electronic MailPOPIMAPThere are five major parts involved in an email exchange. They
are: the user program, the server daemon, DNS, a pop or
IMAP daemon, and of course, the
mailhost itself.The User ProgramThis includes command line programs such as
mutt, pine,
elm, and
mail, and GUI programs such as
balsa,
xfmail to name a few, and something
more sophisticated like a WWW browser. These
programs simply pass off the email transactions to the local mailhost, either by
calling one of the server daemons
available or delivering it over TCP.Mailhost Server Daemonmail server daemon
- sendmail
+ sendmailmail server daemon
- postfix
+ postfixmail server daemon
- qmail
+ qmailmail server daemon
- exim
+ eximThis is usually sendmail (by
default with FreeBSD) or one of the other mail server daemons such
as qmail,
postfix, or
exim. There are others, but those are
the most widely used.The server daemon usually has two functions—it looks
after receiving incoming mail and delivers outgoing mail. It does
not allow you to connect to it via POP or IMAP to read your mail.
You need an additional daemon
for that.Be aware that some older versions of
sendmail have some serious security
problems, however as long as you run a current version of it you
should not have any problems. As always, it is a good idea to
stay up-to-date with any software you run.Email and DNSThe Domain Name System (DNS) and its daemon
named play a large role in the delivery of
email. In order to deliver mail from your site to another, the
server daemon will look up the site in the DNS to determine the
host that will receive mail for the destination.It works the same way when you have mail sent to you. The DNS
contains the database mapping hostname to an IP address, and a
hostname to mailhost. The IP address is specified in an A record.
The MX (Mail eXchanger) record specifies the mailhost that will
receive mail for you. If you do not have an MX record for your
hostname, the mail will be delivered directly to your host.Receiving Mailemail
- receiving
+ receivingReceiving mail for your domain is done by the mail host. It
will collect mail sent to you and store it for reading or pickup.
In order to pick the stored mail up, you will need to connect to
the mail host. This is done by either using POP or IMAP. If you
want to read mail directly on the mail host, then a POP or IMAP
server is not needed.POPIMAPIf you want to run a POP or IMAP server, there are two things
you need to do:Get a POP or IMAP daemon from the Ports Collection and install
it on your system.Modify /etc/inetd.conf to load the
POP or IMAP server.The Mail Hostmail hostThe mail host is the name given to a server that is
responsible for delivering and receiving mail for your host, and
possibly your network.TroubleshootingemailtroubleshootingHere are some frequently asked questions and answers. These
have been migrated from the FAQ.Why do I have to use the FQDN for hosts on my site?You will probably find that the host is actually in a
different domain; for example, if you are in
foo.bar.edu and you wish to reach
a host called mumble in the bar.edu domain, you will have to
refer to it by the fully-qualified domain name, mumble.bar.edu, instead of just
mumble.BINDTraditionally, this was allowed by BSD BIND resolvers.
However the current version of BIND
that ships with FreeBSD no longer provides default abbreviations
for non-fully qualified domain names other than the domain you
are in. So an unqualified host mumble must
either be found as mumble.foo.bar.edu, or it will be searched
for in the root domain.This is different from the previous behavior, where the
search continued across mumble.bar.edu, and mumble.edu. Have a look at RFC 1535
for why this was considered bad practice, or even a security
hole.As a good workaround, you can place the line:
search foo.bar.edu bar.edu
instead of the previous:
domain foo.bar.edu
into your /etc/resolv.conf. However, make
sure that the search order does not go beyond the
boundary between local and public administration,
as RFC 1535 calls it.Sendmail says mail loops back to
myselfThis is answered in the sendmail FAQ as follows:* I am getting Local configuration error messages, such as:
553 relay.domain.net config error: mail loops back to myself
554 <user@domain.net>... Local configuration error
How can I solve this problem?
You have asked mail to the domain (e.g., domain.net) to be
forwarded to a specific host (in this case, relay.domain.net)
by using an MX record, but the relay machine does not recognize
itself as domain.net. Add domain.net to /etc/sendmail.cw
(if you are using FEATURE(use_cw_file)) or add Cw domain.net
to /etc/sendmail.cf.The sendmail FAQ is in
/usr/src/usr.sbin/sendmail and is
recommended reading if you want to do any
tweaking of your mail setup.PPPHow can I do email with a dial-up PPP host?You want to connect a FreeBSD box on a lan, to the
Internet. The FreeBSD box will be a mail gateway for the lan.
The PPP connection is non-dedicated.There are at least two ways to do this.UUCPThe other is to use UUCP.The key is to get a Internet site to provide secondary MX
service for your domain. For example:bigco.com. MX 10 bigco.com.
MX 20 smalliap.com.Only one host should be specified as the final recipient
(add Cw bigco.com in
/etc/sendmail.cf on bigco.com).When the senders' sendmail is trying to
deliver the mail it will try to connect to you over the modem
link. It will most likely time out because you are not online.
sendmail will automatically deliver it to the
secondary MX site, i.e., your Internet provider. The secondary MX
site will try every
(sendmail_flags = -bd -q15m in
/etc/rc.conf) 15 minutes to connect to
your host to deliver the mail to the primary MX site.You might want to use something like this as a login
script.#!/bin/sh
# Put me in /usr/local/bin/pppbigco
( sleep 60 ; /usr/sbin/sendmail -q ) &
/usr/sbin/ppp -direct pppbigcoIf you are going to create a separate login script for a
user you could use sendmail -qRbigco.com
instead in the script above. This will force all mail in your
queue for bigco.com to be processed immediately.A further refinement of the situation is as follows.Message stolen from the &a.isp;.> we provide the secondary MX for a customer. The customer connects to
> our services several times a day automatically to get the mails to
> his primary MX (We do not call his site when a mail for his domains
> arrived). Our sendmail sends the mailqueue every 30 minutes. At the
> moment he has to stay 30 minutes online to be sure that all mail is
> gone to the primary MX.
>
> Is there a command that would initiate sendmail to send all the mails
> now? The user has not root-privileges on our machine of course.
In the privacy flags section of sendmail.cf, there is a
definition Opgoaway,restrictqrun
Remove restrictqrun to allow non-root users to start the queue processing.
You might also like to rearrange the MXs. We are the 1st MX for our
customers like this, and we have defined:
# If we are the best MX for a host, try directly instead of generating
# local config error.
OwTrue
That way a remote site will deliver straight to you, without trying
the customer connection. You then send to your customer. Only works for
hosts, so you need to get your customer to name their mail
machine customer.com as well as
hostname.customer.com in the DNS. Just put an A record in
the DNS for customer.com.Advanced TopicsThe following section covers more involved topics such as mail
configuration and setting up mail for your entire domain.Basic ConfigurationemailconfigurationOut of the box, you should be able to send email to external
hosts as long as you have set up
/etc/resolv.conf or are running your own
name server. If you would like to have mail for your host
delivered to that specific host, there are two methods:Run your own name server and have your own domain. For
example, FreeBSD.orgGet mail delivered directly to your host. This is done by
delivering mail directly to the current DNS name for your
machine. For example, example.FreeBSD.org.SMTPRegardless of which of the above you choose, in order to have
mail delivered directly to your host, you must have a permanent
(static) IP address (no dynamic PPP dial-up). If you are behind a
firewall, it must pass SMTP traffic on to you. If you want to
receive mail at your host itself, you need to be sure of one of two
things:MX recordMake sure that the MX record in your DNS points to your
host's IP address.Make sure there is no MX entry in your DNS for your
host.Either of the above will allow you to receive mail directly at
your host.Try this:&prompt.root; hostname
example.FreeBSD.org
&prompt.root; host example.FreeBSD.org
example.FreeBSD.org has address 204.216.27.XXIf that is what you see, mail directly to
yourlogin@example.FreeBSD.org should work without
problems.If instead you see something like this:&prompt.root; host example.FreeBSD.org
example.FreeBSD.org has address 204.216.27.XX
example.FreeBSD.org mail is handled (pri=10) by hub.FreeBSD.orgAll mail sent to your host (example.FreeBSD.org) will end up being
collected on hub under the same username instead
of being sent directly to your host.The above information is handled by your DNS server. The DNS
record that carries mail routing information is the
Mail eXchange entry. If
no MX record exists, mail will be delivered directly to the host by
way of its IP address.The MX entry for freefall.FreeBSD.org at one time looked like
this:freefall MX 30 mail.crl.net
freefall MX 40 agora.rdrop.com
freefall MX 10 freefall.FreeBSD.org
freefall MX 20 who.cdrom.comAs you can see, freefall had many MX entries.
The lowest MX number is the host that ends up receiving the mail in
the end while the others will queue mail temporarily if
freefall is busy or down.Alternate MX sites should have separate Internet connections
from your own in order to be the most useful. Your ISP or other
friendly site should have no problem providing this service for
you.Mail for your DomainIn order to set up a mailhost (a.k.a., mail
server) you need to have any mail sent to various workstations
directed to it. Basically, you want to hijack any
mail for your domain (in this case *.FreeBSD.org) and divert it to your mail
server so your users can check their mail via POP or directly on
the server.DNSTo make life easiest, a user account with the same
username should exist on both machines. Use
adduser to do this.The mailhost you will be using must be the designated mail
exchange for each workstation on the network. This is done in
your DNS configuration like so:example.FreeBSD.org A 204.216.27.XX ; Workstation
MX 10 hub.FreeBSD.org ; MailhostThis will redirect mail for the workstation to the mailhost no
matter where the A record points. The mail is sent to the MX
host.You cannot do this yourself unless you are running a DNS
server. If you are not, or cannot, run your own DNS server, talk
to your ISP or whoever does your DNS for you.If you're doing virtual email hosting, the following
information will come in handy. For the sake of an example, we
will assume you have a customer with their own domain, in this
case customer1.org and you want
all the mail for customer1.org
sent to your mailhost, which is named mail.myhost.com. The entry in your DNS
should look like this:customer1.org MX 10 mail.myhost.comYou do not need an A record if you only
want to handle email for the domain.Be aware that this means pinging customer1.org will not work unless
an A record exists for it.The last thing that you must do is tell
sendmail on your mailhost what domains
and/or hostnames it should be accepting mail for. There are a few
different ways this can be done. Either of the following will
work:Add the hosts to your
/etc/sendmail.cw file if you are using the
FEATURE(use_cw_file). If you are using
sendmail 8.10 or higher, the file is
/etc/mail/local-host-names.Add a Cwyour.host.com line to your
/etc/sendmail.cf or
/etc/mail/sendmail.cf if you are using
sendmail 8.10 or higher.
diff --git a/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml b/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
index 8cfc1df408..c6456fe25a 100644
--- a/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
@@ -1,333 +1,336 @@
SoundContributed by Moses Moore
jm-moses@home.com, 20 November 2000.SynopsisThis chapter of the handbook deals with setting up sound on a
FreeBSD system.Locating the Correct DevicePCIISAsound cardsBefore you begin, you should know the model of the card you
have, the chip it uses, and whether it is a PCI or ISA card.
FreeBSD supports a wide variety of both PCI and ISA cards. If you
do not see your card in the following list, check the &man.pcm.4;
manual page. This is not a complete list; however, it does list
some of the most common cards.Crystal 4237, 4236, 4232, 4231Yamaha OPL-SAxOPTi931Ensoniq AudioPCI 1370/1371ESS Solo-1/1ENeoMagic 256AV/ZXSound Blaster Pro, 16, 32, AWE64, AWE128, LiveCreative ViBRA16Advanced Asound 100, 110, and Logic ALS120ES 1868, 1869, 1879, 1888Gravis UltraSoundAureal Vortex 1 or 2
- kernelconfiguration
+
+ kernel
+ configuration
+ The driver you use in your kernel depends on the kind of card
you have. The sections below provide more information and what
you will need to add to your kernel
configuration.Creative, Advance, and ESS Sound CardsIf you have one of the above cards, you will need to
adddevice pcmto your kernel. If you have a PnP ISA card, you will also
need to adddevice sbcto your kernel. For a non-PnP ISA card, adddevice pcmanddevice sbc0 at isa? port0x220 irq 5 drq 1 flags 0x15to your kernel. Those are the default settings. You may
need to change the IRQ, etc. See the &man.sbc.4; man page for
more information.The Sound Blaster Live is not supported under FreeBSD 4.0
without a patch, which this document will not cover. It is
recommended that you update to the latest -STABLE before
trying to use this card.Gravis UltraSound CardsFor a PnP ISA card, you will need to adddevice pcmanddevice guscto your kernel. If you have a non-PnP ISA card, you will
need to adddevice pcmanddevice gus0 at isa? port 0x220 irq 5 drq 1 flags 0x13to your kernel. You may need to change the IRQ, etc. See
the &man.gusc.4; man page for more information.Crystal Sound CardsFor Crystal cards, you will need bothdevice pcmanddevice csain your kernel.Generic SupportFor PnP ISA or PCI cards, you will need to adddevice pcmto your kernel configuration. If you have a non-PnP ISA
sound card that does not have a bridge driver, you will need
to adddevice pcm0 at isa? irq 10 drq 1 flags 0x0to your kernel configuration. You may need to change the
IRQ, etc., to match your hardware configuration.Recompiling the KernelAfter adding the driver(s) you need to your kernel
configuration, you will need to recompile your kernel. Please see
of the handbook for
more information.Creating and Testing the Device Nodesdevice nodesAfter you reboot, log in and run cat
/dev/sndstat. You should see output similar to the
following:FreeBSD Audio Driver (newpcm) Sep 21 2000 18:29:53
Installed devices:
pcm0: <Aureal Vortex 8830> at memory 0xfeb40000 irq 5 (4p/1r +channels duplex)If you see an error message, something went wrong earlier. If
that happens, go through your kernel configuration file again and
make sure you chose the correct device.If it reported no errors and returned
pcm0, su to
root and do the following:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV snd0If it reported no errors and returned
pcm1, su to
root and do the following:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV snd1Please note that either of the above commands will
not create a
/dev/snd device! Instead it creates a
group of device nodes including:DeviceDescription/dev/audioSPARC-compatible audio device/dev/dspDigitized voice device/dev/dspWLike /dev/dsp, but 16 bits
per sample/dev/midiRaw midi access device/dev/mixerControl port mixer device/dev/musicLevel 2 sequencer interface/dev/sequencerSequencer device/dev/pssProgrammable device interfaceIf all goes well, you should now have a functioning sound
card. If you do not, see the next section.Common Problemsdevice nodeI get an unsupported subdevice XX error!One or more of the device nodes wasn't created
correctly. Repeat the steps above.I/O portI get a sb_dspwr(XX) timed out error!The I/O port is not set correctly.IRQI get a bad irq XX error!The IRQ is set incorrectly. Make sure that the set IRQ
and the sound IRQ are the same.I get a xxx: gus pcm not attached, out of
memory
error. What causes that?If this happens, it is because there is not enough
available memory to use the device.
diff --git a/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml b/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml
index 397f13c726..4c938b9e37 100644
--- a/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml
@@ -1,2415 +1,2416 @@
PGP Keys
+ pgp keysIn case you need to verify a signature or send encrypted email
to one of the officers or developers a number of keys are provided
here for your convenience. &a.wollman; maintains a
complete keyring of FreeBSD.org users for easy
download.OfficersFreeBSD Security Officer
security-officer@FreeBSD.orgFreeBSD Security Officer <security-officer@FreeBSD.org>
Fingerprint = 41 08 4E BB DB 41 60 71 F9 E5 0E 98 73 AF 3F 11-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCNAzF7MY4AAAEEAK7qBgPuBejER5HQbQlsOldk3ZVWXlRj54raz3IbuAUrDrQL
h3g57T9QY++f3Mot2LAf5lDJbsMfWrtwPrPwCCFRYQd6XH778a+l4ju5axyjrt/L
Ciw9RrOC+WaPv3lIdLuqYge2QRC1LvKACIPNbIcgbnLeRGLovFUuHi5z0oilAAUR
tDdGcmVlQlNEIFNlY3VyaXR5IE9mZmljZXIgPHNlY3VyaXR5LW9mZmljZXJAZnJl
ZWJzZC5vcmc+iQCVAwUQMX6yrOJgpPLZnQjrAQHyowQA1Nv2AY8vJIrdp2ttV6RU
tZBYnI7gTO3sFC2bhIHsCvfVU3JphfqWQ7AnTXcD2yPjGcchUfc/EcL1tSlqW4y7
PMP4GHZp9vHog1NAsgLC9Y1P/1cOeuhZ0pDpZZ5zxTo6TQcCBjQA6KhiBFP4TJql
3olFfPBh3B/Tu3dqmEbSWpuJAJUDBRAxez3C9RVb+45ULV0BAak8A/9JIG/jRJaz
QbKom6wMw852C/Z0qBLJy7KdN30099zMjQYeC9PnlkZ0USjQ4TSpC8UerYv6IfhV
nNY6gyF2Hx4CbEFlopnfA1c4yxtXKti1kSN6wBy/ki3SmqtfDhPQ4Q31p63cSe5A
3aoHcjvWuqPLpW4ba2uHVKGP3g7SSt6AOYkAlQMFEDF8mz0ff6kIA1j8vQEBmZcD
/REaUPDRx6qr1XRQlMs6pfgNKEwnKmcUzQLCvKBnYYGmD5ydPLxCPSFnPcPthaUb
5zVgMTjfjS2fkEiRrua4duGRgqN4xY7VRAsIQeMSITBOZeBZZf2oa9Ntidr5PumS
9uQ9bvdfWMpsemk2MaRG9BSoy5Wvy8VxROYYUwpT8Cf2iQCVAwUQMXsyqWtaZ42B
sqd5AQHKjAQAvolI30Nyu3IyTfNeCb/DvOe9tlOn/o+VUDNJiE/PuBe1s2Y94a/P
BfcohpKC2kza3NiW6lLTp00OWQsuu0QAPc02vYOyseZWy4y3Phnw60pWzLcFdemT
0GiYS5Xm1o9nAhPFciybn9j1q8UadIlIq0wbqWgdInBT8YI/l4f5sf6JAJUDBRAx
ezKXVS4eLnPSiKUBAc5OBACIXTlKqQC3B53qt7bNMV46m81fuw1PhKaJEI033mCD
ovzyEFFQeOyRXeu25Jg9Bq0Sn37ynISucHSmt2tUD5W0+p1MUGyTqnfqejMUWBzO
v4Xhp6a8RtDdUMBOTtro16iulGiRrCKxzVgEl4i+9Z0ZiE6BWlg5AetoF5n3mGk1
lw==
=ipyA
-----END PGP PUBLIC KEY BLOCK-----Core Team Members&a.asami;Satoshi Asami <asami@cs.berkeley.edu>
aka <asami@FreeBSD.org>
Fingerprint = EB 3C 68 9E FB 6C EB 3F DB 2E 0F 10 8F CE 79 CA-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzPVyoQAAAEEAL7W+kipxB171Z4SVyyL9skaA7hG3eRsSOWk7lfvfUBLtPog
f3OKwrApoc/jwLf4+Qpdzv5DLEt/6Hd/clskhJ+q1gMNHyZ5ABmUxrTRRNvJMTrb
3fPU3oZj7sL/MyiFaT1zF8EaMP/iS2ZtcFsbYOqGeA8E/58uk4NA0SoeCNiJAAUR
tCVTYXRvc2hpIEFzYW1pIDxhc2FtaUBjcy5iZXJrZWxleS5lZHU+iQCVAwUQM/AT
+EqGN2HYnOMZAQF11QP/eSXb2FuTb1yX5yoo1Im8YnIk1SEgCGbyEbOMMBznVNDy
5g2TAD0ofLxPxy5Vodjg8rf+lfMVtO5amUH6aNcORXRncE83T10JmeM6JEp0T6jw
zOHKz8jRzygYLBayGsNIJ4BGxa4LeaGxJpO1ZEvRlNkPH/YEXK5oQmq9/DlrtYOJ
AEUDBRAz42JT8ng6GBbVvu0BAU8nAYCsJ8PiJpRUGlrz6rxjX8hqM1v3vqFHLcG+
G52nVMBSy+RZBgzsYIPwI5EZtWAKb22JAJUDBRAz4QBWdbtuOHaj97EBAaQPA/46
+NLUp+Wubl90JoonoXocwAg88tvAUVSzsxPXj0lvypAiSI2AJKsmn+5PuQ+/IoQy
lywRsxiQ5GD7C72SZ1yw2WI9DWFeAi+qa4b8n9fcLYrnHpyCY+zxEpu4pam8FJ7H
JocEUZz5HRoKKOLHErzXDiuTkkm72b1glmCqAQvnB4kAlQMFEDPZ3gyDQNEqHgjY
iQEBFfUEALu2C0uo+1Z7C5+xshWRYY5xNCzK20O6bANVJ+CO2fih96KhwsMof3lw
fDso5HJSwgFd8WT/sR+Wwzz6BAE5UtgsQq5GcsdYQuGI1yIlCYUpDp5sgswNm+OA
bX5a+r4F/ZJqrqT1J56Mer0VVsNfe5nIRsjd/rnFAFVfjcQtaQmjiQCVAwUQM9uV
mcdm8Q+/vPRJAQELHgP9GqNiMpLQlZig17fDnCJ73P0e5t/hRLFehZDlmEI2TK7j
Yeqbw078nZgyyuljZ7YsbstRIsWVCxobX5eH1kX+hIxuUqCAkCsWUY4abG89kHJr
XGQn6X1CX7xbZ+b6b9jLK+bJKFcLSfyqR3M2eCyscSiZYkWKQ5l3FYvbUzkeb6K0
IVNhdG9zaGkgQXNhbWkgPGFzYW1pQEZyZWVCU0QuT1JHPg==
=39SC
-----END PGP PUBLIC KEY BLOCK-----&a.jkh;Jordan K. Hubbard <jkh@FreeBSD.org>
Fingerprint = 3C F2 27 7E 4A 6C 09 0A 4B C9 47 CD 4F 4D 0B 20-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzFjX0IAAAEEAML+nm9/kDNPp43ZUZGjYkm2QLtoC1Wxr8JulZXqk7qmhYcQ
jvX+fyoriJ6/7ZlnLe2oG5j9tZOnRLPvMaz0g9CpW6Dz3nkXrNPkmOFV9B8D94Mk
tyFeRJFqnkCuqBj6D+H8FtBwEeeTecSh2tJ0bZZTXnAMhxeOdvUVW/uOVC1dAAUR
tCNKb3JkYW4gSy4gSHViYmFyZCA8amtoQEZyZWVCU0Qub3JnPokBFQMFEDXCTXQM
j46yp4IfPQEBwO8IAIN0J09AXBf86dFUTFGcAMrEQqOF5IL+KGorAjzuYxERhKfD
ZV7jA+sCQqxkWfcVcE20kVyVYqzZIkio9a5zXP6TwA247JkPt54S1PmMDYHNlRIY
laXlNoji+4q3HP2DfHqXRT2859rYpm/fG/v6pWkos5voPKcZ2OFEp9W+Ap88oqw+
5rx4VetZNJq1Epmis4INj6XqNqj85+MOOIYE+f445ohDM6B/Mxazd6cHFGGIR+az
VjZ6lCDMLjzhB5+FqfrDLYuMjqkMTR5z9DL+psUvPlCkYbQ11NEWtEmiIWjUcNJN
GCxGzv5bXk0XPu3ADwbPkFE2usW1cSM7AQFiwuyJAJUDBRAxe+Q9a1pnjYGyp3kB
AV7XA/oCSL/Cc2USpQ2ckwkGpyvIkYBPszIcabSNJAzm2hsU9Qa6WOPxD8olDddB
uJNiW/gznPC4NsQ0N8Zr4IqRX/TTDVf04WhLmd8AN9SOrVv2q0BKgU6fLuk979tJ
utrewH6PR2qBOjAaR0FJNk4pcYAHeT+e7KaKy96YFvWKIyDvc4kAlQMFEDF8ldof
f6kIA1j8vQEBDH4D/0Zm0oNlpXrAE1EOFrmp43HURHbij8n0Gra1w9sbfo4PV+/H
U8ojTdWLy6r0+prH7NODCkgtIQNpqLuqM8PF2pPtUJj9HwTmSqfaT/LMztfPA6PQ
csyT7xxdXl0+4xTDl1avGSJfYsI8XCAy85cTs+PQwuyzugE/iykJO1Bnj/paiQCV
AwUQMXvlBvUVW/uOVC1dAQF2fQP/RfYC6RrpFTZHjo2qsUHSRk0vmsYfwG5NHP5y
oQBMsaQJeSckN4n2JOgR4T75U4vS62aFxgPLJP3lOHkU2Vc7xhAuBvsbGr5RP8c5
LvPOeUEyz6ZArp1KUHrtcM2iK1FBOmY4dOYphWyWMkDgYExabqlrAq7FKZftpq/C
BiMRuaw=
=C/Jw
-----END PGP PUBLIC KEY BLOCK-----&a.imp;Warner Losh <imp@village.org>
aka <imp@FreeBSD.org>
Fingerprint = D4 31 FD B9 F7 90 17 E8 37 C5 E7 7F CF A6 C1 B9-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzDzTiAAAAEEAK8D7KWEbVFUrmlqhUEnAvphNIqHEbqqT8s+c5f5c2uHtlcH
V4mV2TlUaDSVBN4+/D70oHmZc4IgiQwMPCWRrSezg9z/MaKlWhaslc8YT6Xc1q+o
EP/fAdKUrq49H0QQbkQk6Ks5wKW6v9AOvdmsS6ZJEcet6d9G4dxynu/2qPVhAAUR
tCBNLiBXYXJuZXIgTG9zaCA8aW1wQHZpbGxhZ2Uub3JnPokAlQMFEDM/SK1VLh4u
c9KIpQEBFPsD/1n0YuuUPvD4CismZ9bx9M84y5sxLolgFEfP9Ux196ZSeaPpkA0g
C9YX/IyIy5VHh3372SDWN5iVSDYPwtCmZziwIV2YxzPtZw0nUu82P/Fn8ynlCSWB
5povLZmgrWijTJdnUWI0ApVBUTQoiW5MyrNN51H3HLWXGoXMgQFZXKWYiQCVAwUQ
MzmhkfUVW/uOVC1dAQG3+AP/T1HL/5EYF0ij0yQmNTzt1cLt0b1e3N3zN/wPFFWs
BfrQ+nsv1zw7cEgxLtktk73wBGM9jUIdJu8phgLtl5a0m9UjBq5oxrJaNJr6UTxN
a+sFkapTLT1g84UFUO/+8qRB12v+hZr2WeXMYjHAFUT18mp3xwjW9DUV+2fW1Wag
YDKJAJUDBRAzOYK1s1pi61mfMj0BARBbA/930CHswOF0HIr+4YYUs1ejDnZ2J3zn
icTZhl9uAfEQq++Xor1x476j67Z9fESxyHltUxCmwxsJ1uOJRwzjyEoMlyFrIN4C
dE0C8g8BF+sRTt7VLURLERvlBvFrVZueXSnXvmMoWFnqpSpt3EmN6TNaLe8Cm87a
k6EvQy0dpnkPKokAlQMFEDD9Lorccp7v9qj1YQEBrRUD/3N4cCMWjzsIFp2Vh9y+
RzUrblyF84tJyA7Rr1p+A7dxf7je3Zx5QMEXosWL1WGnS5vC9YH2WZwv6sCU61gU
rSy9z8KHlBEHh+Z6fdRMrjd9byPf+n3cktT0NhS23oXB1ZhNZcB2KKhVPlNctMqO
3gTYx+Nlo6xqjR+J2NnBYU8p
=7fQV
-----END PGP PUBLIC KEY BLOCK-----&a.peter;Peter Wemm <peter@FreeBSD.org>
aka <peter@spinner.dialix.com>
aka <peter@haywire.dialix.com>
aka <peter@perth.dialix.oz.au>
Key fingerprint = 47 05 04 CA 4C EE F8 93 F6 DB 02 92 6D F5 58 8A-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAy9/FJwAAAEEALxs9dE9tFd0Ru1TXdq301KfEoe5uYKKuldHRBOacG2Wny6/
W3Ill57hOi2+xmq5X/mHkapywxvy4cyLdt31i4GEKDvxpDvEzAYcy2n9dIup/eg2
kEhRBX9G5k/LKM4NQsRIieaIEGGgCZRm0lINqw495aZYrPpO4EqGN2HYnOMZAAUT
tCVQZXRlciBXZW1tIDxwZXRlckBoYXl3aXJlLmRpYWxpeC5jb20+iQCVAwUQMwWT
cXW7bjh2o/exAQEFkQP+LIx5zKlYp1uR24xGApMFNrNtjh+iDIWnxxb2M2Kb6x4G
9z6OmbUCoDTGrX9SSL2Usm2RD0BZfyv9D9QRWC2TSOPkPRqQgIycc11vgbLolJJN
eixqsxlFeKLGEx9eRQCCbo3dQIUjc2yaOe484QamhsK1nL5xpoNWI1P9zIOpDiGJ
AJUDBRAxsRPqSoY3Ydic4xkBAbWLA/9q1Fdnnk4unpGQsG31Qbtr4AzaQD5m/JHI
4gRmSmbj6luJMgNG3fpO06Gd/Z7uxyCJB8pTst2a8C/ljOYZxWT+5uSzkQXeMi5c
YcI1sZbUpkHtmqPW623hr1PB3ZLA1TIcTbQW+NzJsxQ1Pc6XG9fGkT9WXQW3Xhet
AP+juVTAhLQlUGV0ZXIgV2VtbSA8cGV0ZXJAcGVydGguZGlhbGl4Lm96LmF1PokA
lQMFEDGxFCFKhjdh2JzjGQEB6XkD/2HOwfuFrnQUtdwFPUkgtEqNeSr64jQ3Maz8
xgEtbaw/ym1PbhbCk311UWQq4+izZE2xktHTFClJfaMnxVIfboPyuiSF99KHiWnf
/Gspet0S7m/+RXIwZi1qSqvAanxMiA7kKgFSCmchzas8TQcyyXHtn/gl9v0khJkb
/fv3R20btB5QZXRlciBXZW1tIDxwZXRlckBGcmVlQlNELm9yZz6JAJUDBRAxsRJd
SoY3Ydic4xkBAZJUA/4i/NWHz5LIH/R4IF/3V3LleFyMFr5EPFY0/4mcv2v+ju9g
brOEM/xd4LlPrx1XqPeZ74JQ6K9mHR64RhKR7ZJJ9A+12yr5dVqihe911KyLKab9
4qZUHYi36WQu2VtLGnw/t8Jg44fQSzbBF5q9iTzcfNOYhRkSD3BdDrC3llywO7Ql
UGV0ZXIgV2VtbSA8cGV0ZXJAc3Bpbm5lci5kaWFsaXguY29tPokAlQMFEDGxEi1K
hjdh2JzjGQEBdA4EAKmNFlj8RF9HQsoI3UabnvYqAWN5wCwEB4u+Zf8zq6OHic23
TzoK1SPlmSdBE1dXXQGS6aiDkLT+xOdeewNs7nfUIcH/DBjSuklAOJzKliXPQW7E
kuKNwy4eq5bl+j3HB27i+WBXhn6OaNNQY674LGaR41EGq44Wo5ATcIicig/z
=gv+h
-----END PGP PUBLIC KEY BLOCK-----&a.dfr;Doug Rabson <dfr@FreeBSD.org>
Key fingerprint = 20 BB E4 38 5D 89 D2 D4 68 A6 2F DC 0A DE 10 3C-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzi5GEEAAAEEAK2MWoFtSEoa6/eVi1dRiebsF+F4DnoxIaQATYfhynrLDLDL
Zvl0pfgzMWG6VvtsC5c2u549BdYsbs7F95dUUAe2JG9V3m8YeLuzC5uTpac5PeX4
2pHpniY5DDRRlgv0BpCRDOF7JmnMSp1yv5I+EFzTdGYv1CdcyFfJuUqVwRdxAAUR
tB1Eb3VnIFJhYnNvbiA8ZGZyQGZyZWVic2Qub3JnPokAlQMFEDi5GEFXyblKlcEX
cQEBBasEAJERIcofhLt0GMQ5IYRsMR1pfBt1ixLYf+jEVMC2NC93baj32eTAciqo
Y/BKiqLKOCpwcw2o3isIyHjNps5ZjnUR+hJUeFraEKZ+0btzvbu/zpdKI6vDw1MN
CkzSnC2LrxtqgSh3i2M6UxD0Wyokaa2bQem0UmBNpjN62O6vS1PJiQCVAwUQOLka
4gHbXdKX5jjdAQEg8wP8CrPQbk58+Owej5CCpeDBh+x2XkPaoShAaP8a8k1b/4jk
x5Xhi7J1kYk9slrp1fQL2N2GU93oFS0MoGxjr+VCez5Ui5+tpiFqWKdakTEV0NiL
w42720/OBpvscK+DP4RynlQV1sh18G+B6V/AkGAnXjzpVSwLwfhN8COnRleXFFc=
=7gsv
-----END PGP PUBLIC KEY BLOCK-----Developers&a.will;pub 1024D/F81672C5 2000-05-22 Will Andrews (Key for official matters) <will@FreeBSD.org>
Key fingerprint = 661F BBF7 9F5D 3D02 C862 5F6C 178E E274 F816 72C5
uid Will Andrews <will@physics.purdue.edu>
uid Will Andrews <will@puck.firepipe.net>
uid Will Andrews <will@c-60.org>
uid Will Andrews <will@csociety.org>
uid Will Andrews <will@csociety.ecn.purdue.edu>
uid Will Andrews <will@telperion.openpackages.org>
sub 1024g/55472804 2000-05-22-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDkpEQ4RBAC9OidsAMYXkcTy2/Vb0/YO4X06+pwtKVPbYRHt0wSvmoeUhr8k
W7YIZpORNycc4v/0p4U/vD3fNL4bb07gnkijJWC+RrLVsxp/HkAy+XPy1TlBg/g9
rgT+eNnmIudIbIFGgfNYR9pcjdBvDYYzn0rKCxZ3bUqQv1iY1Szd6XBVYwCgmRt/
TtV14iuuWTXcCB9ZM118W/sEAKxMqiMnqr4VZ43Dr2EPOjmWTU+rqWhLQsfPj0MO
r1Fm3kCr2kf+k5o8o/Ry6a9bNaufrO9LsR7yvPEia/J8ofAAonWM5VHywK5V/+D2
ZSXqscdpGN74cRu33vAs8V5Wcnc2EaRk7t3yBk8Cdek2If9pOTVWD7Jjhmaqxp59
rCh6A/9NNpxhBQkCRaixGrqNae9ASQdtZAe32+ZxQ3cvhfNb8y11dHVWG6ft3vZi
lUgBKCwWJ8y7rcpmUg0mQEGgGLpA0pdtOn0r20Re+WgeBiO1afi80JYbpICjtToN
+9bK1GWwkyoXcHDCoCyGkk3ZJx486YjlZ+g8CqbYjqclisBRALQ6V2lsbCBBbmRy
ZXdzIChLZXkgZm9yIG9mZmljaWFsIG1hdHRlcnMpIDx3aWxsQEZyZWVCU0Qub3Jn
PohWBBMRAgAWBQI5KREOBAsKBAMDFQMCAxYCAQIXgAAKCRAXjuJ0+BZyxXK9AJ98
8qcbCXD8dbu5UElIXyVgtCpSxQCePH23d1468zNXLosSjAM/9h0liSyJAJUDBRA5
74f6TVYoIXkFDBEBAUkXA/4vTZbVHINxXv8ibNOwc8zRT08qo/+Iw9bk+VZT1Xjn
A87pDJyH1k5TlikkMcTZvuKgssosymef60Nmn2/De+PBO8zvKHcTVu05aNVa73tg
trwTl7ENt+W1DapWy13F/tX+STmZJpwJyNnc9LXe/purKQeNvcm5tOg4F/YG8d2e
fohGBBARAgAGBQI5+H4QAAoJEK9FHtaSnhLg6gsAniX8LUlfBDyl91aWd2NRUzbg
N5WhAKCCLiFZq9VNOkWvvDgjZzgAXj76W4hGBBARAgAGBQI6ouoFAAoJEFfKvVMG
TqYaWVkAnAmGUup4WCbHu8c4wXvGswYDyYNXAJ0XIIJCKOFyKlof+v2Rm/J5IbP0
NYhGBBARAgAGBQI6omaOAAoJEH5rTE5yo9FXsNcAoJHYIQi/k1v0FlYAZnYikG94
LV67AJ9bb+qeiYkHgnAYqMLuk8pv1So6e4hGBBARAgAGBQI6oZ+kAAoJEFZ+so+o
kYHJj8MAnAz2IpK9Bt3Kf+5tMZZar8GyciAnAJ4nbeQGuBXTZd1dtAAHCsHPvDpo
TYhGBBARAgAGBQI6oY8UAAoJENuTRJDtZOBHC3UAoKJGpnx5MKT07nrg/tLcHDIr
RILoAJ9WNsiSA+a4Pk8RXN7TT8NMXR1PDYhGBBARAgAGBQI6oYMLAAoJEGThPMPL
m56Bj9EAn06SAivn1Ll5AOjpHcv+lyHu3Y2LAKCVY9ejgWzNsAXkyk1zzr/w65m6
2IhGBBARAgAGBQI6oVEPAAoJENHLaIZZSoFYtqEAn1fiWA5C6foEV71UnZ9jAslP
zFulAKCmyH5S32XA2oZiXOO2dh87tD3ku4hGBBARAgAGBQI6oVWbAAoJEH2lYKC2
NiUF8WIAn2ov1kKivbanjlmkhqUfhJ4UgnmaAKCKbDev7w9A/x165BOa0gY4lsuo
jYhGBBARAgAGBQI6YhEMAAoJEH7GRFHr0ksD+6EAn3xlIX9koN/aZmgzghEn01dV
L5QVAJ9vHUwP4LTEYVe+oYPzFNW9Dx9fm4hGBBARAgAGBQI6YhIuAAoJEKU/65aE
ev7dTGQAnRFFYj6VafoBDbi7cuuNddL4viwTAJ9Auv+fan1RWaUIVZzq5qgXsrcQ
B4hGBBARAgAGBQI6oV6FAAoJEMPcgjWRkSGbbHgAnjXsGyCZ3Lf0MAq7ZzWZYQP9
YjeqAJwKtrO440YlW1IyuYXQ6Ysgj76MF4hGBBARAgAGBQI6tTL5AAoJEIiAJody
7R5edJ8An3LrnEhtPiweCq2cVStw0PSJb/brAJ45SNjE11cqZSYlPMd3z2S8UtEH
OIhGBBARAgAGBQI6wMZ3AAoJEMiQcw+j+eMOCOMAnjkJqTQn42X9UHkPkTj/eGCk
5qzbAJ9nPnHucrIC+M88X15gKCatzhgJTohGBBARAgAGBQI6wLzDAAoJENyUJSW9
K5HzWmEAn1Xgz5P2xkoKTi/ng+UQHNPuhKIuAJ0VF4FFlwV7lEm0a/JiXObAJ64L
x7QmV2lsbCBBbmRyZXdzIDx3aWxsQHBoeXNpY3MucHVyZHVlLmVkdT6IVwQTEQIA
FwUCOmFc1AULBwoDBAMVAwIDFgIBAheAAAoJEBeO4nT4FnLFUjoAn0Ks6AlwN8H1
i8imyQ1UDEFpxe3aAJ44hhl/Ta/Z5KgiKoNUUg8oRNQFFYhGBBARAgAGBQI6ouoW
AAoJEFfKvVMGTqYayQkAoISw+fWv05EiYQ9xkwJu5XtTokjWAJ42ZCjgrXATuX9c
SVzTMZY/FLKolohGBBARAgAGBQI6omaUAAoJEH5rTE5yo9FXnNAAoMg3JWMIB2ut
++mWLBlAuEIOIihLAKC7E0ST0zeH5NnsYb36+WArLT5CjYhGBBARAgAGBQI6oZ+n
AAoJEFZ+so+okYHJ3qwAn3G9EK1LlPeNoaODc4svKocgCSaPAJwID4VnVmt1fy7f
VwEmJtESEFe0e4hGBBARAgAGBQI6oY8jAAoJENuTRJDtZOBH/QYAoLgGSFEQ4KKN
Fo2oB1rtMXj/2wVFAKCT5DscciHxrEsnMXfvi4Hgyqgdb4hGBBARAgAGBQI6oYMQ
AAoJEGThPMPLm56BN9MAn2//so0qo5P67lP2nlSmhUmU/ak3AJ9j1P74ZRFCIwy6
z0na+KpxbEEgkIhGBBARAgAGBQI6oVEeAAoJENHLaIZZSoFY8l0AoKkG8dRzB8FE
EPgv7FMT+M5PiuUXAKDs0G3bfbJOToLFO4HwB423NeCY2ohGBBARAgAGBQI6oV6J
AAoJEMPcgjWRkSGb5J0AoJvPVCSA82Sng0c/5CL90eB/9Us6AJ9MZVTutJi90A4d
Ej2Ju1HojNfArYhGBBARAgAGBQI6tTMHAAoJEIiAJody7R5edPkAoIynoLSyLyZ2
3VSx4whOWHHAnPMJAJ0UArDeP+hl3pF5jiOo3Q6mgSGfLIhGBBARAgAGBQI6wMZ/
AAoJEMiQcw+j+eMO2OUAnjLKCBmwGHJmOY4shJD1uEvARSrQAJ0XeOy8ksaL9F6U
Gaye9Ane2/Gmz4hGBBARAgAGBQI6wLzLAAoJENyUJSW9K5HzTJYAnArbbEZByEsk
DTu6xv9w6EeWv/qsAJ4yZ6Xa8m+Om14k980SljIr179sGbQlV2lsbCBBbmRyZXdz
IDx3aWxsQHB1Y2suZmlyZXBpcGUubmV0PohXBBMRAgAXBQI6Ye2+BQsHCgMEAxUD
AgMWAgECF4AACgkQF47idPgWcsWkmQCeOt47//ErUkurExhyXnhQmjI47D8An0tV
6jn4feMbYbmyV7vSVVy4oa/BiEYEEBECAAYFAjqi6hYACgkQV8q9UwZOphqZ8gCd
GiL7pKZGl8V+PmG3ps2bS9+XvKIAn1w5+AHxx9qXFIpOdRyc7QD+LjI1iEYEEBEC
AAYFAjqiZpMACgkQfmtMTnKj0Ve9HQCeOEo9OTFkV3o5qVJwg3070mAzpdQAoMQQ
qo+R1Pavd8Alkpu45MkAncqliEYEEBECAAYFAjqhn6cACgkQVn6yj6iRgclZrACg
kkerLWeOrb+hx/E+FG1WdQ92oSsAn3MNG2fYsFptd1yh4LD4IOqE0pFiiEYEEBEC
AAYFAjqhjyMACgkQ25NEkO1k4EcukQCgoUn1SWSVJK4kj0GMrzMiM7/HLv8AnRSV
RolejSRG6pt84KgWVOn5mW/GiEYEEBECAAYFAjqhgxAACgkQZOE8w8ubnoE+ZgCg
jmIluke/eHJunoLuO2txdU4Rb0gAoNK02FeLlJUb4czG6fMv/N5oktsHiEYEEBEC
AAYFAjqhUR4ACgkQ0ctohllKgVi1iQCgqfW0k9L53kONj8SmGOSJtV6FJxkAn21T
HKGEOPSyc8aKMRGUUsKVJ1vWiEYEEBECAAYFAjqhXokACgkQw9yCNZGRIZvX6gCe
LYPUxWQlFUyOz8XYJHY5zLYPc+8AoLHS1+OzaNeUOF7zazhebwFhVbEMiEYEEBEC
AAYFAjq1MwcACgkQiIAmh3LtHl7uuACbBilA1sA2P2JifE6AZPiHiIs9XLUAoJoY
RVE9UP2snL9TpSx7lpzsSIowiEYEEBECAAYFAjrAxn8ACgkQyJBzD6P54w7cnACf
VjZQnExXAv4sAW1GuKwzYtvGEPkAn2TRbIFW+C2LGDJNl/1zQeSlDLWkiEYEEBEC
AAYFAjrAvMsACgkQ3JQlJb0rkfNMUwCgt8J4pw8qwiWVNUDRWAGshv/vRJUAn3MU
29x88keUJM4S9oWvw41YI85PtBxXaWxsIEFuZHJld3MgPHdpbGxAYy02MC5vcmc+
iFcEExECABcFAjph7wsFCwcKAwQDFQMCAxYCAQIXgAAKCRAXjuJ0+BZyxWirAJoD
39/0AZK6FltXjv1oLpJmslLdLQCeKm28Uyv4HysxhC0zufVBST9hK9yIRgQQEQIA
BgUCOqGfpwAKCRBWfrKPqJGBye6oAJ9Jvu+ro1c8MA/7vROD4WhH5A5kAACdHZFV
ILpqZKY5PX6airLJkFNyRSSIRgQQEQIABgUCOqLqFgAKCRBXyr1TBk6mGqUwAJ4w
l2pFeL0BkLLQGErwIyAgS8puowCfVXp68uMriB/F56Fd4iHF3O8+ZuKIRgQQEQIA
BgUCOqGDEAAKCRBk4TzDy5uegZv4AJ0bElzl89dUg0ONgUO7qOu7xiCmfQCfRFH7
7CcMiX9uxTswP3F9C7nDS3qIRgQQEQIABgUCOqJmkwAKCRB+a0xOcqPRV2/5AJ9Z
njjHsDi8uhGg2lyGHsGg41NIbwCfS9qKfHJjFFszID1T4ja4nHsMtmmIRgQQEQIA
BgUCOrUzBwAKCRCIgCaHcu0eXjIKAJsHv49nIBSfOcGLIRePTGMiOLFI6wCfXDzp
KFyX+dxOZt3qT6jujiQpZTeIRgQQEQIABgUCOqFeiQAKCRDD3II1kZEhm4I4AKC5
vwsD8Rslq2HhgbOmlS3rvV9mQQCgjbd+fsO91t+F+3Q0LuaUbzEaoBWIRgQQEQIA
BgUCOsDGfwAKCRDIkHMPo/njDkp5AJ42DzStyPGD7eEMaS+RW6IeNDWeswCfSaSv
XA2PvSex7qMyzVe6xJNwDwSIRgQQEQIABgUCOqFRHgAKCRDRy2iGWUqBWIuNAKDX
SqkEFxqdZWv4NU48hUB+D8d5nwCgvKsz1yfRxvCyIFkbGxHV3zNJEqWIRgQQEQIA
BgUCOqGPIwAKCRDbk0SQ7WTgRz9NAJ94uuOt9pDheNfbnFIJLQemikkrzACfWAEn
Qjhw6hHNX7dioOuR+UgshySIRgQQEQIABgUCOsC8ywAKCRDclCUlvSuR868/AJ4t
/KSyTGzZUVjwSrRQYByuKnrBNgCeMwVMvH879zborpgXUqBkls3YOR20IFdpbGwg
QW5kcmV3cyA8d2lsbEBjc29jaWV0eS5vcmc+iFcEExECABcFAjphXO4FCwcKAwQD
FQMCAxYCAQIXgAAKCRAXjuJ0+BZyxXjSAJ9IyTcfYDh5Dwlyebnhq9Foii4gBACd
HTejVdDfIrOrUjtQ4TWDypthyhaIRgQQEQIABgUCOqGfpwAKCRBWfrKPqJGBydgV
AJ0cL6kMOTpWk2SQlkb5mU/sJgX5MgCfWHKN/RMVHwak8wdA09AEgCQDT4KIRgQQ
EQIABgUCOqLqFgAKCRBXyr1TBk6mGijFAJ45/wZpCwYv6tFs+oledFz6pUwLtQCc
DHSSS5B788CdK4pkNL5BfrbOA7eIRgQQEQIABgUCOqGDEAAKCRBk4TzDy5uegR+t
AKDaHO7QfYb1Hldb/5Ny9+fxqLUo0ACgy9hXkubFNKqpRBWhyEBi+PCAAluIRgQQ
EQIABgUCOqJmkwAKCRB+a0xOcqPRV40BAKDhSfcFe9CM/ZUnxdoHOfQzD9+/qACf
UHqi/zOctYWg7+x76h5SXcV7qkqIRgQQEQIABgUCOrUzBwAKCRCIgCaHcu0eXgrg
AKCja81EXntgHgJhk/8sSgIUTvb7gACgtj4xIH6eQSUcHzq0Xd8GlEg27n+IRgQQ
EQIABgUCOqFeiQAKCRDD3II1kZEhmx9WAJsHViFyGDuznrh3aVMfyD7qF6DFMgCd
GL6jYdNNlUNrP5POrqdCQI/uataIRgQQEQIABgUCOsDGfwAKCRDIkHMPo/njDtub
AJ0V3ien/jICNywJ2RpkAXTDNS21RwCfWViO3UdFDqsYzKCpkAzr7utJdiqIRgQQ
EQIABgUCOqFRHgAKCRDRy2iGWUqBWBV8AKCVcRIJPlNrbMYKiFLK/igUBesvCgCg
4poS9VzusjkShWAqVNn90ayxItmIRgQQEQIABgUCOqGPIwAKCRDbk0SQ7WTgR4If
AJ9RFT/GIyOZOOEIpZAgYoBMcnQgzgCgvP355PPYTreqWo0FDgSxOafDWZaIRgQQ
EQIABgUCOsC8ywAKCRDclCUlvSuR80GZAJwMNAGH8ZLsAybMJ/k9xloazYdsKwCf
R6b15VcnFyBBtWIZid0wUJPF/5y0K1dpbGwgQW5kcmV3cyA8d2lsbEBjc29jaWV0
eS5lY24ucHVyZHVlLmVkdT6IVwQTEQIAFwUCOmFc4AULBwoDBAMVAwIDFgIBAheA
AAoJEBeO4nT4FnLFfHkAni2QwMJx3osqrD6/ddlfdPVZovExAJ9gynzqLFzL/++6
lCfdj0AAT8VYRohGBBARAgAGBQI6oZ+nAAoJEFZ+so+okYHJWSIAnA0EYSkjZpeZ
DkBupkg2l8gVczCIAJ4jCf9OiS+woV6cBwqVoErEaHP9O4hGBBARAgAGBQI6ouoW
AAoJEFfKvVMGTqYa7moAoKdyRHHvvnZ8AXtTJtizwmwwUM0/AKCi7xFpCUkIVlBb
rXI4+H//SFdhnYhGBBARAgAGBQI6oYMQAAoJEGThPMPLm56BLowAoLzZockq/5aG
XtoZd9ZbeXIf7nr2AJ0d/NhM2SEBC7HGlSN/jiXQL5cRWYhGBBARAgAGBQI6omaU
AAoJEH5rTE5yo9FXwooAoNs2pxp0JyNzg8W7llbKm3hZT919AKDU11wL2U/c3jEB
Tzds8BgYOV9vcIhGBBARAgAGBQI6tTMHAAoJEIiAJody7R5enHcAn2Xg1Z1vijU/
epXSkPFGdUzUSP1RAJ9K7CwtvmCU2IeM21Ofxc21N4aSBYhGBBARAgAGBQI6oV6J
AAoJEMPcgjWRkSGbKg0AoJ8K0/6hiwW4zPmDEEyWz/FdDFV9AJ0dTktCn5BFsc/G
EtFoAT8ZY41UnohGBBARAgAGBQI6wMZ/AAoJEMiQcw+j+eMORu0An2yd5W7PB6zc
qJnDUnZS7r4xx/rNAJwJIbhyn8rYF+gFR5APXuBIaSJnTYhGBBARAgAGBQI6oVEf
AAoJENHLaIZZSoFYNskAniPrRzO3Cn7kvOFp+vr1cGoc41AbAJ0YdM3n0zlXLgL+
EJDZoZXa+FXHnIhGBBARAgAGBQI6oY8jAAoJENuTRJDtZOBHwloAoJ6MwsDbFmFZ
bOEXMR6aA6iS1uvsAJoCRsDOad2mvV7uKGm8WWg9uw4lsIhGBBARAgAGBQI6wLzL
AAoJENyUJSW9K5HzkXAAoLQmrReQZOBZOJIdYIL7ns8DHRz/AJ9PYQQTr/yojLNA
oxnMpITtqNML7bQuV2lsbCBBbmRyZXdzIDx3aWxsQHRlbHBlcmlvbi5vcGVucGFj
a2FnZXMub3JnPohWBBMRAgAXBQI6YV0CBQsHCgMEAxUDAgMWAgECF4AACgkQF47i
dPgWcsUZ+QCfcXuWqcLIMugVU+hNb4ksM7Wh0swAmKZdOHxGuPnEzZLxANd1mh+o
ZUGIRgQQEQIABgUCOqGfqAAKCRBWfrKPqJGByatIAJ4kOWmxRB8Gp0Qt5CuAqICX
h+b6bgCfePafenjj4MlNnA9XL/33Lr7YIvWIRgQQEQIABgUCOqLqFgAKCRBXyr1T
Bk6mGmZ3AJ9bP3hyoiJg2FKZj67d+QJEXtbvxwCfbIxRLs0QPtGcWGNp1a9hRsjL
Xj+IRgQQEQIABgUCOqGDEAAKCRBk4TzDy5uegbLoAJ0Y6fVacc5uTXGC2A8Ldwu2
qF0SvACgmGT5HX3LRXfKSYiXnPHeiCOwf62IRgQQEQIABgUCOqJmlAAKCRB+a0xO
cqPRV+DhAKCXj3DwhUwir1Mo05ZcN4rQmm4AsACgpIxLZILww0P1ikrzVC4QcT5r
QxaIRgQQEQIABgUCOrUzCAAKCRCIgCaHcu0eXjLzAKDPBxBKmmwFYa00EzqUkONo
0k39OwCeOgHBWuaixXaXkxeuEcxZ7c/HrqqIRgQQEQIABgUCOqFeiQAKCRDD3II1
kZEhm8pmAJ9viHoD2kioajxmUz/mYUFeJsFnDQCgqF8FSS5u/Snz5e78tMkQ6QB4
1bqIRgQQEQIABgUCOsDGfwAKCRDIkHMPo/njDt9uAJ9VBB6VTOV6UANVTH7m/nll
Fl8/ZACfZoFfRRQ2+UUnxypk5HD2Qd8Cu22IRgQQEQIABgUCOqFRHwAKCRDRy2iG
WUqBWGW6AJ9mplLKda7e/wiuaL8jz9/4jwb5yQCdFIJBPw6T22iRHZsQ3K3t7s2O
xeGIRgQQEQIABgUCOqGPIwAKCRDbk0SQ7WTgRw8IAKCs/k4pzfAwcmgsSWQFG1jl
njBzDwCgi8CWjy9BOEwoUGgMiNQMd7BFYVCIRgQQEQIABgUCOsC8ywAKCRDclCUl
vSuR81sqAJ9vSIXHYAFeG0HzIQhFKnxgHHOADgCgl3X+eogcl7NS50eG6sZP+Rkt
H5a5AQ0EOSkRJRAEAJ/nHATDNyJ5pwfA+uPMCIAnVfTipoSZVKAYAq4wZNwkOTmz
3JSGVG5YGLNX7CZPHchjH453Yzw/OE3wKTHVYByyEgHcjyhuXHX6yOh58Pxwi4S2
aSx2mcuvl82QRqbG87xHIfwLOK/KLeTrLf/GpkVK6N1yhWsc9j6SEGTZtzNjAAMF
BACJQ93VNUgh18NHQVr6P9qZb5b6BttsreL3SwMEQPEo5MGvTSKHfLY6c4nvQAZP
fJpPbO7nzTSL6RmFoDfQ+bjcI28/a/U54CXvzFLqyS078pYeGtZfaxGtf2aBvDTg
iecM0HlA6PYm70Ug7nDDVzARux8ZF+DZEz6U32o1oIrMxIhGBBgRAgAGBQI5KREl
AAoJEBeO4nT4FnLF7HoAni1zeGac98aWo2Y6ksjrBUePH4d0AJ9aJkE+JhnF5kg3
uthgTmRk5Dtxfw==
=DJY7
-----END PGP PUBLIC KEY BLOCK-----&a.tobez;pub 1024D/7A7BA3C0 2000-05-25 Anton Berezin <tobez@catpipe.net>
Key fingerprint = CDD8 560C 174B D8E5 0323 83CE 22CA 584C 7A7B A3C0
uid Anton Berezin <tobez@tobez.org>
uid Anton Berezin <tobez@FreeBSD.org>
sub 1024g/ADC71E87 2000-05-25-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDks22ERBACsqOob/YoPnaI/xubQKn/CCUFsaEMqL14TZ+FSlCphq3uZ7Y0W
Qg2eqaTp97lG2NTVNEzF7K0yr/C3ofEQmTINQTd7DmEj04DDlR+t8BMFe6Xz2sBI
WlEPD54ZfJVqhEX5P6T0xe9hiqjXKwQHHl1skKniKeO07o3K/4bCDDMfKwCg5DY1
/2j/Gid0YmxsJCIlg9kzRGMD/1lkSkQ0KrPH3RVPMrkRWE3rvvMES/F7jYNfKDQj
X5lJDKoIQyWh1JwAmW/O10V+24Vl6JEFNQ4QJ7ix9hlkI59YS4TERxCUGGDpl3jr
Lae6FFxYc1D5H8LLpiTSApmZcLxUE8CFoZJLySHgjp8qzvA60wMOjkfkWMgw3BpE
N8DVA/9UF+5ue4bLHsPn7Jv5NzOkzaTgC/9O3UZUj/jYOp/vkI+0wPnP0U5f304P
iLpYl1tlCEpciWF88MS5k3+8zsk8trqorss/XQfFzhHVtvRtgVxj87V0Z01E2ZZr
YlqrnzHKQZOAKM2X9FiRZOAkndkkpeB+7SSeXDP62I56B+690LQfQW50b24gQmVy
ZXppbiA8dG9iZXpAdG9iZXoub3JnPohWBBMRAgAWBQI5LNthBAsKBAMDFQMCAxYC
AQIXgAAKCRAiylhMenujwBepAKCCtVcVRS40E9SY4Su8GTOBVoH4UwCgu3gK3zMy
/QhZnnhmTKaguG6XopqIRgQQEQIABgUCOSz5ngAKCRCBvdPEDh+beRnEAJ9xU+6P
TJrLGk8PKtO+UY8Zt7MTxgCdHYzFsXZ81j9HY0Z4EaHkQBXv1JmITAQQEQIADAUC
OS6PpwUDCWdTAAAKCRDXjLzlZqdLMXMaAJwOE+6Jh5PnfHc09x3JKN4/a0v63wCg
6GdysmObSBQXATzYBuhy/0eFCCC0IUFudG9uIEJlcmV6aW4gPHRvYmV6QEZyZWVC
U0Qub3JnPohXBBMRAgAXBQI7JNTmBQsHCgMEAxUDAgMWAgECF4AACgkQIspYTHp7
o8CQ3wCeI+P8VsHzHpfmUMa5kCzjBeqj3zcAoKYmyZUSxhV9TBQPo2WQ7zF3zcoB
tCFBbnRvbiBCZXJlemluIDx0b2JlekBjYXRwaXBlLm5ldD6IVwQTEQIAFwUCOyTV
DwULBwoDBAMVAwIDFgIBAheAAAoJECLKWEx6e6PATIsAn3clXqExEiP/Q/IDQb7e
/yolgMrRAKDPw+6ZxTOJFba2HWEto0PwQ/COE7kBDQQ5LNt+EAQAjHltp9g75EOw
pEDSUvK/B0aRUsjoIyAokRuW9Tg8S0xIhtV8ogcklvcXjQbjiEsAiO13hX7zmdmb
yH7xLiSjea/m/whmNr9K094BS1K5i7mmUqNEFOyPB7VkPbRs5gF0dCkHT5uVgqFJ
HSbss3zPyGYEBi8uDokIfOt4o5CEMYsAAwUD/269N/UwZkO4+NYivNX0ZpcUouqV
YDPQ8YLwSrkwWpG7UNvNHd1HS43OWwAOy585SkLpZkjlW58NqyXJuWVC0xJtdTrI
MKTZ3IJNXMK2wdK+nBuTL4IvJwkf04pwFel80F2NtgUjR3ZgIlRNvFtvtCkNPg0j
t7J8pPvL2vU5hz7HiEYEGBECAAYFAjks234ACgkQIspYTHp7o8Bj7wCfSZsld8vv
iM02pWobJy/VvsBJKU8An2auT0HLmVLClDph/fQa+k1R2qsR
=ISZ3
-----END PGP PUBLIC KEY BLOCK-----&a.jmb;Jonathan M. Bresler <jmb@FreeBSD.org>
f16 Fingerprint16 = 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzG2GToAAAEEANI6+4SJAAgBpl53XcfEr1M9wZyBqC0tzpie7Zm4vhv3hO8s
o5BizSbcJheQimQiZAY4OnlrCpPxijMFSaihshs/VMAz1qbisUYAMqwGEO/T4QIB
nWNo0Q/qOniLMxUrxS1RpeW5vbghErHBKUX9GVhxbiVfbwc4wAHbXdKX5jjdAAUR
tCVKb25hdGhhbiBNLiBCcmVzbGVyIDxqbWJARnJlZUJTRC5PUkc+iQCVAwUQNbtI
gAHbXdKX5jjdAQHamQP+OQr10QRknamIPmuHmFYJZ0jU9XPIvTTMuOiUYLcXlTdn
GyTUuzhbEywgtOldW2V5iA8platXThtqC68NsnN/xQfHA5xmFXVbayNKn8H5stDY
2s/4+CZ06mmJfqYmONF1RCbUk/M84rVT3Gn2tydsxFh4Pm32lf4WREZWRiLqmw+J
AJUDBRA0DfF99RVb+45ULV0BAcZ0BACCydiSUG1VR0a5DBcHdtin2iZMPsJUPRqJ
tWvP6VeI8OFpNWQ4LW6ETAvn35HxV2kCcQMyht1kMD+KEJz7r8Vb94TS7KtZnNvk
2D1XUx8Locj6xel5c/Lnzlnnp7Bp1XbJj2u/NzCaZQ0eYBdP/k7RLYBYHQQln5x7
BOuiRJNVU4kAlQMFEDQLcShVLh4uc9KIpQEBJv4D/3mDrD0MM9EYOVuyXik3UGVI
8quYNA9ErVcLdt10NjYc16VI2HOnYVgPRag3Wt7W8wlXShpokfC/vCNt7f5JgRf8
h2a1/MjQxtlD+4/Js8k7GLa53oLon6YQYk32IEKexoLPwIRO4L2BHWa3GzHJJSP2
aTR/Ep90/pLdAOu/oJDUiQCVAwUQMqyL0LNaYutZnzI9AQF25QP9GFXhBrz2tiWz
2+0gWbpcGNnyZbfsVjF6ojGDdmsjJMyWCGw49XR/vPKYIJY9EYo4t49GIajRkISQ
NNiIz22fBAjT2uY9YlvnTJ9NJleMfHr4dybo7oEKYMWWijQzGjqf2m8wf9OaaofE
KwBX6nxcRbKsxm/BVLKczGYl3XtjkcuJAJUDBRA1ol5TZWCprDT5+dUBATzXA/9h
/ZUuhoRKTWViaistGJfWi26FB/Km5nDQBr/Erw3XksQCMwTLyEugg6dahQ1u9Y5E
5tKPxbB69eF+7JXVHE/z3zizR6VL3sdRx74TPacPsdhZRjChEQc0htLLYAPkJrFP
VAzAlSlm7qd+MXf8fJovQs6xPtZJXukQukPNlhqZ94kAPwMFEDSH/kF4tXKgazlt
bxECfk4AoO+VaFVfguUkWX10pPSSfvPyPKqiAJ4xn8RSIe1ttmnqkkDMhLh00mKj
lLQuSm9uYXRoYW4gTS4gQnJlc2xlciA8Sm9uYXRoYW4uQnJlc2xlckBVU2kubmV0
PokAlQMFEDXbdSkB213Sl+Y43QEBV/4D/RLJNTrtAqJ1ATxXWv9g8Cr3/YF0GTmx
5dIrJOpBup7eSSmiM/BL9Is4YMsoVbXCI/8TqA67TMICvq35PZU4wboQB8DqBAr+
gQ8578M7Ekw1OAF6JXY6AF2P8k7hMcVBcVOACELPT/NyPNByG5QRDoNmlsokJaWU
/2ls4QSBZZlb
=zbCw
-----END PGP PUBLIC KEY BLOCK-----&a.ache;Andrey A. Chernov <ache@FreeBSD.org>
aka <ache@nagual.pp.ru>
Key fingerprint = 33 03 9F 48 33 7B 4A 15 63 48 88 0A C4 97 FD 49-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAiqUMGQAAAEEAPGhcD6A2Buey5LYz0sphDLpVgOZc/bb9UHAbaGKUAGXmafs
Dcb2HnsuYGgX/zrQXuCi/wIGtXcZWB97APtKOhFsZnPinDR5n/dde/mw9FnuhwqD
m+rKSL1HlN0z/Msa5y7g16760wHhSR6NoBSEG5wQAHIMMq7Q0uJgpPLZnQjrAAUT
tCVBbmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucHAucnU+iQCVAwUQM2Ez
u+JgpPLZnQjrAQEyugP8DPnS8ixJ5OeuYgPFQf5sy6l+LrB6hyaS+lgsUPahWjNY
cnaDmfda/q/BV5d4+y5rlQe/pjnYG7/yQuAR3jhlXz8XDrqlBOnW9AtYjDt5rMfJ
aGFTGXAPGZ6k6zQZE0/YurT8ia3qjvuZm3Fw4NJrHRx7ETHRvVJDvxA6Ggsvmr20
JEFuZHJleSBBLiBDaGVybm92IDxhY2hlQEZyZWVCU0Qub3JnPokAlQMFEDR5uVbi
YKTy2Z0I6wEBLgED/2mn+hw4/3peLx0Sb9LNx//NfCCkVefSf2G9Qwhx6dvwbX7h
mFca97h7BQN4GubU1Z5Ffs6TeamSBrotBYGmOCwvJ6S9WigF9YHQIQ3B4LEjskAt
pcjU583y42zM11kkvEuQU2Gde61daIylJyOxsgpjSWpkxq50fgY2kLMfgl/ftCZB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuaWV0enNjaGUubmV0PokAlQMFEDR5svDi
YKTy2Z0I6wEBOTQD/0OTCAXIjuak363mjERvzSkVsNtIH9hA1l0w6Z95+iH0fHrW
xXKT0vBZE0y0Em+S3cotLL0bMmVE3F3D3GyxhBVmgzjyx0NYNoiQjYdi+6g/PV30
Cn4vOO6hBBpSyI6vY6qGNqcsawuRtHNvK/53MpOfKwSlICEBYQimcZhkci+EtCJB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucnU+iQCVAwUQMcm5HeJgpPLZ
nQjrAQHwvQP9GdmAf1gdcuayHEgNkc11macPH11cwWjYjzA2YoecFMGV7iqKK8QY
rr1MjbGXf8DAG8Ubfm0QbI8Lj8iG3NgqIru0c72UuHGSn/APfGGG0AtPX5UK/k7B
gI0Ca2po6NA5nrSp8tDsdEz/4gyea84RXl2prtTf5Jj07hflbRstGXK0MkFuZHJl
eSBBLiBDaGVybm92LCBCbGFjayBNYWdlIDxhY2hlQGFzdHJhbC5tc2suc3U+iQCV
AwUQMCsAo5/rGryoL8h3AQHq1QQAidyNFqA9hvrmMcjpY7csJVFlGvj574Wj4GPa
o3pZeuQaMBmsWqaXLYnWU/Aldb6kTz6+nRcQX50zFH0THSPfApwEW7yybSTI5apJ
mWT3qhKN2vmLNg2yNzhqLTzHLD1lH3i1pfQq8WevrNfjLUco5S/VuekTma/osnzC
Cw7fQzCJAJUDBRAwKvwoa1pnjYGyp3kBARihBACoXr3qfG65hFCyKJISmjOvaoGr
anxUIkeDS0yQdTHzhQ+dwB1OhhK15E0Nwr0MKajLMm90n6+Zdb5y/FIjpPriu8dI
rlHrWZlewa88eEDM+Q/NxT1iYg+HaKDAE171jmLpSpCL0MiJtO0i36L3ekVD7Hv8
vffOZHPSHirIzJOZTYkAlQMFEDAau6zFLUdtDb+QbQEBQX8D/AxwkYeFaYxZYMFO
DHIvSk23hAsjCmUA2Uil1FeWAusb+o8xRfPDc7TnosrIifJqbF5+fcHCG5VSTGlh
Bhd18YWUeabf/h9O2BsQX55yWRuB2x3diJ1xI/VVdG+rxlMCmE4ZR1Tl9x+Mtun9
KqKVpB39VlkCBYQ3hlgNt/TJUY4riQCVAwUQMBHMmyJRltlmbQBRAQFQkwP/YC3a
hs3ZMMoriOlt3ZxGNUUPTF7rIER3j+c7mqGG46dEnDB5sUrkzacpoLX5sj1tGR3b
vz9a4vmk1Av3KFNNvrZZ3/BZFGpq3mCTiAC9zsyNYQ8L0AfGIUO5goCIjqwOTNQI
AOpNsJ5S+nMAkQB4YmmNlI6GTb3D18zfhPZ6uciJAJUCBRAwD0sl4uW74fteFRkB
AWsAA/9NYqBRBKbmltQDpyK4+jBAYjkXBJmARFXKJYTlnTgOHMpZqoVyW96xnaa5
MzxEiu7ZWm5oL10QDIp1krkBP2KcmvfSMMHb5aGCCQc2/P8NlfXAuHtNGzYiI0UA
Iwi8ih/S1liVfvnqF9uV3d3koE7VsQ9OA4Qo0ZL2ggW+/gEaYIkAlQMFEDAOz6qx
/IyHe3rl4QEBIvYD/jIr8Xqo/2I5gncghSeFR01n0vELFIvaF4cHofGzyzBpYsfA
+6pgFI1IM+LUF3kbUkAY/2uSf9U5ECcaMCTWCwVgJVO+oG075SHEM4buhrzutZiM
1dTyTaepaPpTyRMUUx9ZMMYJs7sbqLId1eDwrJxUPhrBNvf/w2W2sYHSY8cdiQCV
AwUQMAzqgHcdkq6JcsfBAQGTxwQAtgeLFi2rhSOdllpDXUwz+SS6bEjFTWgRsWFM
y9QnOcqryw7LyuFmWein4jasjY033JsODfWQPiPVNA3UEnXVg9+n8AvNMPO8JkRv
Cn1eNg0VaJy9J368uArio93agd2Yf/R5r+QEuPjIssVk8hdcy/luEhSiXWf6bLMV
HEA0J+OJAJUDBRAwDUi+4mCk8tmdCOsBAatBBACHB+qtW880seRCDZLjl/bT1b14
5po60U7u6a3PEBkY0NA72tWDQuRPF/Cn/0+VdFNxQUsgkrbwaJWOoi0KQsvlOm3R
rsxKbn9uvEKLxExyKH3pxp76kvz/lEWwEeKvBK+84Pb1lzpG3W7u2XDfi3VQPTi3
5SZMAHc6C0Ct/mjNlYkAlQMFEDAMrPD7wj+NsTMUOQEBJckD/ik4WsZzm2qOx9Fw
erGq7Zwchc+Jq1YeN5PxpzqSf4AG7+7dFIn+oe6X2FcIzgbYY+IfmgJIHEVjDHH5
+uAXyb6l4iKc89eQawO3t88pfHLJWbTzmnvgz2cMrxt94HRvgkHfvcpGEgbyldq6
EB33OunazFcfZFRIcXk1sfyLDvYE
=1ahV
-----END PGP PUBLIC KEY BLOCK-----&a.nik;pub 1024D/2C37E375 2000-11-09 Nik Clayton <nik@slashdot.org>
Key fingerprint = 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375
uid Nik Clayton <nik@freebsd.org>
uid Nik Clayton <nik@bsdi.com>
uid Nik Clayton <nik@crf-consulting.co.uk>
uid Nik Clayton <nik@ngo.org.uk>
sub 1024g/769E298A 2000-11-09 [expires: 2000-11-10]-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDoKphMRBACXqpAlgcW54cNw4RBJvlbX5GZ4+VGpV8AyFnkkrKelwH+qgViL
L96W7iXCEQqciAAQ2Jw6AMskSdVbb24Y70foITKGo1VEXBKJci3sdKvuPWkHNlJq
zGKIrikVHLrD5Yixt1b6SVntWiRJaddiUaI21Zcuechaap3isOAdYrNR8wCgluEV
qGB0ng92wVENiIaooHiib28EAIzfn+czzPm19gtAM03W/otZJqsHsIGWuuoIC+Wn
Gr9aGVFGB9NcYXHz+jdwSe3o8oE84ohWBI/JVX4K+xCt1gXBqRax4F1QdDse3np3
o49bV79VFbaec8htk88NTp6Xwd8b1GaUFXFbtqAN7DbZEz8oB+57E+2q+ajFQTx1
X6NgA/99QvNMD+SWc73a5SbicKPw0DDktkhHlE4re255nfvgnqjpmxWYyT80Ra+2
rqABKUrgGgegv1I8/w5zbGBd8h3lO9opMQ1qtt4oAKv/incBh0OouMGyQRINQIMQ
YQHcUmOu1ds5ijS9B5QCfn89TO4aCoJiS17FRxpJmoNrx30/LrQeTmlrIENsYXl0
b24gPG5pa0BzbGFzaGRvdC5vcmc+iFcEExECABcFAjpkjbsFCwcKAwQDFQMCAxYC
AQIXgAAKCRCTqAdkLDfjdVVfAKCA2kYL9EcgyqldY5J1VnyWUKWzAgCdEe2xcNjY
PILcvlRE+WtAwZ4oHYyIRgQQEQIABgUCOm67jAAKCRBdUhyM5rFQFmTqAKCZAG/9
xzh3ZhbTk/vD1RFDFhEjtACfY5oFGV5jon4sJHsZRQ/+fv5F+JC0HU5payBDbGF5
dG9uIDxuaWtAZnJlZWJzZC5vcmc+iFcEExECABcFAjpkjdcFCwcKAwQDFQMCAxYC
AQIXgAAKCRCTqAdkLDfjdZ9DAJ9LCLBIGCffBCRwI3YQzHM8UPECCwCeKe5kOASp
LvEMrRp9SVhX+7ZKqU6IRgQQEQIABgUCOm67kQAKCRBdUhyM5rFQFttwAKDF/r0c
YGsIGOgImbTy4zNK1MV2TgCgjBNGGZkp0XXoYrFwJq+/D1odHPW0Gk5payBDbGF5
dG9uIDxuaWtAYnNkaS5jb20+iFcEExECABcFAjpkjeYFCwcKAwQDFQMCAxYCAQIX
gAAKCRCTqAdkLDfjdcmaAJwMbnDu0EHyFcba1los+qIu6fhligCghvGQ7yw/laW/
udQ78rpE4ojsEc6IRgQQEQIABgUCOm67kQAKCRBdUhyM5rFQFoyQAKDq4xwjv8vg
OF2brzuAMi4YCFwEewCffzvTLzYI/rj602axggnIrjFtegG0Jk5payBDbGF5dG9u
IDxuaWtAY3JmLWNvbnN1bHRpbmcuY28udWs+iFcEExECABcFAjpkjfUFCwcKAwQD
FQMCAxYCAQIXgAAKCRCTqAdkLDfjda4OAJ46HgEmTnz87tjh822xVxqDlSogSgCf
RvBphjblryO40RfamhgL+X87xOaIRgQQEQIABgUCOm67kQAKCRBdUhyM5rFQFg6x
AJ9ACILE1XLtBRYb9dLMryacFaqpuwCgwSdjGQLdRHk+1kfCSnweO4OtEra0HE5p
ayBDbGF5dG9uIDxuaWtAbmdvLm9yZy51az6IVwQTEQIAFwUCOmSOAwULBwoDBAMV
AwIDFgIBAheAAAoJEJOoB2QsN+N1X+0AoIJWL+1WWJ+/17RsrdxuETbthv4wAJ9g
n95Juu368QnIvSHDxgnyxxSOxohGBBARAgAGBQI6bruRAAoJEF1SHIzmsVAWpPkA
nRq+OwehLht3RdZ0eEMaBovxgre6AKDU2u+ORxySutpVAXqt1nbxg2wJobkBDQQ6
CqYXEAQAkEkfRicoO8I42BfA1Tgaut/HeUdWWLO/nGx6hL2FNkQ/vBhjinsvi3vd
6+4eUE/O/3deTSGi9GtgXplCGxaDuF/nr9JjAobOQ0f5TFLiILdy8OL2SZE6VHO6
VfCoGy1N7Eg3jvzJ8pFNxTdVww8HIlArnNn8Kqww57uustQYISsAAwYEAIFghSt+
tj3C5koFh7IXPLNHrux5XsDMaCUcDTsXjpEQ7WywzHUVgL2QHxeTbZ6ZMp6BkPkl
sgPdNpFEOCCaUFzJ/z/1/dTGXPMuWgGInuy0bFA5mHdiisjLYP+tvRY170mVSjB+
qVRErM/fzrO9eQtKkaYLozWXPTZCN5XKk4sGiEwEGBECAAwFAjoKphcFCQABUYAA
CgkQk6gHZCw343XOsQCglQkSx/QqgZSCpsy4TqaR/vY/lZsAnjFYk/Nm+oFkvCrS
YdG7pt2qPWQo
=Ay+O
-----END PGP PUBLIC KEY BLOCK-----&a.dd;pub 1024D/9F6669F6 2001-02-04 Dima Dorfman <dima@unixfreak.org>
Key fingerprint = 0F07 CC6F 305A 698A CEAD 8ED9 1D98 247E 9F66 69F6
uid Dima Dorfman <dd@freebsd.org>
sub 2048g/1CA759CB 2001-02-04 [expires: 2006-02-03]-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
mQGiBDp9u7sRBAClzDBv2LhLDcndJePLW7j7kJ7gQZdm5E6zH7pqldANjz1hNYiD
t0vhrmsCLJriV+LKPKJvVHXe52NmzZJStryb6P8kIk6/Ynmul1l3nOwkT0504xEW
XMByYYcfXCx5thE9WPHi5h/bIIyTroRWI8P51MB6MQxFU/yENecmtVukhwCgkpyM
WNF+eU2wJcHjiT3lWc2/EWcD/1zruxa3UwBI4+gckUjaMQynpOdsHdqfNEbKPpXn
gmeIte+O46yIXVfrq1OKavQXL55ogXmgHesn4a93wIa9wK7JDmH0lvM0Tse9D9dH
iii+SPqwQvt3Xo+kwsphYtJsDqg3HPWGOvZzZlNiRjoKklJoQTe7lY3WmPxcObvB
b6k/A/4gCues7IVIHCqey+2IYYhQxTV/tfvd3ztNokjMTgnINfeyDBafsU1hqgbX
vXzvGGwPeUB9wvtZjkpcqkpIWzVqDorwXdAXhVw2b8eNx4gUeUZz7vB+qeB1uylA
sGCT8jJg8w/a9oc1rhPEzyc2NaHr5QrUoMm7nrOw6EZwIzIa5bQhRGltYSBEb3Jm
bWFuIDxkaW1hQHVuaXhmcmVhay5vcmc+iF0EExECAB0FAjp9u7sFCQlmAYAFCwcK
AwQDFQMCAxYCAQIXgAAKCRAdmCR+n2Zp9iJUAJ9idv1N6Uon1m627EmfPqPTCITA
QgCeLhsvzcDxBipq8rIUYwyk+laBnbK0HURpbWEgRG9yZm1hbiA8ZGRAZnJlZWJz
ZC5vcmc+iF0EExECAB0FAjqpbr4FCQlmAYAFCwcKAwQDFQMCAxYCAQIXgAAKCRAd
mCR+n2Zp9n3KAJ9sfOFqqRMQNTZwt3D1dNs2NeI/YwCggw8670QZvlfNmwu5PJbu
giV4ZW+5Ag0EOn28QBAIAJisB3SGQZyFeJ26p2tn65Lpm0OscvYc+tXtzCBI5lu+
WQ37f4s+oS9yy4AlnDL5jY+h+jY+IFSKig8vNZiti7YQpTAKA3A6su6iHs2E0mj4
ZRpnHodpc3WCDvKV81Vx+TGwdVSnbnvr342x4/WTJSXjrWK+hPsvYE4Xy0csfUX7
j3bApTQj9HkJIcaOZs772SclVY0hWq+Y/D4Gz/XQfNB1Ih+q7ncQ8BibVbBVd3U7
1HpHC7pMi7OWaJ+8RZEpdcfa1UAHvWFqT9cy0W+SvhAH+xw9gydmF0LAS3XDCxGe
sgBK0jZUD6y8jK8KofL5UpH0jZB3B5KjqI2++i9nhSMAAwUH/ReNyaenJJTjFbmy
yPahw0iTwZIeXwbK+crB/o040ZPDRccXic2MWi9EdLZExq9KixSD8ZI62UUUnk7j
NECpugIS61ZXdMIxlsDUafslO0U/d9mqKm9sqeAFeS7jBNf2rpEnmvKKjbV/X8bj
IZzdJMIK3CdAhODWJSw/rH2wl7UdYZsvjrZI1QJTyZ0HitrYqQpINcKAhCi+qNiv
lSic4CkBZPJKxGYj1ttX1jd39K4vONxoq5qbVFvjrSjOvaNHXT5r82dPyCm55ji2
QTBjxac7hIXz1zQU4mhqxv4gFL/x11XHpJcCWVnUiFGYhwDGfv+c98bx2gywqdfX
0Wh2N/qITAQYEQIADAUCOn28QAUJCWYBgAAKCRAdmCR+n2Zp9hdRAJ9BQl/kY1Fz
4WemnjUFhRiqc0Nc/QCePLGBbvmC9fzbRY1BxEKlxgqC/5s=
=oZZ3
-----END PGP PUBLIC KEY BLOCK-----&a.ue;pub 1024R/E74FA871 1994-07-19 Udo Erdelhoff <ue@nathan.ruhr.de>
Key fingerprint = 8C B1 80 CA 2C 52 73 81 FB A7 B4 03 C5 32 C8 67
uid Udo Erdelhoff <ue@freebsd.org>
uid Udo Erdelhoff <uerdelho@eu.uu.net>
uid Udo Erdelhoff <uerdelho@uu.net>
uid Udo Erdelhoff <uer@de.uu.net>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQCNAi4rWsAAAAEEAM1u8Y60omElX7Wtrh75P8K0L2Gp6omV6iDuwl9kXYhN94jF
DE1F4xpkRDWvQxsWbYeIk2F3VYGuN12BhbRNcNqoyniQt2XMmbdEmp6ltumH5WbG
jR5Xg0LkJ5AJmxvjJXXA9q+/eTfmyTfPjnCL70cTMWHdUl+EBUPoh1XnT6hxAAUR
tCFVZG8gRXJkZWxob2ZmIDx1ZUBuYXRoYW4ucnVoci5kZT6JAJUDBRA0K3Q0Q+iH
VedPqHEBAe9vBAC+el5mJpqPkC/+om/SSE7mxyuUqHAx1tNUymL8gTuV3mFB0goM
xkxhUOMMYe9z2zyi+RXrECfLT2OqqUA60EZpl6Mgymj8SVZSv4ZwXdU8cgynYNfX
T1pC57mN9mxL10vTTJEix7QsrVz0W479/IkBrhW9nTidQtORW1Si5T5IA7QeVWRv
IEVyZGVsaG9mZiA8dWVAZnJlZWJzZC5vcmc+iQCVAwUTOwzFWUPoh1XnT6hxAQGl
eQP/bLMp1qSdkt2/BKchpx+lhOemCmT3LHQ1sNzelb7dBwnsvE3Z9lOycH2pm1ro
j6x3vmcDAqZ1yh2eFEVNK5abfhuI3QH+9QdgvMcSIQgF3VIMer7JXxNtFFX8JRKm
+YfLfDifcK+B2HRkpMt9ETY8b3/cYz+gbdKNe4nVde5KPT20IlVkbyBFcmRlbGhv
ZmYgPHVlcmRlbGhvQGV1LnV1Lm5ldD6JAJUDBRM7DMX9Q+iHVedPqHEBAYHUA/4l
j98KC7y8cjapO4Hi0r/eO7gUwDujvrBMYbWuhmNCO6xlPfwRNm76tnNiTFdqVLat
XSrQwEUys9Mq9xe2F2RuqSfYWjmHKX3/gNW3gRJbnBqO1QN6CDqo39a7LgllqFf4
yFj9V6i1c0WSBiOeWy75DHpsfXHupMxZWPPRWh0TnbQfVWRvIEVyZGVsaG9mZiA8
dWVyZGVsaG9AdXUubmV0PokAlQMFEzsMxhFD6IdV50+ocQEBzqsD/0nX9rV5cAcd
jFTayQvoAjb/nIN+TJVHumuC/Glp9fKHlfTjMnsUawma+iQESjUB8XgyeJ0WvR8M
vQGEMowYr1YTtFiYfFOvrzXZmhB6NfhFV3s34ZLDeBnncUqkas79Pi9G9AP2Y/Mc
c//i2owj58xTfocYNT5IxVVYjB72Py+3tB1VZG8gRXJkZWxob2ZmIDx1ZXJAZGUu
dXUubmV0PokAlQMFEzsMxiND6IdV50+ocQEBBJsD/1SVP70fNa3ShAn18+yEXOIL
TlFYCUmGaBIeAsd7r8tXFYbf5STAOEOiqBB9Y7V1tV4IriACru+9wo5wBQoCLBT1
RNj4NhwVvkGReTDsA+Zz/vUULrbklVKO724DktO0+WRbn/w99trttuUTGvTHRER3
BjuOfJ/QoLlnLAsDBMov
=TCJD
-----END PGP PUBLIC KEY BLOCK-----&a.green;pub 1024D/773905D6 2000-09-02 Brian Fundakowski Feldman <green@FreeBSD.org>
sig 773905D6 2000-09-02 Brian Fundakowski Feldman <green@FreeBSD.org>
sub 2048g/D2009B98 2000-09-02
sig 773905D6 2000-09-02 Brian Fundakowski Feldman <green@FreeBSD.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDmwog8RBAC+zE0IpGNV1naZh9os6S//ct1MfEMBoHH2TQhajIfLVraWA1I9
AbOTuYYsPgxqK44ZnPUnNLmgIRBeVJXklXsdvjtMrh7QMj7evAGneT4vVdVj/9aY
7mEBuQephgvE4bUM7RPvOc/paiY08+HANljrvxcmMhygDTP5SEp/QJn7zwCghB66
YVHI5u4xBAcHiHbyJWShmekEAIUWEIL4I33C9/yuenYogKLLS2/wmMYMCM5uMTkF
jls9KtfW/TQz8M8ZU6xdVBQjvDpw9G96l78amjiMN9Gm32C8m3HJaN0V+4SGJjiQ
fL07gu60LG0phnk1CtWLVQnH0LuIyB8jJeoaeYmS2Xv0rLLeMQ/hgUcQB8xu61Z4
n1shBACf1w7B9ivEhBGWBsjuX2gTfW2eS4Mprs7FD1/8f/wbdvhitMdjZOFjOIO8
yi/2W6B6T3suTcUgdC2qFmXkiWUun5kpGp/KRvrYm2eKpfveOL0HgD7juEZtBJcT
zV4oMel8TlZidIjIgLUeTbGfxbYPm0gONEGZHsymlZg9/7sDS7QtQnJpYW4gRnVu
ZGFrb3dza2kgRmVsZG1hbiA8Z3JlZW5ARnJlZUJTRC5vcmc+iFYEExECABYFAjmw
og8ECwoEAwMVAwIDFgIBAheAAAoJELVSsEN3OQXWVdUAnR13DerFrFdS3xufFox/
m9T+VKs6AJ0Y7mgJalqPTTalJB3fbWUeIsZBsLkCDQQ5sKJfEAgA5LI3C4rGWWbG
cGZMLDhuBhjcoSFeWnrVVVZAPEm92+LcrfoT1Slp/2+KcKTJN/uQA0EpNmgUFBYr
3vSoVoVm10xBxBIX0zP7uPQNYKoJX3gLBiRZ3xOo4A6VqEpRbo5yjj3rshN4IO9B
T9zqx0ZoHSSsCds0Ax/m+0eSTghl+Shle1tbJstgcoxf6peKa6XcOAJWtQ+r6hZB
Z1tpjmIrfaeG/26da858C4TcogNhi1cpbyfQTZA7070JBnpRjhcQpELT4hRsJV2G
BX0dZn2hJOb5J5zl2M0N0Yx2BHM6mVT+oUc4EvfRn6fuhVRwIuckxwXaA31vWNPh
v+S9VD5BqwADBQgAjOXR9HNAh/teG0p4ynOlWx5G+tBWSfqWAKOSpi9SKb2Zipjg
bVNjmO4zNYhdAK6YbyQgrDrwUVPWoc8OieUACujklkY11eg8QFGr+tJow7iCMOPL
ES5vW1sBUl7dN+4tf5QTg5q9EGHL2rTndEVeutFbcKPR8YQXdu/U5hdO9zha5fd0
RWjG7zLTaukO4mT2bTuojgCrnsvZ4D0XRW+SUcfXZrbKcsoFiU3q+EvlOuWg0W5b
FcFfAXSAzC2CpZlQV3hhSDkgeM3cbnb0hv7feSIizFpqFbNyOgarqymZIU07HcX5
c44etbO++GQ/tMI7oCPUb9a5jIt/YqPvIvmPDohGBBgRAgAGBQI5sKJfAAoJELVS
sEN3OQXWr4MAnjpZdSq11IEN34VjwhD+eBMcxjqaAJ4yDvFd8u5ehurCY+KjWSXo
uPPUsA==
=EiNZ
-----END PGP PUBLIC KEY BLOCK-----&a.jmg;Type bits/keyID Date User ID
pub 1024/3F9951F5 1997/02/11 John-Mark Gurney <gurney_j@efn.org>
Key fingerprint = B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4
John-Mark Gurney <johnmark@gladstone.uoregon.edu>
John-Mark Gurney <jmg@cs.uoregon.edu>
John-Mark Gurney <gurney_j@resnet.uoregon.edu>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzL/8IwAAAEEANuX7fcIa0S5fVATYQCGwgBJo9DxRr0m/QjrP4dJh/JEIjmv
h37FMs9qsMPtyAZWlRSnbVFyQiz5ptFuL1irClW2UHzlLvd5s+pKMfIkJWDTnrvp
0jFebYQt0chZeLcKT9s5sSo9ua+fUumOfaWyubUZPIqmDYqy98Em7wI/mVH1AAUR
tCNKb2huLU1hcmsgR3VybmV5IDxndXJuZXlfakBlZm4ub3JnPokAlQMFEDMBDfTB
Ju8CP5lR9QEBmnsEALAS5dZyQXxsDAROz+yHizsbgV1Ok9vFwE5en7QnOGcSkQX9
pE7MzzlbpP63toF9zWLF75dbXE5X0yYLoB0pvNi1NXhXqA0YbDeAi1Ed6uBXbomW
MDdm0s+O0Y1NfuS0uKiFiJUDOjdBrgEbnmPZM/77dhr5UbmAtQUHFftaQfY6tDFK
b2huLU1hcmsgR3VybmV5IDxqb2hubWFya0BnbGFkc3RvbmUudW9yZWdvbi5lZHU+
iQCVAwUQMwF753W7bjh2o/exAQGjjwP+MKiFH9EfOGS7yr5NQ4+vWXuHe1N6fi9N
jJsFfzT/RCM/wo/dNG/xhTgdCoCWRt0gKkv3SLEPYGDPDtC3Nf7HV/66wOiYYnxD
3cmjgpLn5u/Ju0oS5xxNb5Ly8EZnfz967lIHjp/qhbZ9o7kO7Nkb7bUgozNqBaRy
9Yo81fVAtrOJAJUDBRAzARCXwSbvAj+ZUfUBAeUyBACKoIXfYBpsKqmmnTg944Tw
5t8lAFZ8qJz42Fjw+hswC6c+7b87imwaH3AjPnFmsA6f1ES7xDHG8RQleDtKsyik
gHc9Yos/neVqwfrr4zSV1PdNPPpG5uNT/jI1k1M3pH8kwYdKiwaIHQb5+sGUQsO1
ZoxCdzT7HJq4jJtBGVIRULQlSm9obi1NYXJrIEd1cm5leSA8am1nQGNzLnVvcmVn
b24uZWR1PokAlQMFEDMBEHfBJu8CP5lR9QEBak8D/2V+1pP6zA1dvhRLcO2pGldn
Q/dcVAAtZIZ7AUUap1pKXZF/Tt4gWKMtAHj01xUbwU1fmI6DF1p4AVjDqOxJDnoZ
RD9gv0RiZXdUesXL2UBNHc/7f+amAJgmXNrP/m70ejgzPluniR5hQm76fKYjkxV1
opRhhchTjhrFndoQ9nvQtC5Kb2huLU1hcmsgR3VybmV5IDxndXJuZXlfakByZXNu
ZXQudW9yZWdvbi5lZHU+iQCVAwUQMwEQWsEm7wI/mVH1AQHxMgP8D7VM+qUo0qGM
uFUKqxoQcDPVKt2W1X6wWTHdj9cxo3oW1tlLEZ24Y2v5v1pzonvseaTjsse134dP
a9qjcwXjs/zxXzHoQs3B9BZB2qXaR4T3YeuCjq2qIXGwsrrY5fkoch4OLg0/FOui
dmNbFjVQkIma2rIRPa8GhXZJtGl+UEk=
=bUtb
-----END PGP PUBLIC KEY BLOCK-----&a.trevor;pub 1024D/3A3EA137 2000-04-20 Trevor Johnson <trevor@jpj.net>
Key fingerprint = 7ED1 5A92 76C1 FFCB E5E3 A998 F037 5A0B 3A3E A137
sub 1024g/46C24F1E 2000-04-20-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDj+agARBAC1AfvgGQEVdLwS0dirwaN+pDDWWiaSWBNRNo4T4KKG2vyhhnUi
f2PcjPx8rYLvbokJFltoTWos3lS8hD8PZGBDlImOPzffdm/GYEmr1mE8fQvzjdKD
iOTqQi5IYYhLZIMmUpBTK7XN2zrM8VrkgCpb5TYtBrQUPheWs/SZ31EvLwCglUPA
T54Joolfvk0Y8I6dSGYctpUD/3teZiYwem99CE3b1tsqavQ1MUfjwSPZQq8wjVe8
GZUtwaeExugAxNjXIJeXiaCij7S6JSTS0ytyxZ5/O1QFmBhuD/7zjNFD8yB8nu8x
slma7mVhMuhqkwU06hTkp6MNNJ7kRItoVETtLqR5mW+0UUSZyePQFIH9U7TKPG3W
vYMIA/9btsMQD/7QA9p/m5OP4sfdVdNCZ32tJ534bMjDYyf/P8k7QzvDWU8f7lbk
3vX5pSmHplws0PwSZITmRarMdEH9ucP+24m06MQ7YmDYyLlUCestT2gAxnB5/X1h
fJnmdCLi/Vt19WrVM79ebddbCqCaoz0xv+1qOQmPue/vKXIH87QfVHJldm9yIEpv
aG5zb24gPHRyZXZvckBqcGoubmV0PohWBBMRAgAWBQI4/moABAsKBAMDFQMCAxYC
AQIXgAAKCRDwN1oLOj6hN4YuAJwOTOURcLpgAx4HT43jNxDYCsT7DACdFdGCwsi4
w5ZiCeoizmoBMFvYTa65AQ0EOP5qIhAEAMAerdyvcs7DOxpsli24gkKJxCwHSq9U
23k283XpZHOp/0eS6WEJMHMyQ7BRrx3X6mkSgBEnHdO6MetBQjOHdjSb8ycotrJa
H9eMkZ/Iky6dbiWpPLI4ytS4Q8Z4oEGjUTm7pJiE/pgmaCX/kv0WMs/35En+42sY
VoVU9bDI+X+3AAMFA/435RbM6ywO/kL8D3lhwINGEIqmxWpJDlXPPJf2pLiWZZVK
MLGkHOTe2kUdd+E6WcoRZdGblOKxLACrlKpJa91aw1ftQT6rt0k8GDCGLT/33FWx
2IRSf5sHmz8IOm6L8TcZU31hdWqpDLmiIj+IjUCx8+eAUjZcVRoj6BYnWc1Z64hG
BBgRAgAGBQI4/moiAAoJEPA3Wgs6PqE3PKYAnikfYo//UA7/jrDuTXzqPmi/Un5f
AKCFsfcXDbLGfWaAqe2YzeDR2Z55/A==
=N4HT
-----END PGP PUBLIC KEY BLOCK-----&a.phk;Poul-Henning Kamp <phk@FreeBSD.org>
Fingerprint = A3 F3 88 28 2F 9B 99 A2 49 F4 E2 FA 5A 78 8B 3E
RSA 1024 0x0358FCBD 1995/08/01 Poul-Henning Kamp <phk@FreeBSD.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.1i
mQCNAzAdpMIAAAEEALHDgrFUwhZtb7PbXg3upELoDVEUPFRwnmpJH1rRqyROUGcI
ooVe7u+FQlIs5OsXK8ECs/5Wpe2UrZSzHvjwBYOND5H42YtI5UULZLRCo5bFfTVA
K9Rpo5icfTsYihrzU2nmnycwFMk+jYXyT/ZDYWDP/BM9iLjj0x9/qQgDWPy9AAUR
tCNQb3VsLUhlbm5pbmcgS2FtcCA8cGhrQEZyZWVCU0Qub3JnPokAPwMFEDV/uZj8
RhrUfjKrKxECNmkAoJkszkn0MRLSjLIQdFSQoAIvXsaoAKDaLAvAv9JBTIhiPHYw
a8YkNTtr6YkAPwMFEDQ+7sYIrLG2o9cqlBECGFIAn1n9YKcO0hJfgVT1sX/lAoS+
a+0aAKCwrJjWaTvSjDbZtSZ2887P3MnFA4kAdQMFEDAghiMKfXRy8QybzQEBWsQC
/37UbJxWsNURURdw1NDcJf4eJko1ew1au41ytTb792O1HiXTr1nKxa/HXg0+2d59
HGynOVQfoKtEw2BHakYlNQNk1mznxGxi/4F0cThX+hmJ8/V8wjtm5bQ0hGMeFQjB
4YkAlQMFEDjGXEvKbyuD/AwC1QEBMcwD+wWwOmzXE7wpIEZ1p5KsRiVBQ4F1VEo4
LviQkE0jUx8/i0/Y+kRpb3sZc+yh84qYA9vrRe8IDqc1a66ZvGUPZOsfiICpJoH4
ftPz8xMLgyfHZrSR+wICStXNAKok8Oq6a56+Vxjh7wpNDoObN5XfYyAr23yNoPh0
7pP7dXNRfGKiiQCVAwUQNBDRpnW7bjh2o/exAQG7ggP+NcUV4mCzYx1MM05kz8Vt
8OEjirEBthSypLf5FrXrJ3xZ38CNX4gckTY2iYVaXxStSMIaKdeLDM+ArU58UmtL
06DXBAu8CXRfzgEDwxM/0FCvjDvoj9FuSyBRKtUIg7wwnCXJ2NI+hxYYF5eVWNtn
FfPK4mTsf5Mb7O4jkG4Fw0iJAJUDBRAzBivas1pi61mfMj0BAeIhA/9fG0FYVdoF
GBUsSFE2lLTth1T4uxkaUs5l6E30vhSckUdBA806kx7LaAXtj3loE7Dn/XFLm+VC
nCZEUKe1ayb+Cp3Mrqu6V+vWvkDL3gs7lMALq5w27f3pji+jVPIPVJOdELjroqW+
a1C0C0UaBeU5FYsv1REvNxEV3WEPTJd31okAlQMFEDF+jX1rWmeNgbKneQEBCrID
/i/ri8/eXUXRJp2fqJqzvrWGTP9Ix1O4vMguah9IILijgpYyOJYkezZKijjVCVmL
X7EwfNXfYkqLAWUa08eov4QfJfJDgfe+Z/3/UoX7RcJoy2AjTBZQzOI9JMkrzFdt
FGYwMr/QXhOdVVpSGeZ/6Hkrs7pd2Z6MNNrRf81ZyJyYiQCVAwUQMXyV5/UVW/uO
VC1dAQFyfAP/SujU+lS2WQuat4O2wZOQ1rswUt6CthG8MOsc7A9kfXnZbaM9Sdxj
54CtAlqR4eJMOYk2kVqAtmCWETRuonJxr5TAJdf7q6kByVYcQEyDZvKJYwyrI9UQ
SelSgczWwiSB01aV9ACaKlEF9iHYvIKBa9HwJu3A9ggW9SYaAHcxHzuJAJUDBRAx
Sx5cH3+pCANY/L0BAY+TA/9YQPISXYaS+5r0I60wCJ+i3a9PC69Zak2ikgTHQi97
LhpVtEsP3SAYInDw4YMS2oU9w1XxoiLLd9hUpcZlmO8Ip3vNF+E2ZCfR4sNzKarY
5fdo+sxzatGWRPgnHjbm6RHWCw6qJACDD3VpaFjx2XD8QrOTyiObnbHhWBdoEAIy
NokAlQMFEDE5Q6DvYbnpEdWO1QEBsvgD/0c6flBrSWr20oj8eRJ1zl8ZAP/rpV0I
EBvb3ZFsHsJL8QzTsx1typFFghrT7SDBDc52xY90JWAflEiGn9aIL5Q+RHVxjw30
yDaRPAl9ll82o34GBaWBEw83bsI6Fg2XxDfc2X0KkEutlYAEXjiM95PQS+9PM//l
lDtPvkSxgpiJiQCVAwUQMOavJADy2QnruxtBAQE92wQAsKPq/U4G4ksslOXGaauS
oBk9XO3lB147cSpra1w9ZxTSeo+8dgzNlxnugWDnw1mxauFJBAMgHl74rrlD+Hp0
Ltb9oOyRl3riPG0TOdfaS3T8w6vw52wOKzUrZ/0pB+2sDHzUqZXBbhOq3OXs1ZMN
e3jh8w62JsLBWry/YMWRMnKJAJUDBRA5r4KrpZDsojuazKUBAWpxA/97mQ6bH6q7
32rASSvClNbOl+mAaXUG4SwoMhGTpU6ajuh6C13yTNGMv5LY5SBRYD2XqLi5RexM
lYgPOo85zyLa8j8596Wcoga7+5Nn8DYDPxXv7qGE+Ehn4kdnd6nmtN377j5LIIUt
daIKXw2ZDB2GYmmxZS0dq8SwLc0GBb7msw==
=GFOn
-----END PGP PUBLIC KEY BLOCK-----&a.joe;pub 1024D/E6B15016 2000-10-19 Josef Karthauser <joe@tao.org.uk>
uid Josef Karthauser <joe@FreeBSD.org>
uid Josef Karthauser <joe@uk.FreeBSD.org>
uid Josef Karthauser <joe@pavilion.net>
sub 2048g/1178B692 2000-10-19-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.3 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDnuWJERBAChyOg7jb+Cj5UDqGfChHZDAN5GqF28W0GwrvV0RVWqlGx3pn+S
XzDur7ijNQfj3jAAGgFErCptXWcDz7CLzS2GxddaMAaQcPWP9hDjJtUJ633xwjU6
H0U0VPdLcWtJJCva1LvKp67ICkM4Wx8OdVHhCQN4akvNkYzdt4AG+s9vFwCg8Ddq
naF901g4VlK1IUqWTxPUtocEAJROiv4o3aIWrXvD9YBxkwIrrvtR8V+QaB6drOer
AU9NC3T2Vkm90lgmUpP+HCmpZt/T2v1t5a4HHjyf2ljD5ANeznAZORA6SowuWRhv
ObmYoN9B+vzHCitVTXLNksJCK9kpEvbS5shzbU6UsecCUTohjCU4po2RrsSSILqE
oXYjA/4/j3Qg/w0RabnS6RJyGDls3FBqS4gyVByaJpH81snvZUbw/y9aT9xdo1YW
gUaLcEW09whi00M50vaMzXJ0KYcWHZzk7LrhOqcIiCAUm5Dfve3dwk0DbgVD6iCb
LRI7NuB1Tm8YyvZRRqG2ZcfYVPZgVm3zj748sRaRSPWfb4wGgbQhSm9zZWYgS2Fy
dGhhdXNlciA8am9lQHRhby5vcmcudWs+iFYEExECABYFAjnuWJEECwoDBAMVAwID
FgIBAheAAAoJEF1SHIzmsVAWQIwAn0w8RM1V3LItIBHR8eshFGY2JEWYAKCEyE24
oYKcuicRF1rIjYE/2rQiVYinBBABAQARBQI57mETCgZhZHBwcnRtcwAACgkQMaY9
luwUC4HbZQP8Cb0k/oQeiWFQ8fi9xw8yhpnu7yeDTqelVddiOcsZsLxSwqVCygvE
ywLtzUDeK6ZDiB4gXb9HwiGPiOk5dhtzHqiQOOFkjKoHWC/5GKCGxb27CGxUXt+G
TW5FzdqyzA1mCL2wEao2d8KowXfnVQxO98FceerMMny88w5K2xYPMJiIRgQQEQIA
BgUCOe6GJQAKCRBzh+KSrRDGxHRpAJ9kXxEpFoqpHh6ZCO5vzt8BVig+TgCePRZp
I7ALUJffhFQ3hvHM2LnvFF6IRgQQEQIABgUCOe6GYgAKCRC2JAbmW8FSodhuAKDw
AWzaNDrGEojOI7/GG6kRdP1llQCfcimMK6b+ghk4ZQQsmhqMAbcZySOIRgQQEQIA
BgUCOe6G6wAKCRAgFTHVhF3+3XVKAKCApTk05imwb/TgvUuQJxXaVPlXtQCfd3QR
0Ahvy0y8KAvWekNJimGhLN2JAJUDBRA57onQTVYoIXkFDBEBAbowA/9gwtRKJ34c
Em00fkCO5mVfnZnQ6HUAiepfqKAetBi61IbuPZJ3xymTePq9P1XTeuZt7YgArcJF
2eQhFC3mcfRpyKOCOcDJSon6rlZhNSSwWHlvuLepuE2Pt/D/oPDcDk50aWGBPMxK
k9JJe7F56iCeqQ0pSZbD3KOuvarQaLdQr4hGBBARAgAGBQI57pf1AAoJEIjhex38
5WVhPMMAnRFflWfwqE/7N0UHF2U1Bw7X+83LAJ46XAcPuhjfrKiDjpGJWPJNX6zY
SYhGBBARAgAGBQI57yLsAAoJEBj1A4AkwngCL0kAn3isV53v+0kmBub2o44wBd0L
0xb4AJ4ktFbTjFNbjfRj0bTn7iZzNx9RubQiSm9zZWYgS2FydGhhdXNlciA8am9l
QEZyZWVCU0Qub3JnPohWBBMRAgAWBQI57l2WBAsKAwQDFQMCAxYCAQIXgAAKCRBd
UhyM5rFQFrqZAKDlnAKtVcJbEhn8IMQaweOMFOtGvACg0CXGhrdEnSf3CIdXIAka
IxXMD4iIRgQQEQIABgUCOe6GJwAKCRBzh+KSrRDGxFrNAJoDGBDBAdgtPu8el+wU
n2+PXPDW4wCg3Gy/gd+64vyV7YdqzFhlAB4wG/6InAQQAQEABgUCOe6H3AAKCRAf
f6kIA1j8vR8hA/9q3WGuLUuMF3H8dzNfqJDGWREa1mjvK7WDkS3762WO9hCfdIIg
em88OZLlCXnlmaGbCVZ3eyEwbV6JQVqzrfrNQeEnVeILdNhuC/5SeNqJNbDpUC1Y
dFA2YBsXO1lGoM/ZfBdDrFRS8Y5RBSPjQ6IG7/pM9Gtm0zI4liywLteIsYhGBBAR
AgAGBQI57obuAAoJECAVMdWEXf7dvXQAniU1sn29A3+Xz5tVz7LMMHmC4xg0AJ46
TA1BzhXOX5zTFaiaKfY6vwBeSYkAlQMFEDnuidxNVigheQUMEQEBYboD/ikGELEC
nmAfoD6EiNnoChMp2TACRtGIiOXAOQqOIcjWOWCGyDHqOBosR78EHJ0x/9z82RXJ
g815ttqHOueKaPoa8i8fF+3WZwjfEZr6MjGiX8dOuuD11qucy532iZ694FfyL1R4
9LlWw2os1lMiu3Sy3vZyxN5z+tPPwCrnNOnRiQCVAwUQOe6GCgHbXdKX5jjdAQFO
2wQAl15HhtwPGwzC7RtkJZhdu/Rm3kNGQRtx6I8k81G5NCOp5TOcnkvf0gZFlnls
ZFmYCA4TehVrkThfVYdYyK52dMIoVorSFbMrR3cBE+DJX2IdLB/uxltc1IvLMosh
jwnfPcwS9xFbNvKSbPm7Sv5A9gxkJEVh2TewbjS29MjN/0eIRgQQEQIABgUCOe6X
+QAKCRCI4Xsd/OVlYcOuAKDWloqHTKm80hgbNV6f+pg6+67IjwCeOmwJnY3s5Mkw
wts+n2ugc4faOHaIRgQQEQIABgUCOe8i7wAKCRAY9QOAJMJ4ArajAKDHV0d9rtFi
HwBO5nt/grnF9BjQEACfXWhAVozW0/lZUUPyXNYiHcUgcR60JUpvc2VmIEthcnRo
YXVzZXIgPGpvZUB1ay5GcmVlQlNELm9yZz6IVgQTEQIAFgUCOe5dsAQLCgMEAxUD
AgMWAgECF4AACgkQXVIcjOaxUBaVvACeL56tzrJ95N3oJ64sQVgyo18bEX0An3Gd
CM9mg6dAunhroSuY+73Y6ZGriEYEEBECAAYFAjnuhicACgkQc4fikq0QxsSzVACg
nCcE565FTv9LhGJmmxjNZi4jNzUAnAkJn9QVDkwFp54Vtl921duYZQX5iQCVAwUQ
Oe6KFU1WKCF5BQwRAQEUagQAiJqlq1zf+IrjiffxGzKP1vcCkeaXRiPyBHkS0yCS
y6OBxPhdUsvOzT93qgRUqPGBB4Q7jM7abSuM99gZW9uQN59nwbBFzWRKK/Cz8xHM
lEWIdMZHUXupWUTDBHdHERaj4NaZvE6RXgAdk4saIRT1IFLeWejpaBvLMN8XQXHL
3XGIRgQQEQIABgUCOe6X+QAKCRCI4Xsd/OVlYY8eAJ40vquX/AaE+KslwUBVTBmN
pQo/UwCgvAbcnU4rzYZ+TCBB4ZRUW+MpdhOIRgQQEQIABgUCOe8i7wAKCRAY9QOA
JMJ4ApoRAKC5Wcxx1y8Dr9u4ePt0SA9IhZ22sgCfTOrGFzNJcy5nI2qDz1VoZPVJ
QOu0I0pvc2VmIEthcnRoYXVzZXIgPGpvZUBwYXZpbGlvbi5uZXQ+iFYEExECABYF
AjnuXcMECwoDBAMVAwIDFgIBAheAAAoJEF1SHIzmsVAWrvEAnA25W9/TOnsEaoTm
teZSGg2KAIFvAJ0V7c6OGojBe8ctGclnLH7ICP8lKYhGBBARAgAGBQI57oYnAAoJ
EHOH4pKtEMbEcBIAoMOq/6CtvThjqojHvSEGavUE3sgKAKDUmArUdbawnzF8Q74V
KZ/CmrCmfIhGBBARAgAGBQI57pf5AAoJEIjhex385WVhUPIAoILrCWnWobHn9O7b
zn54Aui/GG6aAJ9W7fRe+mAOsUEmKfT04zKSQmQK84hGBBARAgAGBQI57yLvAAoJ
EBj1A4AkwngCYkoAoOdHEQmEnl5pwQj0f6/boXE/YprVAJ99rpmTV5i/8l3H14O2
185LvwykibkCDQQ57li6EAgAy6eLPS6a6scj08nvURMX5xkuzKRgMExOdSKtSgGT
95Ekvad+Pg0FsKVMsNPbEJQ4fJpsMS0xh25vON+z3Y3rIJEri/7fXxtPt3pcwcbo
Hm8EcJwyFLs7SW41fT31LrTk1ZEX4bbkHe/SimYnqnmGycJ+wQ6pd7mDxiiqqXjK
Ns4VUzcveB/GD0vS0ZLrXRWrH9mccXWt3kEGWYQ763RTcUxYeJ2cQwEQTjZ4oDjd
TUOqY5Q8d4ijjpSKkZUBE7uxbxQ3R1EpJ/EvBlASJi+YxMAERHUdSL4f/QzU3Qhg
UypDyGl+OhyxlQ1h9wKhuVugJq5eTJsH+AsBRFNqlhnSRwADBQgAjDFwDsZTWbFg
hjW4DhZGOkZ9PjDSpFJuic7lb6kln9OYz7Vy6p7hB60B77ann31MtySKwO/PXtnE
Gcxmzdp3GvXwLyg8OVOBF6p5VjRQD+vvYAv6LQ9dKuIW6wPcAfdjCxKY18Xjypnh
Fql1lRY8Y7wv1M3Lt5PPTusPZaunSQOeD28YF4ww0YZvJOelgd1I1bmZ/f7ZVPvQ
cDNHXTm/xwECfjDHjrJA8Qg15NZeew1tjLoR8naJUDI0CetBbvs0mEUGwjySDzov
1Lz+jZQUJJcQcCx3u4RcE8sneb4jADy2F7LpzMKbmLym59FEK95MlQE+wnkixZcu
ta1JwVq7zIhGBBgRAgAGBQI57li6AAoJEF1SHIzmsVAWGx4AoN0XDe6xdktWsoej
fSw+/aM108z5AJ9GqM/+F/Exr5OnknWCPjFbKSBO4A==
=BvSg
-----END PGP PUBLIC KEY BLOCK-----
pub 768R/7EBDECB1 1996-12-19 Josef L. Karthauser <joe@pavilion.net>
uid Josef L. Karthauser <joe@tao.org.uk>
uid Josef L. Karthauser <joe@uk.FreeBSD.org>
uid Josef L. Karthauser <joe@FreeBSD.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.3 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQBtAzK5TJQAAAEDAKlRtbnhuBNWwq+hkYyubUzCYZu60ZFtwdkCgyBurSzTmfMG
1ylVOdwzpgFL8JHRAGhzugRvZqRiCrCl+CvYaeW2+ee3Yw+brl6YEqLMxy0ap2kD
NbpZ7LIO7AMffr3ssQAFEbQmSm9zZWYgTC4gS2FydGhhdXNlciA8am9lQHBhdmls
aW9uLm5ldD6JAJUDBRA3DNxYDu2852ZqdCEBAXrwBACTRn6uz+uFHxi9nj8qdg14
m3SvBJ58i82IdyhuD5m04/Rgc3Bwk1VDY2eKHuILcgDInd94EePpHTxMvjblfImn
No9yqKYQw+V2zbsa8idTVDb5eNWGdRmVndjY95ZVKuhhIlwqLJELvKKbYZjjSabl
ijn+lvEEl+gO4avcQZnOjIkAlQMFEDRSgYdv0qcS0gZ4vQEBq/cD+gJsogBSFwYl
otle1JGgq1lkIq46uJWS8h61QL9+wnKQ3l19VElXK3/s/HUqBZagKyrF7QSs1dhg
T/RKSr/kdG0dPhLhqESgzii9CS6MgHM8CnmP7oDP78i1yAkVL9bJ/a22Il+YZNlt
r+XOn9EivaFojjHFQy5a+7e/HEXbgtwMiQD2AwUQMxRrf6ZKZnTBjNYdAQENIgcH
RcYYGiOYT0FAqSvAlHPunpPhO+9TBKD5FP307YtUTHdI19Y+LgFT599ond3wfArR
K3ue6D1G6//kbemfLZVxOJ+PRpJ0jIqZQ//7mKAI3VGu4vGO0EGQLkzIfwiVaCwa
8jZh5406CaqE7DkXVypvcVkL3hdqD8o16qht8Y23rjrEUgRYIIWUGftCAHWMZEq3
NqU/nqzgIv72PMEC3jBjdPld84GOiX9e3XjOSur6uLMRj87e9qce73sYUsGb2/cf
ypx8Hy/FN/FVUKbW4/ddHOeW75vBGgtIwY0R+eDW1wWXiQB1AwUQMrlMlA7sAx9+
veyxAQFftQL/T64Xc63YXllDIVGw0ZQtM0cdolYzP5OAu2Pvb0iWiJia6SkxePJo
FyNuWEO0obBpeP/QuapnceYUBNiheT4gRccEO1+VjFRuAiZb7+Huwh4FXrRbhJte
3FmOE07jacQ9iEYEEBECAAYFAjnuWWYACgkQXVIcjOaxUBY54QCgi3rAVInCyy/4
/8BPhXAnQGc/BgYAoOopcjB7kpP5JRgkh+Zfa62GgNuYiQCVAwUQOe5hBzGmPZbs
FAuBAQFf/gP5ARTyrfk36GelJTBPaNFe1oYt6bI5dC/iD7Kaw+GOvOYMSTTOh+iE
2uYefAC5bhjq6e5Z+DoU+TRubEMSHdeS+cR7/skXN3d6E33aDVRXmdKJI9Ek8iO/
DTOq49Raxv7Uw9Er1OxktMkPiDi6EPgJwt6hKDqQ4Y+g3q0mWMEYlmqJAJUDBRA5
7mN23EnUDlCYIW8BAfb2BADNmVAV6VW2nGYEod9sgMgxBjByV4Xdkh/eLk5J/fpq
rknIFLD5msy9BEc1a1FjK0VZtCoUy/RPlCk8/bYYTthb9Xg6tNjcoLoYNRW6r6In
o8JkpffH4jccaaXSAzcX91h4Xo/a7sqjCy0FSVl/EpAt8cSw4yAGqFU4yyYgkgii
7IkAlQMFEDnueXIff6kIA1j8vQEBzvoEAJDyZ/zlKtINFF8Lyl3KV1ORYuauJGua
IB0Dv1loZD/cDkQz2gpfL7Jkn+RLXZAzhhgJOeKxUefe/umr1S58fYUc4PKluvu7
eZxTMZyK0w7wT3fUb5wwubDC2M8OytiyJyaKc7qYEMeJ7YrK1cBbT0mw1o8YMRtr
98K6ZA7TAEfNiQCVAwUQOe8hK9bgof5PvirdAQFwXQP/V+1l21r51eR6lnmU69r9
nuNhuAn1eQKKKWrFHOkJ7c3UhIItwHYUsO1ytWnbaLsQMBuVaiqe5ZPE+dZefc+L
qXZ40O5WhU73x3BTPDtH4lbe97oTzOUMl7wZdu1U4rzR8tWU2GY6mC3Gh+1Rewxv
NnwXUxvBg2zAzWo1PcfNyaaJAJUDBRA57yFBfEtnbaAOFWMBAfxqBACIZ+hnf7St
MSCPRN1o5uGCnq+Saj5qD5edL3KGIvn3KwzpgYJraZtkQFz44SgzsFM720dLzG72
Ck5uq2N7Ayu5eUi1/JgcgMnYTNA4wdTeSOC1ZrkOIXXyYgzEc88rs3TIRNJFarwt
sqBJBvT7IBo+Zqk4OzHrnw1Qvla2pVtuKrQkSm9zZWYgTC4gS2FydGhhdXNlciA8
am9lQHRhby5vcmcudWs+iQB1AwUQOYTMTw7sAx9+veyxAQFJwAL/Xk/6bm1NsXcv
NKgClM3rVeF+Zl5M+hffa/JL4GXSrwCRTrAcRzDFEmT2hEdKVdsq4WsFTQFxpAgT
qc6J00W3WiZwBZPD1hMzE3/PJiB1ZvTuNdyAxckvpwoAHA1BmciaiEYEEBECAAYF
AjnuWXEACgkQXVIcjOaxUBZsxgCg2eyZMcbTrO39+2p+KN1XQAFlKvwAoJUuBkZ5
7DTARF/YVKlyDo0kiZ0ViQCVAwUQOe6KnE1WKCF5BQwRAQGp+AQAqFXMM9pamu4Y
f3GzaKWZe9vKzswWu2P1H+5I9+trNTZv/xNO2V6BbKaMw0nCrBiLja3M84KfVGBs
85nu8AuV5tDDaj/elGpWzEkm2LzmzHLh8FqmatUr0po2UFc+JohX69dqFyXXYBa0
wK5fic6rW7U2BFS/tbwx0lmUhMnHG/eJAJUDBRA57yEw1uCh/k++Kt0BAaRnA/92
x+Ew+zeCaS2tTDMEYDTw9VkburcR2S/zXBzFh12oHb+1WjhTcDajhCumgof+ZKwf
onQU9nN0nFy8YOGpmTsBs9TNOFq9XyJg1Lf1HGQ2KV7GqIas2OGtcnOLwyrQwET5
kNHE3Y/OlekXBMBbUQzB9bUoX+OY/izKP/aWAxe+0okAlQMFEDnvIUR8S2dtoA4V
YwEBNnMD/0B0sW3i3Obs4QOqoTxvoRYulGRtxpvEntdWycgHgnY0qPHhNZ4s1Hhw
vYG/1Tx6YDWjEQyptdKQxZq5xZt/Yw/gD9gY6Y3x4PRlqp4kTcQg7YMDd/c7OdQ+
4aBpQvkQ37Ib7catx5THnW4/mxxpvj4Rn3sR4zytHVTk2Frl2eg0tChKb3NlZiBM
LiBLYXJ0aGF1c2VyIDxqb2VAdWsuRnJlZUJTRC5vcmc+iQB1AwUQOYTMHQ7sAx9+
veyxAQHwdAL8DbjMvucetIb+3yjrRhG/EfzxQKRqKzu5isvGckc9K4AA0Xwl9TYg
9v1QKsCqf8q8GOxyhEhGob5O+4USTcETgkerUjsMYK5uCEHQuGRZ9pYCH4A2qL3n
8/rhcX6qxhgMiEYEEBECAAYFAjnuWXEACgkQXVIcjOaxUBZZGgCgqIsXrbcFqkyf
Gn3Nw57oTwFflZwAnRGZwnHMFUJocLcSpAp76a8+QQc4iQCVAwUQOe6Kvk1WKCF5
BQwRAQG/JgP+NbjceEgGYm89CE/FiPuq/EWD6m+gzJCWvVqmfPmX8PTlbaA+Jlzl
cI7vUVKkvDEqnvVbnNgtpLMC6L2tonrB2vx47odmCLm7H8L24XpHOKyNiimm6fKB
6r9z9mEWf2WRueMnjAGouNJUh0oGaS8RxT+MKzEFIDKShcMgaWkvlfGJAJUDBRA5
7yEw1uCh/k++Kt0BAQ+TBACfZQI5vWUQ2S8dZBauOqvuF+k4VMl3bvr2bXAMm7Th
uBJc50BloTirtBo2dt+zozgm5oELP3jHXwGXIJ3ODGPIBGVLdQLU4Aer35ziKUO1
DL/GdE2yCdHX6UABL6De/nz3vILhjf1HcATcaUl+Wl3579Qax4zYU0KTccJVQND3
MokAlQMFEDnvIUR8S2dtoA4VYwEB290EAJDiYx4ODYvElwbsS72OBzRkGTkbs8pU
Cd+LHI4REUR63R0FpOdnjPPAesX4DeeoRhQ/Wwhp5Yaakvba3VPNRxIM+qOskPnN
iVhBY/7EOZYcjWsnvhdwZQfrfOfBLQyVpXLFWmy9rzihYegOHXNyUrqX0CGu9ido
8tkOscMHQ8Y/tCVKb3NlZiBMLiBLYXJ0aGF1c2VyIDxqb2VARnJlZUJTRC5vcmc+
iQB1AwUQOYTL+w7sAx9+veyxAQHCygMAkQ1Itu9AEwmlYXbxEi9HCbgkZbBp73jc
/qFyWmxa2D9F+a0hYksmN6RTYAmayenD4K88rnWM4OI4L3F3O1B92W5vCmKD4MvG
ZyWGXxz8xk6SLNFC7NBIz74C/fB/QrgDiEYEEBECAAYFAjnuWXEACgkQXVIcjOax
UBbA+QCgvWou6z02+Va9nlYsHgxjrHp6T9kAoMF95mQhMNA+uq9F/BAHa52MJIgg
iQCVAwUQOe6Ktk1WKCF5BQwRAQFEFQP+Ke1kFqP7obQs4s3w2SZAhGTfUROcOISu
QJ7s2kpkjQkA5pZOhJiCHAyDFYTQv6LKtjosIIb84oKE228QJ+C8ow/ds8fSlh/F
G2GYFLvwwluZhCN6yOeshF034v1OiUD73K01m/O5QD/MqPVj8/SATHhCCZw+lC2o
nTxxPnRdnvyJAJUDBRA57yEw1uCh/k++Kt0BAUkSA/9bXfJrcrjjkjra8ohCZ4qa
nL2LjlMfcOEcpO36zdugmQU1+53/iw4FtKHgrZgZPNZjlx5jWldKrBEbFM3fa9E4
03MWe9vNFLagKjSzFQlZojqLtHCO4pasGomBAn4kDM/W2cZJvkpl8JA+qLif7SU8
HaFdlUg1fbF/9VeYXuhh/IkAlQMFEDnvIUR8S2dtoA4VYwEB3hED/0j1PKQNfRlV
rPioEGF0uX95ZUEkjklKRehITBbXBkq1cQ3b1s/dIunzvs/BUbQdHpkLB1P57Xfa
e6JcokvLH3ufk37d9ubmBkJHgdxSv64y58lp9YqUPe9gMbctN1SeBCOdQufz5sJ7
XDiq/TqRPR2PHPLESCPhc4j5XoShg37+tA5qb2VAdGFvLm9yZy51a4kAdQMFEDgP
y5gO7AMffr3ssQEBYGsC/iIslOxLXMgz9BSw1ndflqYOImPtn4OQJAG+eyZInVKf
ZDhyEHtO6ID7zRNx+0whfAgEU760e8V5rEFea9U0/qY7QneanDRGI+rP81V/fnP3
wdZBCGXDNMCM6ofcuTP6MYkAlQMFEDnuimtNVigheQUMEQEBgLIEALr7UlhPKziB
hml1nZ3PuovK5B8OuO655YTpAiOD8JwHEUTXsVl46rX0YBDZB7EpvuaNfzbA7d5Y
4RwrVGiF1xwLMkekPxa5j1XswmlXCDfpVfNfPYaRNobhMnXaPeGI9unkJBp1BsJS
RPI0J3A3W/u/g2wUl+7B+ykInMOgG1m5iQCVAwUQOe8hMNbgof5PvirdAQF5egP7
B76wggcC7IMvmTFEtt7f1v9W0XaA2fP2gmznSlh8FUkq6k0TgOx0uk1lM2DaQXWB
7quXzwzpBKnesniCg/Ve4gyCvWOCQKtYR47y+lSzHvXrIW+7xRX6n1CjvpCdChlo
3PrwUdWi4Z2gq5GElu22NvvHfssnB13UnBNAmhSIB1KJAJUDBRA57yFEfEtnbaAO
FWMBAaivA/95fj5ScpPKEUEpwIwgX8g0Gx7BEYO6r+atQhf2pGbPHTKq1IcGqioD
YD0ac2Sn4eBqsjxzTArnZViG0lITyoxegfYS3Tz6MADdpX5vGzWaa5Rs1IXjtjuv
4hINpCySWRxAlJPZXdz7rwFB+oCy1IzBFf4PujCGbWb2f2v6qKOIkbQSam9lQHVr
LmZyZWVic2Qub3JniQB1AwUQOA/Lgg7sAx9+veyxAQHeXgL8DJQ1xeeFLQOrg4vI
5nfQOjPJqaZ4xpPv1k5wIjPRElGj7QACZVX5L/bEzhK+7fggSXxBb4cmEhiDOIFO
BR6HWL/RnMimoGtC53OHKRrA43/eqB/saCbTfN4+KAypw1WaiQCVAwUQOe6KjE1W
KCF5BQwRAQEmMwQApmdAtX/o4jD+RqGr3YgzI8HiGt3GCrDjvZUnC4zKG6YvEvbH
Xel57TmiIQ6Fi3WhOupGa/jcosB+XJ7vchrsCvB/LfLY4c6DtlFdXnQn0loU+WjL
PjAUI4ZSSy2Wvgsck/9fofJJyUw/QWG+LlbCmBbGXed7Y8CwxLS6HvthNGWJAJUD
BRA57yEw1uCh/k++Kt0BAYGdA/4jp6QvLYigWfH+ZQQ07oZoa1bIRksCbiZBNTKH
315qV26M8FGj7+7G1lqlcbqdLqRUeNLFBiTHuycOUD+zN48dxTkspT89+XfajMFY
yEkdND4C+NUAaBdspjiCsA2Pywhg5K2Nb2mGbqhRyafdl/lDx+IoJ7tL9u62GsdK
+wpMrYkAlQMFEDnvIUR8S2dtoA4VYwEBvpYD/02+ANOeYrF3nRr32KOxxsJkXZQ6
7bjQLaOHqubnWbG1+OSOcJ6+it+l/uotFghzsvKk/qYG57n23yB526ePyTF27eYP
mE30qUt/msLiJ2C8OoWs7UUqWp9GyZBKNt0ETc9qD9Ns2Qd8a4AEePJfsSC5v2rs
SpVIsgagGHpZqMKqtA9qb2VARnJlZUJTRC5vcmeJAHUDBRA4D8tRDuwDH3697LEB
AZU6Av0e8n+hesovDEknox3JKhC1L33jXu0nOQZ/2Yz6jY1icghgy/L2KO57+T2Y
BV6DGpk4IlY9jZJRRKtiKCHSMahng7whIHNSugWqzLNanK+YPfXC2CsUI02w1srj
FcDurBiJAJUDBRA57ofYH3+pCANY/L0BAR+mBACPZUQxKJbjtlMSbJ5+Ox09fD3+
oUR4k5mBMyFb0lQhTJ7DW+O7h//xyYyPZA3AEe356zb94J9OPjRW4qxWSzgMlckF
CVFa8Ru0/TivE0ArHJbhQnMtrFYbQar5t2RNrlq+B8UqhmA5D00qfdM9/62oxBmA
f0g8rbiWGEL5XmbssIkAlQMFEDnuinhNVigheQUMEQEBOPIEAKGnDr7tgz3kuRaU
8IAglUDXaRPqIpsr1UFEwfg9n6PXXbU/vRn2549zaApsHTTJnYZ2ENH4hv9Og5c1
t9Qr+DEV7ht+8Z0ykoxyFJb9YDEO9W2Y0WTglYMaqBD3NDdo4Mamuj+RtsVxGh0Z
Gm/G7Wu+cTtnwCoSbQ/XEpX2Re5kiQCVAwUQOe8hMNbgof5PvirdAQEUwQQAlMnI
YZPTtjsl+IUGHj/Faay52iUxRxeyWenCp7VYKj6SBgnKO4STveUhIlqVM1iRuf6h
tmSTXF1kztXzPGdTqZig6x7WOLAYSqsEY5DdM1W90+UYTnf0pbkQ1pAJ/2kfd1uo
4W3zpzgQZK9FFsW938C4VqzxBS8bneYmq4JAa1OJAJUDBRA57yFEfEtnbaAOFWMB
AVcxA/4i5j7aqDIkboVaD473bQKYs8GB4riBx3VGEHHfASe7Bracv0jawdPwIUhA
VpOT5hbtJH69tsPUUXphtspcqCrJ8xObA5RuWdBTMxq12+dYYKBoop/0F6PaOSh1
4KVX8m0J9/iGHV+J5QZSKPpBEAAwwK1fJQzBw5DHW8cxxE3OdQ==
=dREe
-----END PGP PUBLIC KEY BLOCK-----&a.andreas;pub 1024D/6C6F6CBA 2001-01-06 Andreas Klemm <andreas@klemm.gtn.com>
Key fingerprint = F028 D51A 0D42 DD67 4109 19A3 777A 3E94 6C6F 6CBA
uid Andreas Klemm <andreas@FreeBSD.org>
uid Andreas Klemm <andreas@apsfilter.org>
uid Andreas Klemm <andreas.klemm@eu.didata.com>
sub 2048g/FE23F866 2001-01-06-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: Weitere Infos: siehe http://www.gnupg.org
mQGiBDpXnNsRBACosqQnFwHgBcl+H2TXLWG/uAAdcZ3d4vlC9tKIPif/WovfOTuA
CM5KMb1Of2uAQm5S6KpSCDSudZIZw2az3ka5ESQt82kgd/1Ue8FJDdPkGY1RZrEp
Zq7VDPfENAM8NuYCXIdVYpd860tIfongUbpgHq9dA/bgoDDHXlaBQzUMNwCgurYO
XH1FSx7vApyBFqaE9ZKglRED/jbd0UeQ8E2Y8jvoHgn9kDGjqgTxNerLK2g7gRgx
o0U2do7kjKKWoUfij/x3RRpGUDzkB9xhibyoPQKuVim4NVNdoUoqjuSDnoDT+XtL
B8bYGXAAROPXu1AT1r/P5k3kSHDExu1qfLEk9Sch7CKrVdNaZHsrknbmFPPmhdsf
zz17A/oCfA5tXthQ4YOlmyjJXiMmiD/aX1fQovjayQDD/diNYQ/z3JUuaA01Nhw4
02LDFCk0xO2T8wWIC8Ox9J7twKKBT9Ep1MpZw/mY7XlpTFP82ls15pNIshogjlX8
23aBC+xrRda6SqTAnqsneyxGujSkS4sNubUWaQf0UUfcxZpA77QlQW5kcmVhcyBL
bGVtbSA8YW5kcmVhc0BrbGVtbS5ndG4uY29tPohXBBMRAgAXBQI6V5zbBQsHCgME
AxUDAgMWAgECF4AACgkQd3o+lGxvbLqQrwCbBNMKCTamyfzbL+69hya4MTApyOgA
oIBKu//LaM9gC+rfYUSFRaVY5PJetCNBbmRyZWFzIEtsZW1tIDxhbmRyZWFzQEZy
ZWVCU0Qub3JnPohXBBMRAgAXBQI6V51BBQsHCgMEAxUDAgMWAgECF4AACgkQd3o+
lGxvbLpvuACeJLJc2HBP42h8lVDWTZwV3qstGXUAn3yIgz/FK7+//Ax2ceO115u9
T76ptCVBbmRyZWFzIEtsZW1tIDxhbmRyZWFzQGFwc2ZpbHRlci5vcmc+iFcEExEC
ABcFAjpXnVgFCwcKAwQDFQMCAxYCAQIXgAAKCRB3ej6UbG9suq2VAJ9TDD3a6fsP
E79VBmop25fpGRsmAACgobOH43x4KJJxNSFM+sOY2QCv+rS0K0FuZHJlYXMgS2xl
bW0gPGFuZHJlYXMua2xlbW1AZXUuZGlkYXRhLmNvbT6IVwQTEQIAFwUCOledhAUL
BwoDBAMVAwIDFgIBAheAAAoJEHd6PpRsb2y6vC8AoIPWrHd+jYEXzo838pxFoJ+x
v0N5AJ9kyfJz4y0UjGdwMrfLCRL1+h/OwLkCDQQ6V50XEAgA7nyqQb43D5Nl+4bd
pwt+JqTn9/MnmG1Cw0h3++JAMijW/WTGGrpgpuFhtvfjs0nJ3FZMlDjdRfJ2LKa4
xR4J/2gIkYzvuI+JaiojvyaKnO/VZC10zH+kQmEfAZTSONucKPOPPrOX87fJ/SLC
RRPJdjR/kcub/yR7lZ9jI+5fKmv06Vgdx5agvL92eY14FdEhg4BiN99CKyOIdTPF
xgj2bCultqldQ0FhB5Iw+IYwqV6BJsRewrNJNoXcYLeHkOyf3ULxYwYmu/wh24jW
ibfotTy/hvRO6CBG1+r+Svqxj161T8vtFWEDdlMW9Efog3O7zjI8lXWF2pOgGWt3
7g99GwADBQf7BlcqJ8R4BrI/Z8cJbvWWBftMC/dx8F63ISjq65PKc5izq4fSlJWb
AEDyTv59Gv7qDSQ+ECnjivw+FBu//BY993kXLIE2KB0AY6jgMz7F4JsBhYofGMSE
uCFgvh9c3EO326RtkgsQKM4pOC6LFZRAedjo6LZzm9k2JZK2Xv8fsLZIW9dSEtqG
ch32Uu9AfThrFnZ6cApeRnxWZe3btBXbgxK2w3jT16j+CtIbeJGWdF8NN7IZ4+4v
PzdDAVBwAR2iUz9vn/d0fGhVYLHBFekfB0jyl9gfgPLkXyMorDOhJ1nhdAI9Jm6g
7FThPfNDzfgEPEgSyVuMqEoti01u0dw7AIhGBBgRAgAGBQI6V50XAAoJEHd6PpRs
b2y6l8wAmQHMTVyf5sddE7j9+RCEC9L3VluJAJsFafICjeu6dBMwi4QQaB0zqja4
7A==
=E/l3
-----END PGP PUBLIC KEY BLOCK-----&a.bmah;Type Bits/KeyID Date User ID
pub 1024/23EC263D 1997/03/12 Bruce A. Mah <bmah@cisco.com>
Bruce A. Mah <bmah@freebsd.org>
Bruce A. Mah <bmah@employees.org>
Bruce A. Mah <bmah@ca.sandia.gov>
Bruce A. Mah <bmah@ieee.org>
Bruce A. Mah <bmah@acm.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzMl/sEAAAEEAJbQArJB1mbsGAc0eiv6XmoBPdjXDy9wWYbFdTSKcR88iZUB
o/lie1eIyfqOFp/bbOVuCuhuCB1L/y9iS1x+rcmQgMbzelF9EbyyAoIvD3kPy5wa
/dgE7L8fAHzHzmLP8uHccXu1eGMmY93of2s7BKvrboWjVCUbaqjOOi0j7CY9AAUR
tCFCcnVjZSBBLiBNYWggPGJtYWhAY2Euc2FuZGlhLmdvdj6JAJUDBRAzJf79qM46
LSPsJj0BAbKLA/9ei7MJSASsyBm8AyC4xLSYI/ftiYBPeuHH3f4t6Hb4Uu99iZRx
+TG88DMg3ZHQZNMrvn+iMojWlvPlExFbpb0FRDX1JksB1gaadsEH6b22Tv2Uc6bd
6iYe4rav6JR5ZnDtgCAzNiaeTEZc/Tn47vM3KDqnz6gUl+zTN+8/ujHp6YkAVQMF
EDMl/4Q8L1TZGfd8EQEB9YoB/36khd19cZLdhLcaGDnbbPqRIjXC+Ha0LD9QEiK8
p4TzPhQu/QIQTlKMOm+dMUZfabiJG07QUM7/aoDFF6VoJHyJANUDBRAzJf9iWGPT
gxP/0IkBAR89BgDSitVdHQvjjV5UtbaJ34CYNz+KB2r7/08U5yeN5ZSQiqAW6PiS
SXujzHnB/kxUlG93bCq75ljwvozSomSE/n+1QKM5j+WNB8judbIuesAlKVlnej05
X2hLXfsAcJuGmG9jwlchd5uhSEBnrhpQEQh+44BKdSc5Jp/rtUeHwuu+rqvNECR8
MSIpY3IFREANAv8TVqVBxbEHGjyKR1f3iwo+KGFgcNcE9w7eWCW9FOTOe1iI550/
r/CounwRTVarkVWJAJUDBRA0BgS1YDZyE/6Ll60BAUY3A/9bVICm3lamaA/hkvL9
mMfIlgqJVG1iv6ghiTgJJN9eRSNStPB8ho4sfekYmsJOj8Dsnmgw3Z876TiAeeG8
KBDYrB2CeirciqgEvki1tof36NVrTlNfyjMe7DuRdIGwlMsysCTGQ91sjdTvQ1gW
qCOCMPq2hbUiy3O1H2lSAFWZN4kAlQMFEDNqQB+G+HorH0Oa6QEB6xsD/jlw33WI
8LNxVgySQ9IEX7F0+cFsto1iTnxc5xRTKqcNfD3h1N89noVJHZa+4Y0/EqgexPda
ADARba+e0bomsOKaGuK4thiO/UVKf+que9JmNwIW+bmvbfwQhRwaT5tXHGJDbP8U
DOhIIbfd3N6VpxmcH6azvvCBAhRpb5vW8VXxiQCVAwUQNRn9lvRZcafORvxJAQF5
bgQAmpEu9wcVqJa+P1I6iSivnY0nJJDBiXTHnGep9zwdCODRa7rZwgZptqn4naXr
rK/jAr6Vdj73b5TbwLtLiWR/MwortPFp80M+6Ff15lsO6viynMWgLFSBli2WcxIU
pnjlnt8sLs1opDV+nwoSlFCeXGMbPSal3FOA7oIdmDBbG1CJAJUDBRA57prdfEtn
baAOFWMBAc8zBACltXDpn23WLpy6jp37uZuijhGt2B8wksTv8J9ZRaUbEbpRwNe8
v0RsxqQ7NbwFUIMeVdswnF6smXPpp55SOHOa+TKOnjdJwk6jZWewRTRV43ZQ+F5I
Vt1rGWB4zXu9/umAWXvVy4cVcfvOLoYYvMucNHgawWby3qiEwsWMuukmY4kAlQMF
EDnumuHW4KH+T74q3QEBcQ4D+gK7LMHp/gktEuOFhqKHdLxbocqyKL6Nm/R1lKP/
5iJ60IWCBhz4OV4xU6Vm6T+JcMYnewdfsxuxbQndN5lhzQCFwEVrkj5/ibsCqAiD
v3Z4IOIVWOwESCM5nJVleieNZ8D8Y33UICCh/kqLzDF97PpD+kGROWi1sSNXlQIr
VdQttBxCcnVjZSBBLiBNYWggPGJtYWhAaWVlZS5vcmc+iQCVAwUQNTUXEKjOOi0j
7CY9AQGGuQP/fDgRCZ0Nq7P+IkNq1cxxHEjYJoIXbiESK5gtdWelJuxVDaZ3XbL4
/yoSIN5ZnVHZMi04P3Khgqequjwr3/rae/a4MmVQdtNrCFMSY+8d/l8bXkG8tuky
5b+Qd9ZOBVw8zbq3xB1o89qf0D07bTX2EC1glvrU3g6VV300BaHpvimJAJUDBRA5
7prdfEtnbaAOFWMBAZnhBADMxh5KVEBKn5L5ZOuXJdi1EIAk0L8bq7xbxUZ1MKTD
oWlfc1xxBxs3xfMIJFjAv5CRzrGg8y3EUBRLgaN6KzMbvmA8FQ77PIM3x/lc3jHa
nIQPlWWdCSq6WZEFtq/rOFi8WhATlCBPehwMV7gNEDh4bIhG/5jY0cA2kmfJqo06
TokAlQMFEDnumuHW4KH+T74q3QEBTj8D/i5VjPmPkOz7cKEaK2NbUnTM7bKvyKWX
7qprmjkmeunVA4LY3M68SG1NcMmEWbM4p4yl5xDvR3r7WChPKZE/5Kzvvzo76V6L
CSqy4L9pwFlAw9xZOjhRtJTrEE2HsoDeN2nvWrPpeXJtGCpZ+d9WTg4I6mxfyrp9
qK9Mj6XJKc0FtBtCcnVjZSBBLiBNYWggPGJtYWhAYWNtLm9yZz6JAJUDBRA1NRbM
qM46LSPsJj0BAQ3oA/9Bxqn1Kll1R6+bRbz2VKOCijC8iooYriFF1MBC38PsvBXN
epnXsbAkRrvwzAiY7f+aaxYOLbyG3VOTtEwGlQ8WSfc4BcHBmC8CK3G+jXn8Hk4Z
iZQ0s+khhAlIbr0Wpxvk5Prazzv417dBCIHzk0dxaDJ5dolvxA9NK2po/oTDzYkA
lQMFEDnumt58S2dtoA4VYwEBgtoD/jAqZt89XHmtWtMzJIOft9z8dXyvXXwmkuOx
91P2egetX69Ru3XzqPays/uvdFkaVgo09nHRLPGXPQ0GbgUuc8mPa0H3jn/OA+Tn
KxeB9rKY2fPr6vccP6OSeOk4nbHqPqfz7/U/edbHZ88kNu4iqiH+dDB0L7QNGK9p
l8Zpd5TOiQCVAwUQOe6a4dbgof5PvirdAQGDDgP/SdujS5XMRbqKMe41f5P0TMAm
VeGplK1mdX4WRmB+wvdV0ddIiEgSQIklmNM5nIwYzRGNLZrRBQNDArOO4826Amvu
lntP6+LmN+vl+lmOA6kEbVYFnADkNGP3jVmwJ/ni4luKDWevMHpxfHTGoKKaKA9P
A4WaT+49RRX1RSGkWU+0HUJydWNlIEEuIE1haCA8Ym1haEBjaXNjby5jb20+iQCV
AwUQOUVroKjOOi0j7CY9AQHdzAQAiq+kDC2WEAG3gglnEIG0oIp292a2qhrDIu1P
d+xUxXoPs8OzqHe1D4RaJiEhDMmQ1t6kJbUdzTKENzjyT84KbaHBgYujgcLsGqmx
nVDxkVC6YlTXOngI4y96sw9k2HRELWTEGfAUFCPmAQOWH/ftDEPCvAZHXrTJaRSr
nkK80NuJAJUDBRA57prdfEtnbaAOFWMBASUzA/47C9vbfPB4sqLpT+PSZ6cOkPXp
Wn4ddvYC7iTCE8Jn9E4V4v86wUqWScXK00OO6suFERj8b8gFsWhR+ud1a8lTMuKt
lmdJw6S2XWFadTQCDUPoOul4WlUwEbhWSohSoTu/FFJ8AMgI6q2Umeo/MANga69L
SXnYuG31GxEZPEknkokAlQMFEDnumuDW4KH+T74q3QEBXw8D/j4k+AzvQg9rY3Pm
R2qUtjPm2JBw1206J3XCf7CYwmhuMKiLC3EMqfwu7U43+sD1xgIjOV5Y5VFz6zQ/
cZ/DkRexCIJYe6hXhqx+VVBRCRUsQnCDkrCr/sX14EsgQoFluIKfuCstxtLe6F/g
OCAoHM0QG34Z2IrThLWSo/oIhNBstCFCcnVjZSBBLiBNYWggPGJtYWhAZW1wbG95
ZWVzLm9yZz6JAJUDBRA5RWu3qM46LSPsJj0BAQrYBACUnUQn0t6tnxAJMQxgje/L
kNGkZOzGNMazfrFPe8+iDCq9nnJ7zkh2OtSNTiS/VJqJjT/2iDjCxWG4Cqn4eBUD
1d8GW1klKeK3yUIFlfAsMAfQshhPQ47865UlHWvuePLS/0L2rLofu/++7reTzYW+
4mnzeXfj+UKAqr5LlzlFxIkAlQMFEDnumt18S2dtoA4VYwEBnGYEAMc2YVJk8YsW
RJjU9zKtsbfMabifvNUYvvkIi42du1t+brnCXf5aFnFjAAO3sGbEoTRCEbT8SRPU
hbk76R++bG02XmCYepWX5iS3I0LUzVpqas1t0H/luc4mUgOYDUhsPWuBtNmYuuxD
uMSCgL1ZUPb+S5ZLmYMk5hxpKQEEO94FiQCVAwUQOe6a4dbgof5PvirdAQHZXwP+
INhyMrT6qLG6+fjYWZ3hu9nvXO11MtPtNObo7VqIERSRqccvhQO1ut04VXb5Na+h
AO8kTnqS6+43TZUWtAkKLmcZakgb7juFXxnM/BJP+UmMr08LMkB5Yf3VNfrdthbt
GyFh4tY7kYJFa+1K7CngPvRoBbd1iHO419O6MiLusoa0H0JydWNlIEEuIE1haCA8
Ym1haEBmcmVlYnNkLm9yZz6JAJUDBRA5sD/kqM46LSPsJj0BAaWJA/9kzr2n26NW
NE2PscqmABhyXXDZptY7t6NRAc6yXgPnbXs5AlAkiL+P0FLs1P9MMnw7PCd2TAXd
MYLhPecx1dWJAiaRNmoJBaPknnr4rqNKM45XbPfkJAvvSVGNi52VHcmrnmFdSX6L
hUwJzVha6TT4Vel5y1DEPYIUK3FJllTBQYkAlQMFEDnumt18S2dtoA4VYwEBNh8D
/Rdov1S+koATxQAb/8uLK8rYnmDL3PfoAhogrpQgz+9G8O5mwJtzoHJVYGGVEzTV
3L/okFn6UlX4Hms0RR2JYlcwaL+D4aZKV6vhgVh23yh3xaV+wPwzHqtjPxyWKapO
g153Fn/UquFaX62DzzWcRxtd3Fi9tiGtdyOVmQQlaV4qiQCVAwUQOe6a4dbgof5P
virdAQH7XQP+JI0HzuV4ycNw2rnLU4iNrINsC4ur5hTW48CQcX8/HFkTuygzFKVn
AlrKEytdfJPaFMt6UAqUPB+NPJ6fwtJkU0cNsjCsZIGBh8AumyT560BWYm3iIac4
Zn/9dKslg+SRJZU0T/A+Iip+3oFz8cl7BrkPgI1mLvUTOuBj4Kre/7k=
=aSn9
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0x5BA052C3 1997-12-08 ---------- DSS Sign & Encrypt
f20 Fingerprint20 = F829 B805 207D 14C7 7197 7832 D8CA 3171 5BA0 52C3
sub 2048 0xB4E60EA1 1997-12-08 ---------- Diffie-Hellman
f20 Fingerprint20 = EF87 710B A12A 93F0 3529 E578 173D A3CD B4E6 0EA1
uid Bruce A. Mah <bmah@ca.sandia.gov>
uid Bruce A. Mah <bmah@acm.org>
uid Bruce A. Mah <bmah@ieee.org>
uid Bruce A. Mah <bmah@cisco.com>
uid Bruce A. Mah <bmah@employees.org>
uid Bruce A. Mah <bmah@freebsd.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQGiBDSMdS0RBADQE42S0MDRcjiuM4mPH4NL2m60OMHgq3mYuIzrNkRE4jSzZJiG
8jBMl5VysnTkdvL61gH4aihIqioULOUq3L9XEtlrLbx1HDXEEdAdhARzqPapD4x2
FbHpjb0wjxQ7RmXXvLHDlPa8x8K48BJjZ+9WhPs6TKu78+I+9cqZ0u1KKQCg/2ls
GAGht29FiOtHrHFVMKl3WXMD/R6wl33Xsb7mwFROBWoYxExqSAZ9xeI5KUtQ5f2U
eYSbUfxCTkcBIImjf6UhtjLTs6Rc0ouYLHOHu7wxVVzA0x3UpcEWUkNXWsy4PO+S
j7PdzKi52BzR2LY62DoBTUARAaIsvp3fV126NPBHR2Isflo2OlEvwKGJ40IJMLGN
d3xBA/43QdXUcxa/FFAeCroYr/BkWPYz7Oh1HFBTa9xxrKL5sLDJChp/yLFoVhsG
0t4w595cbD8L1n1PckcaKVK2Y8vjafJKL5k5Ea/CnF0kO7+Q3RaydqzOcS2yP0n2
ZLQ+sorNz1huY6hrJemH9SjWnYKg4xbxfQzRBcfRxGQv3usvC7QhQnJ1Y2UgQS4g
TWFoIDxibWFoQGNhLnNhbmRpYS5nb3Y+iQBLBBARAgALBQI0jHUtBAsDAQIACgkQ
2MoxcVugUsPDfwCdE4eVXsgKeXGph2UjRJ08bcm07KoAn3wjzXJ3OAugV3xd/P16
L6EvLE6QiQCVAwUQNI10l6jOOi0j7CY9AQHawAP9Hv0fwpPbQC90t8sreFT+ObRl
zYSQnOHV+XYcqi0DJ+nbZYB+60CzPxHkchhfqLi0zsNYbqlfyTCJabMS8d3n4aVR
ke+eMpD8UwsBGcfOg+3H9aFfsNDF9qC46eaN2ZEbMpsMaPzEMvdvzIWY5pF1uziJ
s+hqPNpndOv9bg9mr+qJAEYEEBECAAYFAjeDt00ACgkQITxeNPGCC1UxUgCg1lWZ
vk7ci99tGLN8YwlkmNHWfGQAoOvmztFkBb4Joy4KcMOM3/QPedw0iQA/AwUQN4US
PK+iAUnWOX+nEQK/RQCg/Q34D+y74SwbsDKq1PFzRKRIbUwAniLwxuIjOT4+Jx/6
GbUf6BfFafUqiQA/AwUQN9n/OWlM93/mX/l7EQLDZQCfaV51kpxPgnf6Phq5748s
gmarZroAn3NskDMAtcSHqTyYfFu7SNOxgWIdiQBGBBARAgAGBQI57ofmAAoJECAV
MdWEXf7doVsAnR6nzyVm9sFceFaDLaHeUUbUPbRdAJ9nnNWEsxbnqeAwenSNtyz9
OL6EOIkAPwMFEDnzsYN3zinFj6EuIBECrjMAnRIxFEDvi0bBwYtYbADEFulWY8zn
AKCwfvI7YsVOkMDtk4nEuWwK6bKCzIkARgQQEQIABgUCOe6NVQAKCRCI4Xsd/OVl
YfzcAJ90xj1zsCx/77XSTRhjOth7YuT55ACfQJZMfNge3GcyXVSRAKsP4TQ9zYqJ
AEYEEBECAAYFAjnujVoACgkQGPUDgCTCeAL1GQCdH87/riGhtvgx0QqEmCOmoTn7
46MAoIYOCTUpM3bHKXjC2+ategzNcCPftBtCcnVjZSBBLiBNYWggPGJtYWhAYWNt
Lm9yZz6JAEsEEBECAAsFAjd7oEIECwMBAgAKCRDYyjFxW6BSw7j+AJ9+VDcZ4K6n
Ic+Ap8WKSTMXXKFvAwCfQOokhn2SUd1xYY/PZxYcDs9I8YKJAEYEEBECAAYFAjnu
jVYACgkQiOF7HfzlZWFVvwCg1TprYy84hGQ0cYsnopjkMtnENKQAn32dSqKRg4zo
tR8It3Yh+XUpjjsDiQBGBBARAgAGBQI57o1dAAoJEBj1A4AkwngCSKcAoMilohdk
KkIrvKxf09b7f+0vuc1rAKCeDKdjlNY/AR1nVp5096/oz/f4ebQcQnJ1Y2UgQS4g
TWFoIDxibWFoQGllZWUub3JnPokASwQQEQIACwUCN3ugVwQLAwECAAoJENjKMXFb
oFLD2YsAn2OXLa+VlHLnWVraRVjB4vdjUMPoAJ0emVwKCho+tJ4DueuSTSx35kr6
RYkARgQQEQIABgUCOe6NVgAKCRCI4Xsd/OVlYYxFAKCf6zxIGbP2FJ3w55jBiyMX
RYc9pgCfRCnEPNt967dKXbeMb0V84i7yxumJAEYEEBECAAYFAjnujV0ACgkQGPUD
gCTCeALFVgCeOGHzQYS8qwb2R1Rv92gkTynYEhsAoPVrNmjEyL6kgfaGzimUvujK
p/j3tB1CcnVjZSBBLiBNYWggPGJtYWhAY2lzY28uY29tPokAVgQTEQIAFgUCOUVo
NwQLCgQDAxUDAgMWAgECF4AACgkQ2MoxcVugUsMScgCg0OaBootiOUwm8MtGV2lf
Pjbq+WAAoPVcDuDNno9T5lkBIj/Ko7crIwjViQBGBBARAgAGBQI57o1WAAoJEIjh
ex385WVhuYEAn0KTZ+sr6nbvOM8wQbLfpeoYWWjkAJ9kiU8uESWXramTTKYKEHyR
fjEVG4kARgQQEQIABgUCOe6NXQAKCRAY9QOAJMJ4AjlXAKCZLs8uBMTSG3Dnpw7p
ZLVPD8yhdgCeIFoHT6HrRiq3b715bc5GZhhFlhC0IUJydWNlIEEuIE1haCA8Ym1h
aEBlbXBsb3llZXMub3JnPokAVgQTEQIAFgUCOUVoWgQLCgQDAxUDAgMWAgECF4AA
CgkQ2MoxcVugUsMR9ACffGTZ5+6qgLC0RFqatxkJ5YwqwgIAoKgsCGMJsAIpxhNb
XG5pelXhrQA9iQBGBBARAgAGBQI57o1WAAoJEIjhex385WVhNHUAn1SHRpqXn1uq
q/EzqxDVzN/R6JaHAJoC+Q3Rv52FH1FD+i60ubtPwNgbxIkARgQQEQIABgUCOe6N
XQAKCRAY9QOAJMJ4AqaaAJ49VuRD0CycI76yqRns1hx0rktP1QCg1TdP2OAy+dbm
AMpNokTLzjvuroW0H0JydWNlIEEuIE1haCA8Ym1haEBmcmVlYnNkLm9yZz6JAEoE
EBECAAsFAjmwMzUECwoEAwAKCRDYyjFxW6BSw5rBAJi1vpq8RU0pn43HT4VJWybp
BuTdAKDXv2O9eGilbPVRjmEgOclE3B09JokARgQQEQIABgUCOe6H6AAKCRAgFTHV
hF3+3TefAJ4qgtByxD6QehEnn8kCqUVZaU3AvgCgiMtlhatZQJLGAdf3WDFOfsM8
YpGJAEYEEBECAAYFAjnujVYACgkQiOF7HfzlZWH2gQCgqZAhZ/6HGYl/siyRgDNd
QRSLXBEAnjMVjCjTh4pXuxsMdc8dHXel9lbRiQBGBBARAgAGBQI57o1dAAoJEBj1
A4AkwngCtb4AoKY5S5sCQCbn19SraaSTPVBmImyfAJ9fG/FSYHCMNt194t9uixew
oBCLrLkCDQQ0jHUuEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadW
oxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeS
Wc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0
iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF04
0zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQ
ClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAgf6A0oIHx7GA/Wg+7Xy
+rZVKyrOQ+bxzDQbpNNwDBP5mZ4NoG6tgX9LLpLkihRlmL76JsNHhQxaSHOU9mjm
uAZgNVlYRE+O/fTIlLkRrBkgn0colEMy0EFx8/UsTPu8j/RBURcrAD+ony+vXyl9
cb2HEfpeUWhGQC/WdIhPwRKCK2fIZ75Szjkd4tgD9+yYUEfGCbpw7bRwqHRDEdVy
7qx7nHcTH5Xq+vdqJ7ZlsaNMNhDukS3RunILkTW5q9WeW9eabSSyY4uCY81YP2bR
F/U/FPM/mYbWNUELgSmN/YkSwWLGgfjcCObTwgd0FOW7XZuJ71R7ytBEn5kDt3bc
vULsB4kAPwMFGDSMdS7YyjFxW6BSwxECd5YAoKUcWpHjSL1KbOH3Ud52avzESk7C
AKCOQUeC622jsKntTOR5R9Vv4wyyKQ==
=L8Lf
-----END PGP PUBLIC KEY BLOCK-----&a.tmm;pub 1024D/419C776C 2000-11-28 Thomas Moestl <tmoestl@gmx.net>
Key fingerprint = 1C97 A604 2BD0 E492 51D0 9C0F 1FE6 4F1D 419C 776C
uid Thomas Moestl <t.moestl@tu-bs.de>
uid Thomas Moestl <tmm@FreeBSD.org>
sub 2048g/ECE63CE6 2000-11-28-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDoj/ekRBACnO84k2i5lLHZKscyV8tjQSkkr26hasdbc/uyV7HTiPhMUjEAz
Pamk+bDmy/Ls8k0SJ1l0vILBBd31G5VYtKonIrgp4vZ9gV0fBdCyFDXb8bh11Pk3
pEZiG9vJevq40OPvsThLKHCLNhZ5zLPp6gd0IHwRJ0LU94pouFXd33MzrwCg4gTJ
K00Dw0w1hFtUsq6WjNC+1B8D/2WiEuzBMnO6gz0p/eJ1eZ7mvrBXLQZ0u5vJ3eg2
CCPrtS1ZITq3ICPDN6biEiMgtRmlYn/VYvDQqxwNE0X2yMfB/9sdah45zma9EeVn
Iy8meaCFDLhm4aIYc1foUuz3WbCNlJFY5xYPXCMXLkC65xdybHKng5TXh6NOOWf3
PfCWBACPMotTRKttAuw5YcZE5VDrSXPYHu/jm2CpIVmrac7+kDj9pGH9sB7BdUxw
vczqtAT0jk7MrT+u3FH9wBtEFTXl7ksGTmDOFWJgYn3ZOEaVaX/OqD89UNhrOA2v
ZOaaoKMYxK/pszPdr1Ghd6BQCmYKtLBlFYiTDRM5UMVHTqN7VrQfVGhvbWFzIE1v
ZXN0bCA8dG1vZXN0bEBnbXgubmV0PohXBBMRAgAXBQI6I/3pBQsHCgMEAxUDAgMW
AgECF4AACgkQH+ZPHUGcd2xMLwCfdEkPZVBgEmYnlyOKfyTSslMhud0AoKDKZNXA
huNslb4KF8yKWBNRwfPStCFUaG9tYXMgTW9lc3RsIDx0Lm1vZXN0bEB0dS1icy5k
ZT6IVwQTEQIAFwUCOo01FgULBwoDBAMVAwIDFgIBAheAAAoJEB/mTx1BnHdsOfMA
n1xd4f7iAe6id42DLg4W3fibsCwsAJ0cT2lf08RhHkT+zLVoubyIDoY6ILQfVGhv
bWFzIE1vZXN0bCA8dG1tQEZyZWVCU0Qub3JnPohXBBMRAgAXBQI6pO9pBQsHCgME
AxUDAgMWAgECF4AACgkQH+ZPHUGcd2z+7gCdF5fq/lebn3/gp40O8xP/J0XFbiIA
oKJP186L04qpSNamc/qG3gs7h3DGuQINBDoj/wkQCACl8M8ObSTJaOY4SgoQkKgB
CkJJP5ScUpfYV9w3dxKL/77cyfghfYsnAWuA9yXJcjA0F+u+jRf8gS7OaHD9H9Mm
pMGq54Aa0KUQaDbL/Jzf5zrKS/RASHzl1vYXuZB1OIzPfeAIx9u3UaziVEGXJha3
1KgTur+TU+F94ZFTi8uApq2VoNT6sFi/V2x79bxlLFr9M9yD/0+kMZKovWRODy6T
gWJzzcdd//dkvKp22tNf6C2wq8Bu60cWR81+awgG2otgZjCPUs2Bwhqa5opeUqGn
J+f+PXo6+m2UF21m1vLARENuumu6SXf3XqGIUiQbT6jCdJORzwaxeCiMfu0qNnUX
AAQLB/9u9gZN0N0r21ZjM6ZRmDC/REouCdYHEj49+f9g/xLXCfacpWVcrK9lIrcg
hxRE2mQ/nlQLeHroC3Dp1AfThKSPFX3PRD/9CcRu480imT84ljf+6vonAZ20Edm5
vVO+UoJMZQ2G+rWRRf4bDfwFoyDw3DsNmUL4yH8m2RpTxXn0pQtD2riJD8CBCXEP
K95TYT4MomJ7Szg7O5/QLngfw0q6QdKRm1vEIP7r6t+UbVNp9+5g9qvz4aqm3beY
pw1QCDHcqpDITnlTxTdV2SgNpF8JPg7joaOa36AxWwRzfLFyzyw/JGQE8RwJa8BN
iTu0IrKuiF1biRxqiYO887GBA/8QiEYEGBECAAYFAjoj/wkACgkQH+ZPHUGcd2xN
TACgkS0AGqqd2nLtWhpbE72tD660tv8AoI24cRkUa2op32mti5zfLLMsM4AZ
=76WN
-----END PGP PUBLIC KEY BLOCK-----&a.rich;Rich Murphey <rich@FreeBSD.org>
fingerprint = AF A0 60 C4 84 D6 0C 73 D1 EF C0 E9 9D 21 DB E4-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy97V+MAAAEEALiNM3FCwm3qrCe81E20UOSlNclOWfZHNAyOyj1ahHeINvo1
FBF2Gd5Lbj0y8SLMno5yJ6P4F4r+x3jwHZrzAIwMs/lxDXRtB0VeVWnlj6a3Rezs
wbfaTeSVyh5JohEcKdoYiMG5wjATOwK/NAwIPthB1RzRjnEeer3HI3ZYNEOpAAUR
tCRSaWNoIE11cnBoZXkgPHJpY2hAbGFtcHJleS51dG1iLmVkdT6JAJUDBRAve15W
vccjdlg0Q6kBAZTZBACcNd/LiVnMFURPrO4pVRn1sVQeokVX7izeWQ7siE31Iy7g
Sb97WRLEYDi686osaGfsuKNA87Rm+q5F+jxeUV4w4szoqp60gGvCbD0KCB2hWraP
/2s2qdVAxhfcoTin/Qp1ZWvXxFF7imGA/IjYIfB42VkaRYu6BwLEm3YAGfGcSw==
=QoiM
-----END PGP PUBLIC KEY BLOCK-----&a.obrien;Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0x34F9F9D5 1995-04-23 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A
David E. O'Brien <obrien@NUXI.com>
David E. O'Brien <obrien@FreeBSD.org>
David E. O'Brien <obrien@cs.ucdavis.edu>
David E. O'Brien <dobrien@seas.gwu.edu>
David E. O'Brien <obrien@elsewhere.roanoke.va.us>
David E. O'Brien <whois Do38>
sec+ 1024 0x7F9A9BA2 1998-06-10 ---------- DSS Sign & Encrypt
f20 Fingerprint20 = 02FD 495F D03C 9AF2 5DB7 F496 6FC8 DABD 7F9A 9BA2
sub 3072 0xBA32C20D 1998-06-10 ---------- Diffie-Hellman
f20 Fingerprint20 = 0700 6058 CE6C 1C51 D0A3 45E6 26E1 A405 BA32 C20D
"David E. O'Brien" <obrien@NUXI.com>
"David E. O'Brien" <obrien@FreeBSD.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQGiBDV+M04RBADXKeFCmXsTfVxqwiVHv7MWoP9uzUuILtt7QIDGLyEWdhDkqUXq
Ux9yrH6B1y4q38XI7Z2OFh6KEXDDZyOR9ntsA0RF9+h+e92RfN6Co6F3SOyTuBuA
Q+jV+Hl0mbh7Sqjl5SjTMjT3AvHnKM21Zac0zmjhhXFprSSILcMp1HBchwCg/7hP
kuoubQUxdH5SjVKrsystWf0D+wWQ5PxKzz4lLDG2TZAgCD5C+a/IaXnGYvXjOfc2
ktLChwVIxf7Z9cEARDOWEHPfwkjn0OEhtX7teUiOx34h3/wIVPN5IfqhHVCcEUQT
R+ZwYAYACqfihfyYdzttVDGvHMmUwUgu2zr19N2olREqPA25hls7w7F6UlN4d+PF
zljWA/wMHDG25k9UnDibKbCXQOhDARusL6YoFN3JneA4y/TM3rgoUQpBkk99218v
LlaSz2TXH7ne+nxldX8IigN/SG9u6K6eWJ/LKSUuLyeo1r4oxGafCzteQSaBBOuQ
hXbpX2xEK3wQ64NdnXlBZfBy5JEa+3SWpTO2iQC7JNtI0nLjm7QkIkRhdmlkIEUu
IE8nQnJpZW4iIDxvYnJpZW5ATlVYSS5jb20+iQBLBBARAgALBQI1fjNOBAsDAQIA
CgkQb8javX+am6LP8gCfXYmb3/0O/9viAhq4mXOMRM7GEygAoJCRiRmhfz84yCC7
GSY/Li2Bi63TiQCVAwUQNX4zzWVgqaw0+fnVAQF21wP+PK9MlfIcaOAuQVMgQhsD
Wqlj/DdxtsxT1GOnlHp3JGxdThyxdBDrxmiU22a6216s01fN5Ac25USeKRCcSVyG
0+G/Xd3VfWDCEQCLNBwblAGKW9BEZfJhS1xOuTEYxgbmuvrlLTdvWm+MwPetv8ka
yhD1LM4rVovMxenaPYUub2S0JyJEYXZpZCBFLiBPJ0JyaWVuIiA8b2JyaWVuQEZy
ZWVCU0Qub3JnPokASwQQEQIACwUCNmOeXQQLAwECAAoJEG/I2r1/mpuiv3oAoOBm
ZIDRolksEb0iNP46X96pRsU8AJ9nTPnCjxfj9oP0wQBslElAS8awfIkAlQMFEDZj
ny5lYKmsNPn51QEBkUcEALYsZckj5fs7uUzjSgyzF/2RrHJ5gGrpNBwikiy1+wdZ
6bz8CQ6kcYC3Dap3iHSc9KWTn6sK5ZvYXcYD9k7is8V8zuitUrrSGWpY96qmNsCT
vPSwfwIcyhYSIJYjdqmv4EnKo2mwkY3zqOV9DT1ABFLSI9Eyy8ILeuhrm9jWEXs0
tCoiRGF2aWQgRS4gTydCcmllbiIgPG9icmllbkBjcy51Y2RhdmlzLmVkdT6JAEsE
EBECAAsFAjZjnroECwMBAgAKCRBvyNq9f5qbopXDAJ9VboPXKbLDYCS2jYZg+X7Z
or1ZOQCfV+u96L4zxj10Z5bHhpJXaXsq1Aq5Aw0ENX4zUBAMAMwdd1ckOErixPDo
jhNnl06SE2H22+slDhf99pj3yHx5sHIdOHX79sFzxIMRJitDYMPj6NYK/aEoJguu
qa6zZQ+iAFMBoHzWq6MSHvoPKs4fdIRPyvMX86RA6dfSd7ZCLQI2wSbLaF6dfJgJ
Co1+Le3kXXn11JJPmxiO/CqnS3wy9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlL
OCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N
286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/
RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2O
u1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqV
DNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6UwybwACAgwAm1JzkDnM
N7PqTh/hWMfxpsl1WzwQ0LecB/15UEKvqUZeRFcTCPh/6lVvJL64K2O4mVwTUnX4
9EYDjccK/DQQEpEJ3XfOt/vMGFQXXO8frj4ulxeSQAaodmrJsfBexeLIatFidkHy
5pN+5dpnQZhcoRrjpbK+mdu9gW4oImUKInFV7mIpVFK2sYQlkP52WZuPwXtkWjoa
l+43oD7vGZpIdT6iqCI/hwF64bP6NtbVRaI3mbXOn+S2qdLf5YRROBavVa7yvBrZ
7lOp71aGb9TjpOpxPWoISvKj9uzhFtuzh+k8ABv0hPNyF3iKaBWaeNEVpYlR3hOu
ojcLG+6+X/GTbFbcFxeybbajkcksIs1oNSpRaNqHVpgBsbN59w7Tmva62bLz2R5U
XhbmRuqvQujAwT2+6PcD1Ra/QG1QNyoM/leLhLjOjQGZ+SvlxDhDsgX+W3Y1QXX3
e2Ual4c1K6itgvR02hKOR+IOl+IFB6dsd47cjyh0xuhKpjsEsE36aFk1iQA/AwUY
NX4zUG/I2r1/mpuiEQIDyQCeOvK/V0VRBNZNAYknb2GfVTKVJWYAoMXeTJABkMDL
P7bUxAmeYnY7l0UmmQCNAy+ZtI0AAAEEAMPph+5fYQ4pUXUCgsXGqWi1LuxtqSP3
WC/20zlqOUq35T2e/3dEqFXB1Rbzz7rhI8hraDyGybexiO9OcQMbxSKBha+BnMyq
hoTM7bmzSZCRSWtIQ3ugC5Q0O6RUkrHL3k88h/Q/9IrqCXIesMaeeWOIit7tJ9dY
gWVgqaw0+fnVAAURtChEYXZpZCBFLiBPJ0JyaWVuIDxvYnJpZW5AY3MudWNkYXZp
cy5lZHU+iQCVAwUQNHYnL6v/B7RG8yEtAQE2QwP/blDA0lFO0AH1/Dhvlc1ylPEG
mQw0FDldz40N4ni5e3gRPdTy03AWrCDQMX7xLJ5Zd9HOA+IiPkDkj8OQkA9WUrPh
HhAUMy2yh2PSnt2mIJ8dv4M5eH4H6IJPjMu6z08UvkKdXlpd9Ku2aRgyshV9dHFV
ikMCMLTdk/i3RIApY0iJAJUDBRAykexbym8rg/wMAtUBAQSRA/9zHA9hUeLO2nVm
d37pndP40JYiklLyw9mapz4xHQ8bsEVdERXQ6MdVNPa46j1RM1VdZMI7fBlK9aX+
c7GW6swzEFC1eWtVnzeMMh46MEQLkAoYVOFRWkXH9hzGdEVcaJn9sSuoQ+KiFu72
LVNg7KJI6v48CuWKep0H47nhuKPwbokAlQMFEDH/SvU/2TrIQc4JiQEBl88D/1d/
WSV3W6RwZQUnbSp1GELg5knB87imzxf3t328/vzRRFUgAeB9qcW9fYRwdhZDs4ff
UASm2fXSbXocnRdGDJMKaFZooJpYK95vZFc0irLhI92w2RjLH1tF/W0TCopWMLN4
KuqYX3PLMzQEcj08w3BcwWXwD0UuVD91d4WeljRZiQCVAwUQMZSmW2Vgqaw0+fnV
AQEkAwP8Dre9osgnIJLvVQlPLbuSExdrG8+m9mae8vaZVuFJFgo1x372oaZok0Vx
ZHOkulspC6Mo0B8cPCI7BkfyfthHHZwh83Fr+MNfwjiG/JQEobvaTok+aU3cwQjz
anQkBQZX/f0tYxTx7/tTWxMeR35CW7sIYgAsutBhKSPGC4VAe82JAJUDBRAx9B35
V0EEo6SepNkBAT6YBACwTyfKQ019/Qgg04I0gEtJCiV2xa1ms7xpOVQj0TF/rzfN
Z45BzbOKOtolsSGP72ddjqpgjsZ/7g3Z4VG83c+QDJVwEBpUe1D9DX8cEKMTBjZO
JTTmGS0FIRrszddnLLf5gqNCWPYlImq8DR8Mjsy/vGsotkSLfKs7sdnzE7o0k7Qy
RGF2aWQgRS4gTydCcmllbiA8ZGVmdW5jdCAtIG9icmllbkBTZWEuTGVnZW50LmNv
bT6JAJUDBRAzZsMkZWCprDT5+dUBAcE/BACFUS0dN3dp6+sYxhTav9QfqOpWb/ay
hwcUKoxuo/4c1IUDZ8sCkANIRLnFUjC8irF0oND67KNU2vZWRaqwJ6ghQIkrfRHf
wUHRWAcoE1AFypHgOnE/KXuwmqkqHFmE4xpn0Ozpdcwc+KOSUFjToBgpAIwcZfIG
3e8o1e0dj4PJD7QnRGF2aWQgRS4gTydCcmllbiA8ZG9icmllbkBzZWFzLmd3dS5l
ZHU+iQCVAwUQMPa62j/ZOshBzgmJAQGY5gP/ZXM8VadFIywFzN43xK0L9nc6SwwI
k0FaddKYvmvJgMz1Qp5gn3DcuH0CWyJwH3uRQvIMQXvQ57Iy3x4eb5WcwxwDaW6u
TzC1uQtooAaAINCJuEaXrw4Q+uuGYGIAeh1x4TwUgdxmmq56cfkeiaXwwaJUoOga
IiDd6vpM37ZU2gyJAHUDBRAv5F+Q0/I/Qidq6hEBAThXAwCnHV6THDI8Prkg8DXN
KYzhGJH56WlujCpzqNKm8AC5rkp/5dtfiXsqadZK/VXlip/bXFB7nAR8k87MMXrt
tYyPylFCEc7kLLqYJ6KeS8jTa6Q48W0LzbogSF/owFUL8bGJAJUDBRAvpRUNx4uq
hJJkHpkBAWiSA/0b3F9ZwqMLFsSv1MAQOwoiw2QpAoQWV+oa4CNJVY4GoQjIbRZv
WlkRAocjfv1oQr2dU1KxDmZCT8TolG9gQ232rm4n2anr7A9RVi3zdgvu6/VgklLL
vzy12vV6y62CIB4s2Y0yY6BHDe/PyIpgmjOZLINIr8fAdLvNnZD0rmGkMIkAlQMF
EC+ga/DKbyuD/AwC1QEBMWMD/2HyNJHmnL3A/LpaSOxhBuaXwHZ9WOwvOhBswj5v
kgVh4ORFgtOdIskrO4rzMefVoV5ciEPQJFjk8L2MwC7zgjn2IT3TH3m4s8AfTStI
lqbaASo+i9FhyKcAOW6K85NcYCfmo31sqWZ2wU0swgWz+uiGcgVpvvAbf636L7xh
hjZgiQCVAwUQL5rlIWVgqaw0+fnVAQH+0QQAspRF9vtjuZ60MfHmhXkvJtbJXxxM
kog1SWVfwcOfPrNlDtsxiVDSqypGoQgMykyTW2iNP78cji17bW5bRP8UJ6Z2buV5
kzqDfw17fnwvyNj/fiLPRsgV5mMPMug4pbkLzC0b83zy+iITSCtVHd6IUSa3BZPm
VFpX4OYphDiRfEC0MURhdmlkIEUuIE8nQnJpZW4gPG9icmllbkBlbHNld2hlcmUu
cm9hbm9rZS52YS51cz6JAJUDBRAyZskiZWCprDT5+dUBAQ1RA/4ml0nJM5iZkpYu
BJd/kUMLCsv3k+ApsMxB/ZBZWCfqmGBN7SBu6FTIgZCjC4/eUJPcLdMTF6NTbA+D
7BQziV38lHCfo5d48Bq2hq6Fb7ti2/9FIgvalz5jSnmKKUAq7MHceRFJAJi1wOJY
Hz0tYBHhD0EFSmzHNgwV4VA7m6m3c7QxRGF2aWQgRS4gTydCcmllbiA8ZGVmdW5j
dCAtIG9icmllbkBtZWRpYS5zcmEuY29tPokAlQMFEDNmwwtlYKmsNPn51QEBphkE
AK70I7FWzJfGMmtej7gN1rMliBxsfxxmy1DZVSVP0T7xkniIvgfmoiq+2Sn14iJl
2Lb+i+/3ADS5XQxl09LciSq6YqvPhQZvAuRj5UxMO0nC4zO1+Jr6pxXH8cu5kx+5
MAH9/K4ktbmL2RvtffJRJuv/0nyn7h1rRHVgyP+Yq6x6tB1EYXZpZCBFLiBPJ0Jy
aWVuIDx3aG9pcyBEbzM4PokAlQMFEDHR+5BlYKmsNPn51QEBzMAD/R+ridxhjUWo
JKpAfecs7rSTPq+ajwiVMjtykv97nbVOpFM4roctdiudUEjj0P6g331MsZOVST6M
6sdztj+OzQhEtmQpw1SyXclUgaK2HsA9opIWQxU0XsGsiOochbPI+4ezXDvPeHgG
YVRNDuFzb1BiVbauATXaq/HB6xDsHagdiQCVAwUQNmQ33T/ZOshBzgmJAQGrCwP+
NNVRnjjcNo41qkTsRW8bhqhbHrHBOlAfq+3kT/gM1xUAcYsQOKurgBGNMAr3wew8
ApsUz7QgatFLTgxBNX/vS6/7hUuqNJhBAwpCG6i4lUFmJKONY9YND9tP6VhNMdBL
F76yUhxORPu4vcxPOqchN/Jgkevjf9ONnIYDeV/hySm0IkRhdmlkIEUuIE8nQnJp
ZW4gPG9icmllbkBOVVhJLmNvbT6JAJUDBRA0didEq/8HtEbzIS0BAf5oA/43tqeI
pgkuyKvCg28bX0YtQBSJo64ohFsSgQN2FANfpghH8dhfQt3/AXH3jOisHA7ESTNx
ZT8yxPl3T4ZhZ3VILlldeuAM4g1U/ZDS+IPJMu7Rzwt4XYy725X+fLVeWoPIuIgp
vX8+8hc7v6NkV2nwBMgbRGoblAzas2K79skXvIkAlQMFEDMWkrZD7IadE0shMQEB
PbAD/06rmYrMb/Q/arblxzZ9DOpwuksv9ColF/vheexCLPzBcqtqxQ2li6f02CWA
RH34P23gC5m2wUj7I5+5LvMOg1SFimSrlmvg8ZhgfKIvFjwbPG/g5rVq0/lcyNGQ
/lTPJAsREBwcnBhkr9oT/BeRS7uoWykN4NM01dnx12upXvX0iQCVAwUQMpEBMWVg
qaw0+fnVAQHeawP+M7BdBFis4zNe7H51+BA0i35yRoy1efj7bS7QBqPes+oxTpAi
hO+wxwbXjurdNjCruldi926NCls+MLcSsGczWCHhe+o+Gp/xppjN9QX7SvHBVtSH
nlUucwLpgdj4rOMcPjVIwLkH95JwaiDW2iO876rGuLbcn7oGT+3Ww1psEDGJAJUD
BRA2ZDeVP9k6yEHOCYkBAfVdBACNSHeqQjRkeX2pP1woHSW4AD77buMHma5bno2F
yChsCN7ZPdAlGixiscnwd41+nxuxiK2x/EyIuzs+9EYVtiikWeQCkR8ajGH0xXOK
H+W8Mun1RtN9S8HtJWxX5Pfz8LHOziT6Y+HwJmncAIIbY3N+Yhbvd9XAl2l6OQ8c
uSrrBIkAlQMFEDa+UHHKbyuD/AwC1QEBULYD/RgnK84Wf37e+5WGQbHgzUkrXXxz
fFpRTEV0owBSK5KA7+qlGVQVFZJ/Qz4dEwU0EAHj72uaxVuYAa+fCaOzD/G6VOv+
4r9zout8dxPYfK1RLPMg/5hn0Jqf2Ce733ibK8NUYtjMY5z0F5wjEdiieSsLIsT9
J4dB2ZODT2Hfe7brtCVEYXZpZCBFLiBPJ0JyaWVuIDxvYnJpZW5ARnJlZUJTRC5v
cmc+iQCVAwUQNHYnV6v/B7RG8yEtAQEkHgP7BSvndsqWiSDosBrnuD0R94ItlJKU
sCt/vu/AuhosrOx2hYtD3TxU2ZBlBtS3mS3c7Qe13H/NFM+SrNXa0pbRoDsPlcNY
nK/WV8G6/WDwLXrazm+iIwrPpbILKc/yfnWdGVdpIe3FaqUsEFDcgjMlcZ3gB6RA
YGdzHyjZdJh1DIuJAJUDBRAyxHKdZWCprDT5+dUBAenWA/93EfJZx5fuarjQ7AnQ
iPAjAi95v3Rlh13+N9vC34+C7RMi9pIj6B6PnWTNbVhg8RY8S6hB91J6GrN0KVLD
8yDpY6+U08Yc47fOfSWhPopNDfqgviGw7ONmc2QCWEKpcH4c1VD2jJIr7iewfVgJ
AiKdEB8kQhrutuQNDNNX1dCSCYkAlQMFEDWRdmGzWmLrWZ8yPQEBwswEAIRV9oAL
x9Ow9ZDtG/TLfae29TBSYEinPj/6n8d+hQDiX41rQ4nLGCLcdgBtINKfeQ6WUcBW
tWB9KqxdaV105QUhcEUpqMwK5U6DZBDipjuy4i6w7Ml0BLWtl/fANc33IPlnFAdD
oP6s3oHtoRLNW0ryDk4g5bfFnMzF/X9hZdTLiQCVAwUQNmQ4Kj/ZOshBzgmJAQHb
ZQP/Qs/Zefw9qxqrUihncZRIQbbnLsor4a0n2lH9cNTsSKU0H4a8rDlqYva+PFA1
umFvVOon90dqoq8C6cykts4xRRKrPNnfiis+otwHgsKrzDIONyHWxnM9Ic/EjbOs
AHcBCBtLwxczFegWNgWbEy0FIVlzcmquRxO+7woxeW5MEHiJAJUDBRAzaSRDV0EE
o6SepNkBAfCOA/9e2DhVo6geSpWjdIXiv0yQC2Abv2TunPt2UiUxpgYkHzt+Ubk+
k8cj2j723FZAfi+R7FobNSx7P4mCdrf2WEzaHdWLt6REr61rvqUc5ir/oHgUP1Ok
tgAUhy6TJUMklyzENkPRZG2hiQbfPQYVEh5m1Xmcp3Gel0eiinWui2Iv/okAlQMF
EDa+UHnKbyuD/AwC1QEB8CAD/2gYTjkPFcktVKkTX7w2O0Q3o7yLzbo9Y/USRsm+
gVMMZjZ7QiiO1LGl6IIiKRtJIXi45PcHtYgSZlXKflqPHhEIrOhFwpV+C7uL5jnv
ATGhlLHxWuNLTlPAVD5FsdJdOHI7UdkJh19JpphV+usu/mihMFEfM/kOVJeTXed1
0E4T
=Qwmg
-----END PGP PUBLIC KEY BLOCK-----&a.pirzyk;Jim Pirzyk <pirzyk@FreeBSD.org>
pub 1024D/4E23DACA 2001-03-02 Jim Pirzyk <Jim.Pirzyk@disney.com>
Key fingerprint = 07EE A1BD 32E5 C402 59B6 22D5 D846 31D1 4E23 DACA
uid Jim Pirzyk <pirzyk@freebsd.org>
sub 1024g/F38895F7 2001-03-02-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDqfK40RBADDZo6Nm31TcstpbbDGjJXxTAace2fZhTtu98UaC3/78vD+YTqH
Mp4sR6OSSWuf1vS9MSeaHJitLvuProQvOC+yEKzW31KuAPnldqrTerEdcy41GASb
NbqNz0fTBOUyRebJQ52XZjFC3nagAf+btqIEd8rRegwK0JDWdkIhuNztBwCgzWyj
Z3y2+rYSoTc0gK170uL/zAUD/jIOCSPtLFgZf8AgPaxx1fkWmDZdf4RKpckVMgnK
vZrQkhXymksXoH7CeT2MpB5R05tpOQF4jV8OwCHSYqJ3P1XlEod7plw98BUiyS3y
gu+ML1fiIERHnZumDFxRwKN2ybkzMbZzuHiZl3pAdWe+3lYa65aRIs3CrUoQSzN1
/JfJBACtOCm6Xq8kfk4fVvlN3lqDcpU7Gw3kJiudOg3gAv45egeG18HKJI3H6gvq
N7rj0xl4m0vEL5AYBRJ/THVy/3574s0DwCCPI18VQPL8vmSXc8UgAkJlgkdtumH3
OHqPNi4NPEd82wECXmnflbCS5A5CXGtrzXsPMrhiXz3lpFFR+LQiSmltIFBpcnp5
ayA8SmltLlBpcnp5a0BkaXNuZXkuY29tPohXBBMRAgAXBQI6nyuNBQsHCgMEAxUD
AgMWAgECF4AACgkQ2EYx0U4j2sqnWQCgvXWdITNFCbKedEmEXTbwzzKq0qcAnjrg
XUiN3MvMvXk9tnGDCJwnWhoYtB9KaW0gUGlyenlrIDxwaXJ6eWtAZnJlZWJzZC5v
cmc+iFcEExECABcFAjsEMxcFCwcKAwQDFQMCAxYCAQIXgAAKCRDYRjHRTiPaym2w
AJ4oUKyvm2uf0Hkqig4s66TzKYVu2ACfVLrGSFHD0oharwIs8CcwN5wPg5O5AQ0E
Op8rmBAEAOKSRsTI+Ty5w27RVzf62B29RZOfdySTmEPQu3YdlWFuA7Rks5fD565U
PMUtPRzTEy7ofoPHxWv0bgbEBDuAoXmkjz/KYhcTGCwVyzg9PN/QEa8F/ETn/1Y9
bbTejC3mM6ThPDqKvdh70IZW7jMfeDxKUTCHs3rFdGQrJfbdP6dnAAMFA/94szUi
Hx02WgHQjVdYjFNp4YdWNTn/HEDZZdhKyI+ATw1IqtnnAlhSfLW0AhRIr2qSwT2t
PW6eocCmrDHPd1VZ891QfcF/tWkSIgB8ROaFkjJra57wZO+/Dg46kdpZYh5xjrbR
tffQr2c0/2tnvTrl4/ErMmhskeppBtwZfpuzE4hGBBgRAgAGBQI6nyuYAAoJENhG
MdFOI9rKNWcAn2WQbmvRcYF9B0YjzGNFKXjGjzuVAJ4v+kxM46P9tcQ3ZTKMKOaz
9bVtpA==
=ggLc
-----END PGP PUBLIC KEY BLOCK-----&a.jdp;John D. Polstra <jdp@polstra.com>
Fingerprint = 54 3A 90 59 6B A4 9D 61 BF 1D 03 09 35 8D F6 0D-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzMElMEAAAEEALizp6ZW9QifQgWoFmG3cXhzQ1+Gt+a4S1adC/TdHdBvw1M/
I6Ok7TC0dKF8blW3VRgeHo4F3XhGn+n9MqIdboh4HJC5Iiy63m98sVLJSwyGO4oM
dkEGyyCLxqP6h/DU/tzNBdqFzetGtYvU4ftt3RO0a506cr2CHcdm8Q+/vPRJAAUR
tCFKb2huIEQuIFBvbHN0cmEgPGpkcEBwb2xzdHJhLmNvbT6JAJUDBRAzBNBE9RVb
+45ULV0BAWgiA/0WWO3+c3qlptPCHJ3DFm6gG/qNKsY94agL/mHOr0fxMP5l2qKX
O6a1bWkvGoYq0EwoKGFfn0QeHiCl6jVi3CdBX+W7bObMcoi+foqZ6zluOWBC1Jdk
WQ5/DeqQGYXqbYjqO8voCScTAPge3XlMwVpMZTv24u+nYxtLkE0ZcwtY9IkAlQMF
EDMEt/DHZvEPv7z0SQEBXh8D/2egM5ckIRpGz9kcFTDClgdWWtlgwC1iI2p9gEhq
aufy+FUJlZS4GSQLWB0BlrTmDC9HuyQ+KZqKFRbVZLyzkH7WFs4zDmwQryLV5wkN
C4BRRBXZfWy8s4+zT2WQD1aPO+ZsgRauYLkJgTvXTPU2JCN62Nsd8R7bJS5tuHEm
7HGmiQCVAwUQMwSvHB9/qQgDWPy9AQFAhAQAgJ1AlbKITrEoJ0+pLIsov3eQ348m
SVHEBGIkU3Xznjr8NzT9aYtq4TIzt8jplqP3QoV1ka1yYpZf0NjvfZ+ffYp/sIaU
wPbEpgtmHnVWJAebMbNs/Ad1w8GDvxEt9IaCbMJGZnHmfnEqOBIxF7VBDPHHoJxM
V31K/PIoYsHAy5w=
=cHFa
-----END PGP PUBLIC KEY BLOCK-----&a.markp;Mark Pulford <markp@FreeBSD.org>
Fingerprint = 58C9 C9BF C758 D8D4 7022 8EF5 559F 7F7B 182C 368F-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: For info see http://www.gnupg.org
mQGiBDkY4OYRBADvB+3Uh68SGrlbrq1MTAN/gnVaj4ztmA15X13bunGYdLKLEJdq
rd9xFv5OgxGZXJ+sDhbKomJ7yrBGtUwC5kIrKXN+MPbO60yy30+kIVLKjXIv1d+c
MlWhjFzHra7WGFmvhzYnbOI/zjlOR68iKHnwxhtKFOK9m2O3voURWLEuqwCgzK/S
j4UGrPUmZf9XOZcKdnN07nMEAJrNh6aoVgK1xwpyO9uTURuCppqAUym/fr4xNQqh
mngblwIACnV9FpBi1ogtX1iDo4YeQa7t7ALgdwTBbU8upVFYzoVByid9ibNu3OKv
j9JvL55jUVg0wv6a8bEWjxnNK/zVa/HCzTbAzHob0CSgH9WmEJJEUIqI2/PG2dj+
ZX3QA/4y6Gon6iya2wk0Zs7mrTj80kxLRMnuPN6geTGVNTfrxat+sA1PVpT2WWSo
qOrPoyxcpUBbJ3VlFmuYDDgld4lJiGD/2SG5BkD6OoGlRnD5AMgUxQtQFnkloao0
3md8UDucIJnJRF94pttQtv4lVKaocm4z0Fx6cWC4Ysupj1AG0rQfTWFyayBQdWxm
b3JkIDxtYXJrQGt5bmUuY29tLmF1PohWBBMRAgAWBQI5GODmBAsKBAMDFQMCAxYC
AQIXgAAKCRBVn397GCw2jxyVAKCbPwK2rDZx/oahfd4M7XJ4GoF0xQCcDExtL+DK
wOugUQwfVIExB+HBM3y0IE1hcmsgUHVsZm9yZCA8bWFya3BARnJlZUJTRC5vcmc+
iFcEExECABcFAjse9k4FCwcKAwQDFQMCAxYCAQIXgAAKCRBVn397GCw2j/OXAJsF
bdYQGgCs3sXMOdb7pNUi2DL2kgCdFOFSojmWV9mulpzH6ceb/fKgoJC5Ag0EORjh
UxAIAMrmc2VXtnp/WWhGne6yTirnnWjR/c+rSK8ixbAqTkdYnocY6gtBJliR7LSh
Cv2RD8TaUc0ZZseHC5vR7VZKXobXUF7QqB1Rgzz/CpsFeEmxxQxZrVKNjwcMloSt
wmH17yW5tBDg8+6KhFwHj40oV88/49L8utVMEW80gh9O9TlYw5qCAp5QKqkFS52A
hO54xjTNdEpv/9yXpwQfgUqkAHM8MQhsaxmKCIQXUGt6Lp13aHDAYtMizED0LBjV
3P3qCoc03P9k2nWwGGU7dukncYNNuLDW9xwkAfV9VQuPYCHEBiPTcRnn99imyvNz
FNhOElHDttCyKtt1FdZZVAQzXusAAwYH/18mnEMMv4rMZglYb0PRCxaxwQYkxESt
KyXEclTc0kgyaZnf4Vbdz1rroxxZLIf+16p/MVNFierz/7d5FbJYggCDSsBAaj4r
Qe2/Os3oCnHyyQY+zF9Ac30CsxzgDxMYxYGJHr6x+s9cloZ3WwBFAO0bMoS/9T/9
/S7L0d0litecox5et2yEw4AqHdCslGx5mX0os66uh99eeEwW2EQHSLklwUPReb7U
6m+fNyWxq5w+qTPG+zcXdiW/117T1aONVmg29tSNW8S/syha2PCJ+IoordBus4mU
kfa49yCuXyZAYDNLbkiqMVTDCqrH2+n1mbUuhRBaSZEvgqVfVLZzRziIRgQYEQIA
BgUCORjhUwAKCRBVn397GCw2j7T3AJ0ZDGzVqNQBE07ntRKuzQQmou8YhwCgibYR
ZJyP31xlO+Lt5FgzzeqcQwU=
=DKp2
-----END PGP PUBLIC KEY BLOCK-----&a.benno;pub 1024D/15BE120E 2001-01-15 Benno Rice <benno@FreeBSD.org>
Key fingerprint = E786 5BF6 A296 5F77 E3DA 7493 6D0C 7BC6 15BE 120E
sub 1024g/313F3AF2 2001-01-15 [expires: 2002-01-15]-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDpikIcRBADDVeCRQ1aPvgIjJy6CTmDXjzSS5J5cxWaGhbA/UGj5NPj48cqa
FTR3A8/ez+Ui01RIRStEMaGrpkDNSGkllaZnyTAIW6ozIp1j1UD27mCEA/I2PB5I
B81jrkUkQOa0SVyXfx5livFQ8qup7p/g2Onej99iQwaHYk4XMTDMhZvk7wCg5QuS
rNR071oflpT+Ysxie3R8Kn0D/0o3d0TsACLEKDKHZcsKT4OhrbIPfQp1cWh7+XC4
wqItBjXHWIdXMCeS/N/DYzPWAFZha0e8NHxqCCQwbdpHdX+6Sn3YwVEPMlPA3i6r
5pYuDPj8m9QpLWYu/AXwEF/KMwKYPz460IT9YHukeiOzB1q2VX3glsEr1DnRzckD
WAxyBAC28HVDH/7XS6L5bGeZouPhY7uX4XoHeZdpcWI3jS9dBwcKjmXieVQMIh13
ZdO5zXrxCXoX6sS80kpxa1WfTs+VMlMuEYUP2H0bp6XjDHHvhOKEj4CO2ysPTRzR
TQKyso4TO3zxg/yjDT4QLCtbmHvTvVj9I/duP15FmRRUQMxnMLQeQmVubm8gUmlj
ZSA8YmVubm9ARnJlZUJTRC5vcmc+iF0EExECAB0FAjpikIcFCQHhM4AFCwcKAwQD
FQMCAxYCAQIXgAAKCRBtDHvGFb4SDo+TAKDgTB5nUSx/3me0QKSw6pinfvGGLgCd
FoGtOhnXL25I0HgEGBDS+tqHkxq5AQ0EOmKQqRAEALWN6zMxyIlkNHiagyWfc/qg
EgjfbD2yiXIvR/CRZqWPKE5LbtAeCNc6tnfYeQSIZz5cCZs5iImafHKf4r5CvzZd
Rxrl/2FngjAAMCi99wCuOBZX2h1ruqrI3mDqaWBRiGWEeu58+CllZdH0fpfAnI3r
cJowZeBj8Ss1QZsVzeyfAAQLA/0ZwjK242AXkXjibtzEfZqK7l22D9xIT+ajc6zP
34F//PlyRVijEbWII/wy6k5wNLXSVUoDhEMucdsc1AXJ2CQN0nJPyETlhvTpJidh
/gwDrNVtvPCOt/VleX+C2lI4xGW8Dx5pJkoULhgmsdjxvo2blRpreLuGhsU7oU9Y
7d/fJohMBBgRAgAMBQI6YpCpBQkB4TOAAAoJEG0Me8YVvhIOT9EAoKloqPBTtp9p
JAEew3wXXri0oNIvAKDP6fbrVo2vbD2iZXw2m3Y2E/z5qA==
=rQiL
-----END PGP PUBLIC KEY BLOCK-----&a.guido;Guido van Rooij <guido@gvr.win.tue.nl>
Fingerprint = 16 79 09 F3 C0 E4 28 A7 32 62 FA F6 60 31 C0 ED-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzGeO84AAAEEAKKAY91Na//DXwlUusr9GVESSlVwVP6DyH1wcZXhfN1fyZHq
SwhMCEdHYoojQds+VqD1iiZQvv1RLByBgj622PDAPN4+Z49HjGs7YbZsUNuQqPPU
wRPpP6ty69x1hPKq1sQIB5MS4radpCM+4wbZbhxv7l4rP3RWUbNaYutZnzI9AAUR
tCZHdWlkbyB2YW4gUm9vaWogPGd1aWRvQGd2ci53aW4udHVlLm5sPokAlQMFEDMG
Hcgff6kIA1j8vQEBbYgD/jm9xHuUuY+iXDkOzpCXBYACYEZDV913MjtyBAmaVqYo
Rh5HFimkGXe+rCo78Aau0hc57fFMTsJqnuWEqVt3GRq28hSK1FOZ7ni9/XibHcmN
rt2yugl3hYpClijo4nrDL1NxibbamkGW/vFGcljS0jqXz6NDVbGx5Oo7HBByxByz
iQCVAwUQMhmtVjt/x7zOdmsfAQFuVQQApsVUTigT5YWjQA9Nd5Z0+a/oVtZpyw5Z
OljLJP3vqJdMa6TidhfcatjHbFTve5x1dmjFgMX/MQTd8zf/+Xccy/PX4+lnKNpP
eSf1Y4aK+E8KHmBGd6GzX6CIboyGYLS9e3kGnN06F2AQtaLyJFgQ71wRaGuyKmQG
FwTn7jiKb1aJAJUDBRAyEOLXPt3iN6QQUSEBATwQA/9jqu0Nbk154+Pn+9mJX/YT
fYR2UqK/5FKCqgL5Nt/Deg2re0zMD1f8F9Dj6vuAAxq8hnOkIHKlWolMjkRKkzJi
mSPEWl3AuHJ31k948J8it4f8kq/o44usIA2KKVMlI63Q/rmNdfWCyiYQEVGcRbTm
GTdZIHYCOgV5dOo4ebFqgYkAlQMFEDIE1nMEJn15jgpJ0QEBW6kEAKqN8XSgzTqf
CrxFXT07MlHhfdbKUTNUoboxCGCLNW05vf1A8F5fdE5i14LiwkldWIzPxWD+Sa3L
fNPCfCZTaCiyGcLyTzVfBHA18MBAOOX6JiTpdcm22jLGUWBf/aJK3yz/nfbWntd/
LRHysIdVp29lP5BF+J9/Lzbb/9LxP1taiQCVAwUQMgRXZ44CzbsJWQz9AQFf7gP/
Qa2FS5S6RYKG3rYanWADVe/ikFV2lxuM1azlWbsmljXvKVWGe6cV693nS5lGGAjx
lbd2ADwXjlkNhv45HLWFm9PEveO9Jjr6tMuXVt8N2pxiX+1PLUN9CtphTIU7Yfjn
s6ryZZfwGHSfIxNGi5ua2SoXhg0svaYnxHxXmOtH24iJAJUDBRAyAkpV8qaAEa3W
TBkBARfQBAC+S3kbulEAN3SI7/A+A/dtl9DfZezT9C4SRBGsl2clQFMGIXmMQ/7v
7lLXrKQ7U2zVbgNfU8smw5h2vBIL6f1PyexSmc3mz9JY4er8KeZpcf6H0rSkHl+i
d7TF0GvuTdNPFO8hc9En+GG6QHOqbkB4NRZ6cwtfwUMhk2FHXBnjF4kAlQMFEDH5
FFukUJAsCdPmTQEBe74EAMBsxDnbD9cuI5MfF/QeTNEG4BIVUZtAkDme4Eg7zvsP
d3DeJKCGeNjiCWYrRTCGwaCWzMQk+/+MOmdkI6Oml+AIurJLoHceHS9jP1izdP7f
N2jkdeJSBsixunbQWtUElSgOQQ4iF5kqwBhxtOfEP/L9QsoydRMR1yB6WPD75H7V
iQCVAwUQMZ9YNGtaZ42Bsqd5AQH0PAQAhpVlAc3ZM/KOTywBSh8zWKVlSk3q/zGn
k7hJmFThnlhH1723+WmXE8aAPJi+VXOWJUFQgwELJ6R8jSU2qvk2m1VWyYSqRKvc
VRQMqT2wjss0GE1Ngg7tMrkRHT0il7E2xxIb8vMrIwmdkbTfYqBUhhGnsWPHZHq7
MoA1/b+rK7CJAJUDBRAxnvXh3IDyptUyfLkBAYTDA/4mEKlIP/EUX2Zmxgrd/JQB
hqcQlkTrBAaDOnOqe/4oewMKR7yaMpztYhJs97i03Vu3fgoLhDspE55ooEeHj0r4
cOdiWfYDsjSFUYSPNVhW4OSruMA3c29ynMqNHD7hpr3rcCPUi7J2RncocOcCjjK2
BQb/9IAUNeK4C9gPxMEZLokAlQMFEDGeO86zWmLrWZ8yPQEBEEID/2fPEUrSX3Yk
j5TJPFZ9MNX0lEo7AHYjnJgEbNI4pYm6C3PnMlsYfCSQDHuXmRQHAOWSdwOLvCkN
F8eDaF3M6u0urgeVJ+KVUnTz2+LZoZs12XSZKCte0HxjbvPpWMTTrYyimGezH79C
mgDVjsHaYOx3EXF0nnDmtXurGioEmW1J
=mSvM
-----END PGP PUBLIC KEY BLOCK-----&a.wosch;Type Bits/KeyID Date User ID
pub 1024/2B7181AD 1997/08/09 Wolfram Schneider <wosch@FreeBSD.org>
Key fingerprint = CA 16 91 D9 75 33 F1 07 1B F0 B4 9F 3E 95 B6 09-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzPs+aEAAAEEAJqqMm2I9CxWMuHDvuVO/uh0QT0az5ByOktwYLxGXQmqPG1G
Q3hVuHWYs5Vfm/ARU9CRcVHFyqGQ3LepoRhDHk+JcASHan7ptdFsz7xk1iNNEoe0
vE2rns38HIbiyQ/2OZd4XsyhFOFtExNoBuyDyNoe3HbHVBQT7TmN/mkrcYGtAAUR
tCVXb2xmcmFtIFNjaG5laWRlciA8d29zY2hARnJlZUJTRC5vcmc+iQCVAwUQNxnH
AzmN/mkrcYGtAQF5vgP/SLOiI4AwuPHGwUFkwWPRtRzYSySXqwaPCop5mVak27wk
pCxGdzoJO2UgcE812Jt92Qas91yTT0gsSvOVNATaf0TM3KnKg5ZXT1QIzYevWtuv
2ovAG4au3lwiFPDJstnNAPcgLF3OPni5RCUqBjpZFhb/8YDfWYsMcyn4IEaJKre0
JFdvbGZyYW0gU2NobmVpZGVyIDxzY2huZWlkZXJAemliLmRlPokAlQMFEDcZxu85
jf5pK3GBrQEBCRgD/jPj1Ogx4O769soiguL1XEHcxhqtrpKZkKwxmDLRa0kJFwLp
bBJ3Qz3vwaB7n5gQU0JiL1B2M7IxVeHbiIV5pKp7FD248sm+HZvBg6aSnCg2JPUh
sHd1tK5X4SB5cjFt3Cj0LIN9/c9EUxm3SoML9bovmze60DckErrRNOuTk1IntCJX
b2xmcmFtIFNjaG5laWRlciA8d29zY2hAYXBmZWwuZGU+iQEVAwUQNmfWXAjJLLJO
sC7dAQEASAgAnE4g2fwMmFkQy17ATivljEaDZN/m0GdXHctdZ8CaPrWk/9/PTNK+
U6xCewqIKVwtqxVBMU1VpXUhWXfANWCB7a07D+2GrlB9JwO5NMFJ6g0WI/GCUXjC
xb3NTkNsvppL8Rdgc8wc4f23GG4CXVggdTD2oUjUH5Bl7afgOT4xLPAqePhS7hFB
UnMsbA94OfxPtHe5oqyaXt6cXH/SgphRhzPPZq0yjg0Ef+zfHVamvZ6Xl2aLZmSv
Cc/rb0ShYDYi39ly9OPPiBPGbSVw2Gg804qx3XAKiTFkLsbYQnRt7WuCPsOVjFkf
CbQS31TaclOyzenZdCAezubGIcrJAKZjMIkAlQMFEDPs+aE5jf5pK3GBrQEBlIAD
/3CRq6P0m1fi9fbPxnptuipnoFB/m3yF6IdhM8kSe4XlXcm7tS60gxQKZgBO3bDA
5QANcHdl41Vg95yBAZepPie6iQeAAoylRrONeIy6XShjx3S0WKmA4+C8kBTL+vwa
UqF9YJ1qesZQtsXlkWp/Z7N12RkueVAVQ7wRPwfnz6E3tC5Xb2xmcmFtIFNjaG5l
aWRlciA8d29zY2hAcGFua2UuZGUuZnJlZWJzZC5vcmc+iQCVAwUQNxnEqTmN/mkr
cYGtAQFnpQP9EpRZdG6oYN7d5abvIMN82Z9x71a4QBER+R62mU47wqdRG2b6jMMh
3k07b2oiprVuPhRw/GEPPQevb6RRT6SD9CPYAGfK3MDE8ZkMj4d+7cZDRJQ35sxv
gAzQwuA9l7kS0mt5jFRPcEg5/KpuyehRLckjx8jpEM7cEJDHXhBIuVg=
=3V1R
-----END PGP PUBLIC KEY BLOCK-----&a.gshapiro;Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0x4FBE2ADD 2000-10-13 ---------- RSA Sign & Encrypt
f16 Fingerprint16 = 56 D5 FF A7 A6 54 A6 B5 59 10 00 B9 5F 5F 20 09
uid Gregory Neil Shapiro <gshapiro@gshapiro.net>
uid Gregory Neil Shapiro <gshapiro@FreeBSD.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAznnjPsAAAEEAL5gfaY7RP5vm89lqmjGAJRBFLM/qzHJKrYkRVDASeLZ0/JI
Bfypd8N1vQz80tnqzOh7aLgAskgluyx0O9EuZXTJUwm+ew6wA8vh8JA0kpI5g3N5
wjXQNWPxSCeNIz1hbgAPtRunVLXXoaxxCQziU38bd2RvzlvgQdbgof5PvirdAAUR
tCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9AZ3NoYXBpcm8ubmV0PokA
lQMFEDnnjRPW4KH+T74q3QEBKlED/1F8UjkufYD0G9eV7X5ujAVffIBl6nvHVw4+
/m+lXxnUmOInk8AUmHIxK62BJ9CPWHegf91BsGNMVA7cQiF+atdz8Yy4h1Snt7FB
OsL2Ak0g2WUrIDfB+N5SB/EjdK0BdURsccYbORGVIveveUNmxuW4jUZWcInCkDx4
FTGRxzAFiQCVAwUQOeevO3xLZ22gDhVjAQHAVAP+NWdTbxipCQANnRf4BNl492mG
VN51MBZnlsy/lyMu2yckR3eacaXmp3zKardwex7Ajle5XC6sJ1H3twYv8g63eqJ4
XuxC9Uxmer2mj7wibcO2srtwv2hgLMNVjJrClALolQ6WT7/6L1YENP0Ef26eJXnw
pwXdfaXurbwnv4tyOOGJAJUDBRA556+fvdqP1j/qff0BAVUtA/94+oMC9pJgXi+0
tbwUsAu/pJqHByjCjO+LscH+gtqb4VhfxdEllHTVj5Cju7o+HcYZdtTRdggx2FqV
zaCp2kq1kbEGuQCJzwNHkG10I8C5YlyXUaYGwX1gEPImzTpOI0C3Any0UvK4KQsl
Crj0UmRARVwzulGYE7hxknivvkdbw7QrR3JlZ29yeSBOZWlsIFNoYXBpcm8gPGdz
aGFwaXJvQEZyZWVCU0Qub3JnPokAlQMFEDnnjPvW4KH+T74q3QEBMeYD/03sPgJ0
QKQXzSRGyiVZBkZ4frsFj6nH2IP9+zCTRUlX0uyo6f1Z2RC3a++MbaKFR/LUmdZ8
DkOfOTcvsoIQJ6BOQO1/XpOkppvhrYRUU7a6C9wM7ptWEJvx5IcmWk5oWxmx373e
cPb5MkhiXK85/NRxhlS5PG5kcz2ajJ7imYnuiQCVAwUQOeevZnxLZ22gDhVjAQGn
2AQAta7mxgLMyGKhq9msyQ2rITAhEvhoYM47OeOgyq5FKx0b0rEmIjC+sDx3YOsb
auw/Z5bAYzZnUmhe65KKA76eITqlnMt1ykaDu0jQLGKczXjuLCMCDT/JCZStoyt6
XhG9R+R8PnXk80PtZlTJjHuJyghBq5fzrIKs0k2G7eVchnKJAJUDBRA556+nvdqP
1j/qff0BAWVdA/9m5bMpkhnxDcfApaDp6mF2hEdacuHXrMXOzsrTuFiFoJhByXfM
bMDM1T8Hq3FU8TJ3BQ/ydgoeiuvWJ5j0clBegCbxS7tH/FvlnZBikNeARFTD0m5H
hmG+vzIwhe2sjh7/0dqaj1RMwLPxrQVyukHGnzyFodjcDJy1jWEl1Onytw==
=i+mc
-----END PGP PUBLIC KEY BLOCK-----&a.gshapiro;Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0xFCE56561 2000-10-14 2001-10-14 DSS Sign & Encrypt
f20 Fingerprint20 = 42C4 A87A FD85 C34F E77F 5EA1 88E1 7B1D FCE5 6561
sub 1024 0x285DC8A0 2000-10-14 2001-10-14 Diffie-Hellman
f20 Fingerprint20 = 69AB 26D1 A244 51E3 2B6C 7091 BD19 FA76 285D C8A0
uid Gregory Neil Shapiro <gshapiro@gshapiro.net>
uid Gregory Neil Shapiro <gshapiro@FreeBSD.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQGiBDnnrJwRBACXxbriCa+0S4JY8rFJe9U160xXZ0hqJsvfIZtokLGDjC21G83K
4pTJRhdWlWa04HrehUtMIdT/EXKfUJCFl7vk/WGWT3/1H3xxEUQzxKu3xAJWQXJs
8t2r+Dkj0csrpLJvRyuZ5+mzzFbzFSIaWohlY8Q1Ou+39jORfyVPkGjizwCg5Czr
VDcXH2oTF3vMHsw/Bhfz3bMD/AhY8q/jmUiV09hCKb7XG6f0C+qpmBeByk5G/JFm
TRv5T34MkWQJodaUOhJtzoOsOjKQSect3c+XncIMADAGCnGPGP/6sxfuyLOgsuV6
TXSxUvxi+E99zKTmKPFRTBuJCVATrTmHHAiLEqTZzE8DeJ6wK9kT1fRVnCKs4ycz
I7diA/44Ay2OW4PAuri2lJm7yXsiP54lNCP0eMXOQ8RSWBZhHKQl66o/pm+FsT9G
K5XloJrFa7+2XuiVoyNiva18dZkCFJzychda9pwfkkHjtidMRI97ACdUCPPQFVMB
7Dqr4wXp+qQ+tXScnZT3LMeotFwuiSfDl4VeNOswEw+F9ObCUbQsR3JlZ29yeSBO
ZWlsIFNoYXBpcm8gPGdzaGFwaXJvQGdzaGFwaXJvLm5ldD6JAFwEExECABwFAjnn
rJwFCQHhM4AECwoDBAMVAwIDFgIBAheAAAoJEIjhex385WVhDocAnjzccU2v9ekk
oUZZHoV7Bugs1npLAKDAmgzpoU3sU6zXwEQVEVq+wPpZD4kARgQQEQIABgUCOeet
DgAKCRAY9QOAJMJ4AkNKAJ93IfPLKQoBCm3TEkoQQeJWYNcRwwCdEzokbdvw/ZJw
xivyMefPJ3br/2+0K0dyZWdvcnkgTmVpbCBTaGFwaXJvIDxnc2hhcGlyb0BGcmVl
QlNELm9yZz6JAFwEExECABwFAjnnrPwFCQHhM4AECwoDBAMVAwIDFgIBAheAAAoJ
EIjhex385WVhktIAoMvD+IjOrWx+dJ3xmV+dVm+Bnu0aAJ0bSPAcx4cPpR/peHQF
JNrZgswER4kARgQQEQIABgUCOeetEgAKCRAY9QOAJMJ4AoxaAJ9OZYEXRzSmnbDo
Vukf+j5LB/fA2gCgpOQ8p/cw15Dmd27gDJ58DkTpyRi5AQ0EOeesnhAEAO9L5G1l
A3oDYFq62bifXtKS/zM2aiKND8yONxRaEuhcSqroNY5FrRy1wd4t14SA4/LzZ34D
siuNZ2+h2HD/3KTMDQ/qE/FBblNwE5ZH9cQ44a9WwGsWFDRgtuHV/7dHlZClPpwD
+tFVI7UGufhv+PPKAG3tTfRvWY2lReqVwsc3AAMFBADlrsLDoQFnE2ieS5pn3pB/
aiMF2Z09U6fVTY+mdAdAU43xifQFGMi9vuzHNzwFGtJosK35BhfSshHTER3cT0yN
79HifRAAwKP+KIoxFhfgudZafG6BaaIOUlhPW8s9k+FtN04x6/jgRq9pz/E6MwVx
W0Rf6V5XAIFWWN3xd2JH5okATAQYEQIADAUCOeesngUJAeEzgAAKCRCI4Xsd/OVl
YeFIAKC//WKobq3b9vGn1zkBTuomGMPa3QCgm71DX+8oALnjNzj5f4+wH0CtV/iJ
AEwEGBECAAwFAjnnrJ4FCQHhM4AACgkQiOF7HfzlZWHhSACg1QVuMlj4R1DH6avL
pqMjQ7U7OMcAn2uyl3bEe476vV8RnKf83qQuw4uZ
=PgGN
-----END PGP PUBLIC KEY BLOCK-----&a.cshumway;pub 1024D/3219F982 2001-05-17 Christopher Shumway <cshumway@titan-project.org>
Fingerprint: 45F5 931B 0646 BF84 E78E E274 6C29 340E 3219 F982-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDsDZMARBACAhNya3wnw46CweXc2PKvIQythRjNsyDl17SNCwfzXc7Pvazz/
MvM7W9YdrC/PbuALNkj6KZL65yZI+H/gVkQtR7GzeSmsz1sAWGQsXXgXsFQ4mSEQ
U1+lVgLa4yn88kv9L1oIdrMZ+2ymUtnCqCd/7U7tPk13abQk7OmxRHppMwCg8119
tIQEJg5orrjOxGO2L2008CUD/1j7qKo+OFDQp3dIwJXwnxdA4Bal2ujh5mPkWZQU
fpvxbWtyc8V56KqDWJgo/T6DuJt4B7aR/tCr8VtsvI0SZ2LmG3xzvLD3Hn2qQvdi
U7qxgqKdrgfzCeh1DItNhcWSQCAVjYRbS/Tof/6Mr10Qn+HAwB+ng3tx0Fw1JnKA
69uNA/9PZm1H4crVrA1pWyTgujAcZpb25mnmZjTsRmc+wtVOho9RTTs2nu+2QyH4
IkVG5q1G+PqkUBqzQIB5r468Y1md92C8cBiC27cASy+HFbpR0iXvoTnQXMKqZpiS
bZGG7ZJmAJBLus737FRc6ZvkdZR/Xax2Bk5r6sOqprkiY7oox7QwQ2hyaXN0b3Bo
ZXIgU2h1bXdheSA8Y3NodW13YXlAdGl0YW4tcHJvamVjdC5vcmc+iFcEExECABcF
AjsDZMAFCwcKAwQDFQMCAxYCAQIXgAAKCRBsKTQOMhn5gobeAKDFB1PyTljcrrnC
QTqe8eTLSfIoJgCfX8Ih2TMDwBY1LMOoKF+VcnDLVbSIRgQQEQIABgUCO1OSHwAK
CRC01xCiDkUffTt/AJ9gkbQd32jA0KSXV7mUMzytmVVASQCghBYQrLqv2CjK3BoX
7FEeucd96hW0KkNocmlzdG9waGVyIFNodW13YXkgPGNzaHVtd2F5QGZyZWVic2Qu
b3JnPohXBBMRAgAXBQI7A2qWBQsHCgMEAxUDAgMWAgECF4AACgkQbCk0DjIZ+YKa
DwCgyqmQO1WAUXw1+yN5JE9Z0uOwUdsAoNF2+3hc06GXxHPB/UVkgXM3DxafiEYE
EBECAAYFAjtTkiMACgkQtNcQog5FH32XWgCgwYyh96GQDHGUjX3ltj4Vv9XsH6UA
mwckH84kjvMV5rJBVSviYw+IxdPLuQENBDsDZMUQBAD3oXuy2E/13UM8R6MZC7a1
pm/k4/MRK+ulxQgVYObyN5ynERTHvkYvHf0hZ+bUyOmdjQPH+L9sNJVs6YNHJxhm
pWXf4LYaJ0maJ2FSCcFJmxEG87dUFZQmWSFFJaZ4dd48TjABx/CuKsdJtWIcJVGm
w5t/By/w1/jgp1rw7SBbvwADBQQAu29NDNNBBu0xpShynFwLChaTVCog3g85HqXm
fPtGc/ZFhxaNKysv6iRzx0icyTuqurhJWMVSnmqM3jYsZFNcEsUgqPm7yndJRelJ
F1m7a7imjUuU+xnzDFLYRYnNryx5qXAwBLyY+mmoB96acCOgxyjttH/NbQAsdwhs
4aXs3z2IRgQYEQIABgUCOwNkxQAKCRBsKTQOMhn5gqkVAJ94J1LKerb4+frNqdio
mc5TkvVvcwCglu+HZ72NH+Lihc+Aay/RRC7+veE=
=xZZp
-----END PGP PUBLIC KEY BLOCK-----&a.jesper;pub 1024D/F9561C31 2001-03-09 Jesper Skriver <jesper@skriver.dk>
Key fingerprint = 6B88 9CE8 66E9 E631 C9C5 5EB4 22AB F0EC F956 1C31
uid Jesper Skriver <jesper@wheel.dk>
uid Jesper Skriver <jesper@FreeBSD.org>
sub 1024g/777C378C 2001-03-09-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDqpHqIRBACDazER4MfiNd6QrTZ925IKM0HuYP1YN6uodGYhCuBGb1a4cFnt
0Xuw1fuaGqahBnNmBg7Rsetaf7b7/w90Of286mRBgIJIr33VxaKd+lW8l6ORQK9K
bDR8/IpgHxjt8LXNdBr0/Eddj6mOPojooIDOmoGyj0XOlRb5bq+xWlDtAwCgnjQa
KG01en2qMUwrvPPZzyWg/qkD/3q+NyOVyi0MAgXdYNxI0tMrDPsRzmbvG8wxZQ1S
fGHGJEvlKhksePCteX3cLicrxRZazfIteiBXL+0iEvSauF7JZzhG5OfbLTQS2MKr
d0rFCSmez4VAJfx8nqJoA4C+yTphxAlyP53JKF2BmRbfSuz4vIbi0e+zsc+kZehS
7Tw+A/9tanL63z5D8qmPZAE1JqRJfyDnTthzUPPY9h1CEZN4jtcdL/FLME2TmKva
5kcgp0WTAGK0tHsyHvij7KZDAp8Z2R8/456DpS0Rk5vTBy+WKMWV+j+RlRlSAr1U
bkg6cEtMKCImXsprST8UImfJH0DFUXt15gQ4ogog2xPnuvk3/LQiSmVzcGVyIFNr
cml2ZXIgPGplc3BlckBza3JpdmVyLmRrPohXBBMRAgAXBQI6qR6iBQsHCgMEAxUD
AgMWAgECF4AACgkQIqvw7PlWHDE3ugCfa3zgBbxwCmIGGlSrwWPP0q+IGsAAnjuy
GZPJgHaWjAn+SrRftnZu9M0biJwEEAEBAAYFAjqpRasACgkQH3+pCANY/L0+bwP/
YrW19JdTDG7fDCYbwgn1ngA1y+nRT25G+ozBUJt5q0H8VL6nrWwcbfk9Yg6jWkIx
Qs2SF1A9yv0YXFqN1ihGYk0iTU/peZ17wP/TIvd+zkcrzXpdHrfrOy+xgalbi7+c
v52W/49xYvqBsmk0CDRSkdkYt3VgvK4Bo7xoBF4IEl6IRgQQEQIABgUCOqoEkQAK
CRBHg9f1XdH7jORAAKCxXIkp49PFrGbiM+JBIsMS+Ig2bwCfXeekX2maFMz4I8pf
AorI1IepXYa0IEplc3BlciBTa3JpdmVyIDxqZXNwZXJAd2hlZWwuZGs+iFcEExEC
ABcFAjqpKJgFCwcKAwQDFQMCAxYCAQIXgAAKCRAiq/Ds+VYcMazBAKCMqcWbk7gC
hYm53EL6HVDoxaeDOQCfa6bEjXrcxW/EST0FlCMcs2LKoXSInAQQAQEABgUCOqlF
vwAKCRAff6kIA1j8vQA+A/4+e1LpjSu8NFfeky2GG2Mjk1xqzb1nzVDQlKmaPXY3
dLtqw5tVHA1FLNaSFXDg05NowqQj6OIfavs26orerWyRrD3OJZQBBde5gf/IZBVO
bk4WzE0hZmHQvchrWR/gDiHJRYnSw+4Sx5MnKBlgccZbIPxabHudUnx12iuNtTl6
O4hGBBARAgAGBQI6qgSmAAoJEEeD1/Vd0fuMdi0AoJdRZoDG9YwxVyp3wb+e/e0r
UPwdAJ9fFipa2TGSkCjO61unpDtawmJCLbQjSmVzcGVyIFNrcml2ZXIgPGplc3Bl
ckBGcmVlQlNELm9yZz6IVwQTEQIAFwUCOqkorQULBwoDBAMVAwIDFgIBAheAAAoJ
ECKr8Oz5VhwxEjUAn1QJFvqeDJ8gU8rtgz3CmnjlsAAmAJ9BqfYvV5zxGvgkOKRy
Mu6i2Qa5m4icBBABAQAGBQI6qUWXAAoJEB9/qQgDWPy9FkYEAKwpmiuxudlg5EK/
ZJ4ClDDdL+Nr9TXY0sKLSwJdDWpgqBAjjovInON6rEeqa7CSvSlDozqzf97IdKRj
BQFkogPbVSfvgamz0zJZtWkfE7Hvw52X8U7PyWthoTwECIvzYKH35+NiecJQqXf+
AfGRLF0pCSBLSXR2zi3Bqee3nZ3BiEYEEBECAAYFAjqqBKYACgkQR4PX9V3R+4wB
dgCfdPlMBWMvvNAcseruEfvAoRpkVGwAoOGKx9zFdxeJMh1g+y7S5/9fRbf3uQEN
BDqpHqoQBAD69+DjZ00uDr48npfWtrVxuDmZb2jzS3Tdt0p6V2gVuengjobHNb1T
6o4BIjPu/yQ8qDlDOb+OF63wfowMCIU+qNBBtmoSDKmQu0M9hREHA9PeHjIsN2dk
wpIAnM7kXHAE0T00QlBCLzjvef/xooKGdcaA4Zse+wLMixgwJbto0wADBQP9Hlh+
SI7YcYZV+nOhNnPdBG98UHNhDiheklrZ5BQMLzPEn+qHkaZTeX0SrEbPmm4D7nRk
UGTh1H2CIL/YaffqVYVKw/8HTIJeXZMgJwdq+j3S5P/Vnc/g83uZpuzdW8PNp6A2
u1JHPq9M1haoszxtTirQXxo4Ht4/DWaY1DtDkZWIRgQYEQIABgUCOqkeqgAKCRAi
q/Ds+VYcMQbsAJ9J+QGEzdNcvYY0lAXZAnLBnW7lDwCeNJmcu4gVYPvBDLe2Xu7Q
Crfzumk=
=A3JF
-----END PGP PUBLIC KEY BLOCK-----&a.ben;pub 1024D/2CEF442C 2001-07-11 Ben Smithurst <ben@LSRfm.com>
Key fingerprint = 355D 0FFF B83A 90A9 D648 E409 6CFC C9FB 2CEF 442C
uid Ben Smithurst <ben@vinosystems.com>
uid Ben Smithurst <ben@smithurst.org>
uid Ben Smithurst <ben@FreeBSD.org>
uid Ben Smithurst <csxbcs@comp.leeds.ac.uk>
uid Ben Smithurst <ben@scientia.demon.co.uk>
sub 1024g/347071FF 2001-07-11-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDtMtwMRBADrWbrHZdss5Nlj/VpLW92lUpmYdmw5l2wYRtTTeHXrfvUk++pX
dJ0l1bSC829hokrlQiJZJdiPqu0fGnhxXoeA5QMvrtjMAG8E+MRSLIUaay08SLeJ
NhQR/ymiLFmh5ZyzXyG+qhZj7/xw3ynHLQ/KHPhRJpAs9ef0x0rgMZxJQwCg00Y2
8eIQKg3mikkLllnK7OHgMYED/jEhj6G2BLjKc/QliKn7KZZ2Ev4MMKUj36LPgzqH
VTEhliqbRylW/nCFWhMyxbqzRjR0t6ng3PJYlSltcwwJheySHRogxV/gUvYMwQau
WKkyFZfiO8/OBZkbuQotLI+4tU2cQFzBTuFIogh3Eg6PRDKUFx6g1AlbloFgmimX
mdHABADTVFYFKHY9YuUTfpD0S0uLFQrtj3xyZGfA4tjXtc1xCgSmkxIVUoTzg09u
EtcEvo8FzmmH5JQQV7cM8TTZutSFcHuCftwbhoMH562YkbuY160TCDHB9xc7hzk3
uzij7HKskm0b6QmMCI6LAYHhAuTk1IKY03DwLBIgEX8g68wyBbQjQmVuIFNtaXRo
dXJzdCA8YmVuQHZpbm9zeXN0ZW1zLmNvbT6IVwQTEQIAFwUCO0y3AwULBwoDBAMV
AwIDFgIBAheAAAoJEGz8yfss70Qsc6oAn2Kxzsk/d1GDM4VssT3U3jaHDX5FAJ9l
jFv088oFIgnhUiBOmoPEcwnozrQhQmVuIFNtaXRodXJzdCA8YmVuQHNtaXRodXJz
dC5vcmc+iFcEExECABcFAjtMvDsFCwcKAwQDFQMCAxYCAQIXgAAKCRBs/Mn7LO9E
LEV6AKClm5AuE0PobuyUVri0ZPT4Qzn/SwCfUO4Q/dz2kXJfcoi+svIdboVWsz60
H0JlbiBTbWl0aHVyc3QgPGJlbkBGcmVlQlNELm9yZz6IVwQTEQIAFwUCO0y8XgUL
BwoDBAMVAwIDFgIBAheAAAoJEGz8yfss70QsqkIAn3CdGD3kdBP8cNCWB/mmdlJJ
2Ba5AJsGjmI0R+adewxQuNIGxPuwfuhqSrQnQmVuIFNtaXRodXJzdCA8Y3N4YmNz
QGNvbXAubGVlZHMuYWMudWs+iFcEExECABcFAjtMv/4FCwcKAwQDFQMCAxYCAQIX
gAAKCRBs/Mn7LO9ELCM3AJsF3zHJhMdP7zGhP1Sbwh0vOA8WYQCgxONfpOQhAWu/
WwnZZnwNjUcnbh+0KEJlbiBTbWl0aHVyc3QgPGJlbkBzY2llbnRpYS5kZW1vbi5j
by51az6IVwQTEQIAFwUCO0zAYQULBwoDBAMVAwIDFgIBAheAAAoJEGz8yfss70Qs
txUAoKltbmA6D+5e4f43LWOOqfv6P/jOAJ0eUczvTczRuBzg+7fs0MsrtYtteLQd
QmVuIFNtaXRodXJzdCA8YmVuQExTUmZtLmNvbT6IVwQTEQIAFwUCO0zAkgULBwoD
BAMVAwIDFgIBAheAAAoJEGz8yfss70Qs57MAoK3vUyOUBVsEoHitX5eXJDos2JnX
AKC4pG7X9x0EziSKSi/SFmRRNhx267kBDQQ7TLcHEAQAoByKPA5d5RrBOmmVb6cA
5T0sQvYBsgHpn5INcPr4/B3pAXROzu+SveIh1yg6f5poE4LhxQ0Yva0sCPVI3WPU
YDpOSu4l0BikO26sQ1WdGYpRiTxuFaqzKLapIiDOz1lpY4o5yChEKtJw6t94Hckr
Ss6dPH9uE4hoaWxdbvquTrMAAwUD/RrkuvBBqAjN7flRrnNuQA04j8Oc5/znRiHQ
Ojq8i0w7t1qrT5zCNbd1S4Avo8hc5+G6ap9nv5KA3G9TKsgBQjcCB038k/k0pzRg
JZhIOVBXpbPb8ZahMk7Tdm7nGgILJzfW0cg2AwToKpEcxEVrhdtTjc11/J4q+wBO
07lDXfYgiEYEGBECAAYFAjtMtwcACgkQbPzJ+yzvRCzdZwCZAXcRSox3VdhHpoJV
FlnCmFbg4FAAmgPfaRZc9BE1SF825LsiKDAvUzs+
=D508
-----END PGP PUBLIC KEY BLOCK-----&a.dcs;Type Bits/KeyID Date User ID
pub 1024/488A2DD5 2000/06/07 Daniel C. Sobral <dcs@freebsd.org>
Key fingerprint = AF 90 A6 A2 B5 8D 6C 28 37 F3 F4 47 8B 31 47 DF
Daniel C. Sobral <dcs@newsguy.com>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzk+tBAAAAEEAK5EJZPGnimL5cl9lFRpl3mYboOuN6K/ne/2oHt5CNlhBTuU
64VDPcBsM6ha+KJwSCdiO191AHnbpJSmIzNmL1VLHZunbZhJms2rf388pXO6nyu3
GW7x2nmqg5qTTkVZAILcuqb8DF4ODF8FEwwCzDJ4ikhSxgXbsTN8YkBIii3VAAUR
tCJEYW5pZWwgQy4gU29icmFsIDxkY3NAZnJlZWJzZC5vcmc+iQCVAwUQOUVdXVUu
Hi5z0oilAQGl2gQAgWztCfCITJ7AF2e32Cq0FQkBSuh0jEIyEpZuGPJA9WbShDFL
gZW2xxLezaCHLx+tIwyT5I0oMDEY1GG5bk0Hv3X7YUZBWvdlmHMtBgW4BM/iIm9b
NHXhRecC9MEiwvUSCEXjpP6RDoP3GO3n3rraBDl/C1X89fDJMYB9gNwr+oCJAJUD
BRA5PrQQM3xiQEiKLdUBAfUBA/4vbs1IsfssAbgzoYxoxVojgaQuuipZW6bCCBgj
RSysFrNJiEi3Z9QsNKduFcZhSeYxhzwZxLb6bsoinqB60FJdZc9ivjho7ALaveYH
haZSniBayp3zQLllzfmbrbGmSD/Jvn1Qwj85ZMZ1T21VVLVhN1pqssaX7InoRYzu
oQKJVLQiRGFuaWVsIEMuIFNvYnJhbCA8ZGNzQG5ld3NndXkuY29tPokAlQMFEDk+
vYUzfGJASIot1QEBPjAEAJMooQYQUef1jKBsYC9xh9WcvtQ45Hku+BKwU6tBlhLT
JMIn9n0guzXey4gsVcpgJcjmZEXAq+dbgL/ps63CXQAahomlszpdea9aumbak1aU
51eIEftheyZaqmM4stDvoC+pdQxWP5K3n2d/7itwFde19xQNuK9UD9iPjJnz2L47
=oxOV
-----END PGP PUBLIC KEY BLOCK-----&a.brian;pub 1024R/666A7421 1997-04-30 Brian Somers <brian@awfulhak.org>
Key fingerprint = 2D 91 BD C2 94 2C 46 8F 8F 09 C4 FC AD 12 3B 21
uid Brian Somers <brian@uk.OpenBSD.org>
uid Brian Somers <brian@uk.FreeBSD.org>
uid Brian Somers <brian@OpenBSD.org>
uid Brian Somers <brian@FreeBSD.org>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQCNAzNmogUAAAEEALdsjVsV2dzO8UU4EEo7z3nYuvB2Q6YJ8sBUYjB8/vfR5oZ9
7aEQjgY5//pXvS30rHUB9ghk4kIFSljzeMudE0K2zH5n2sxpLbBKWZRDLS7xnrDC
I3j9CNKwQBzMPs0fUT46gp96nf1X8wPiJXkDUEia/c0bRbXlLw7tvOdmanQhAAUR
tCFCcmlhbiBTb21lcnMgPGJyaWFuQGF3ZnVsaGFrLm9yZz6JAJUDBRA4qXaPfU3G
z8mTvFkBASJ1A/4gAN3XvKJchXeH+mt/acNiA7+jxtAjmMfSjJiaIldYdaA9ESYi
XDamPbwQzuaMOslA3uhH+W0tNN8AbcaQ7wqWeKN1WZ7HFPzLUuaQTJhoiNTdWmaK
ZkhxiDNGA5ycJBXI5FwUb22QaB8Sj7u7vEXBpMo++zEcN+s6haSbAB8w6IkAlQMF
EDgdNQU/ZTB66ZtiFQEBBL0D/3PZ1au27HPVMN/69P3mstJLzO/a95w6koavXQph
3aRbtR7G/Gw5qRQMjwGrQ4derIcWPuONoOPXWFu2Hy7/7fYgEAsQ004MskEUImJ7
gjCZbmASV/8CoJHtBtNTHC+63MRfD++YU0XXsN832u5+90pq1n/5c7d7jdKn/zRK
niQQiQCVAwUQNxY7OB9/qQgDWPy9AQGTsQQAk2dcz3WicxHU+AH63m0G2lOMrRHq
HZ1V2SJHPCJfiw5QzlACHpOT4Jx00TOMosHGbmEKwg0RYHTqH3BX0aNDw+5hhc3d
tqjxpm7x4gwQmAsoZZD11iA3qANXF++yZVNTRXctHWcLl+3LGjJaYwpDj3O/vOep
q+qUIuPM4+8mba2JAJUDBRA3FKmdnWdBAAxuEhUBARJtBAC9mwTXOL6cT64NwE3W
fz3pKS+pWI97PaQX/H+3mC16uN/AP8sIlpKy++IF8XGdhMvQB2Vvq2yT81G63zAI
D97lqG3krw8ikaNcLSp02B8vjhCGwSBw5iFLity+yrqQX+1gCOOkO358s9Lcb7Ua
7g4736Mpff00kXyCnGsNmiDYe4kAlQMFEDcMlqZnSj3xVLFxuQEBCKwEAJrpL9rv
YoXJztmWmpNuuSPoGKM7vm4gJ4HVzX4UxjHhMRc3c0PEHuxCboDKSAxJCatoKGN+
bBorQ/qIElVhAo3FWxyADzNrvWsRRpSu3wzpppB9mVgzLcMdiOXWabN6toPZmNjv
QM+WKJKexlu74kqVlx00R8TrLmOms3u9VO0ViQB1AwUQNwwBLw7sAx9+veyxAQFk
RwL/V15Lm+poq/wwscyiNgBN7XpONJUX1OiLpI5f7s0/Rl3C97hIyHsIj08DfpOC
C/qnAhHb/FmYL/7TuOa+fSGULInDWkgLCl/+gsYWuh6LINY8OK43cs9d64GEYv56
3quZiQCVAwUQNq9AjPafnz58Zbu1AQGDmwP+NLOUsBKV063jzu/AKFBRGuWeG4Ms
ZKU+wVW6upv6ELSudPV3tjNstF0y5HfOqF6Y8isxs1qvE+mUyjXRffuS4UtspScr
XT6tQIw5NgaHH31l+PqV50T4gul3DXWBokC/Dkx72REmEA4h3jH8APFnTMxStUfN
JyTMADWF4ySay82JAJUDBRAzbedc77OxBWZTbW0BAVtFA/42QelA3RBXYUtIcYGo
b+QsWkA1kGyBKQGPSS9coHdUVjClBRl3UZFmZhxAODb7cBRXmpvx2ZuMrhn/MpXT
MqPOJaE3FYm+5SoeArphsRU+T8XofxfLvRHkM3JURUjIVZdAQNvxxBso8NJG5Kay
P0Q96Vw+3sEwFK49jt14RCJy4IkAlQMFEDNzvb1sq+iWcxFJBQEBfZwD/R3KNFf9
ype9Dea8j1YIeNZ1E3e03en1I8fMj6EmS1/L1WfFzMnfFCxZs7JgPtkBuB3CqP8f
+LOdDt6PHPqNakmI9E6fiuGfJZ3jFZYATXa0XKuIoxIJNKhqkpbF8ixJZFTxFwAA
wVYM3+sqr4qQ8FzVc5entxjyxPFNkwJwRWV+iQCVAwUQM2aiBQ7tvOdmanQhAQE7
LgQAiN6Hz+zd8bh0nO6VizbJxWFRHPbrQWnJXGoMYyy88DyszAXC4zRshlyGUDQd
HeP/1DFCXDEu78GfDCLaJ1bm25yVR7kLxDZaEUQEbWqxfiwuzizAjkaxrW7dBbWI
LwWqrYF5TXClw+oUU/oIUW4t6t+GpAO18PLYhSMXVYErrACIRgQQEQIABgUCNWos
4QAKCRD1ePRkNTwCBjXyAJ9kGY+v3SwYhfPcdmgcx/JjdB8tJQCfZpymmdb82Mhk
GcJgKzsQj+XV22CIPwMFEDU6fsFITYPUB5ReLhECRvsAnjZKzoJNqeHiEbIJThvv
/X8Ldg3iAJ4yv+V5R2RZQ4y19nDj+g9fDfACELQjQnJpYW4gU29tZXJzIDxicmlh
bkB1ay5PcGVuQlNELm9yZz6JAJUDBRA4t89HDu2852ZqdCEBAXM7A/9YBm+45S+G
xfCMjVkYxWBAlNIGS6n6TBlRTNQ0B+f3RhUvCAksSRZnGnTm6PcUP8Lc1bzvrDj9
s8auGjT1OvQ6ypC1jR7D71nsjRIaKvgLAbsPGjFSMKTwZFx+LbHCzBEvRcSb7tYn
Jg+gtjXbVcztlSzCbWtv4qRnVhrotirh9IhGBBARAgAGBQI5/Mj1AAoJEFq8tAVo
6EClHQYAn0WVMv1mf/ybg8Q570StT1Bveu6BAKDWIeCnyERzTB2sAToRo4F4EXkx
p7QjQnJpYW4gU29tZXJzIDxicmlhbkB1ay5GcmVlQlNELm9yZz6JAJUDBRA3FLWc
nWdBAAxuEhUBAcYYBACos9nKETuaH+z2h0Ws+IIYmN9FEm8wpPUcQmX5GFhfBUQ+
rJbflzv0jJ/f2ac9qJHgIIAlJ3pMkfMpU8UYHEuoVCe4ZTU5sr4ZdBaF9kpm2Ori
FgZwIv4QAi7dCMu9ZwGRtZ3+z3DQsVSagucjZTIeyTUR6K+7E3YXANQjOdqFZYkA
lQMFEDcUpeQO7bznZmp0IQEB4HED/Ru3NjwWO1glxEiLTzRpU31Rh1Izw1lhVMVJ
kLAGBw9ieSkjvdIkuhqV1i+W4wKBClT0UOE28KjpWbBKPFIASRYzN4ySwpprsG5H
45EFQosovYG/HPcMzXU2GMj0iwVTxnMq7I8oH588ExHqfEN2ARD3ngmB2499ruyG
l26pW/BfiEYEEBECAAYFAjn8yPMACgkQWry0BWjoQKUuQQCfVQcZ7EMyP+5n2gej
K7gYlbQ+QqsAn1hEsflg+7Hu3E7KaS28hhZ0AKDttCBCcmlhbiBTb21lcnMgPGJy
aWFuQE9wZW5CU0Qub3JnPokAlQMFEDcUtW6dZ0EADG4SFQEBQwsD/j9B/lkltIdn
QdjOqR/bdOBgJCtUf905y6kD+k4kbxeT1YAaA65KJ2o/Zj+i+69F2+BUJ/3kYB7p
rKwut2h0ek1ZtncGxoAsQdFJ5JSeMkwUZ5qtGeCmVPb59+KPq3nU6p3RI8Bn77Fz
K//Qy+IW/WFVJbf/6NCNCbyRiRjPbGl/iQCVAwUQNxSlyA7tvOdmanQhAQFzMAP/
dvtsj3yBC+seiy6fB/nS+NnKBoff3Ekv57FsZraGt4z9n4sW61eywaiRzuKlhHqr
DE17STKafBOaV1Ntl7js7og5IFPWNlVh1cK+spDmd655D8pyshziDF6fSAsqGfTn
35xl23XjO20MMK44j4I5V6rEyUDBDrmX49J56OFkfwa0IEJyaWFuIFNvbWVycyA8
YnJpYW5ARnJlZUJTRC5vcmc+iQCVAwUQNxS1Y51nQQAMbhIVAQHPBQP+IMUlE4Dt
EvSZFtG4YK9usfHSkStIafh/F/JzSsqdceLZgwcuifbemw79Rhvqhp0Cyp7kuI2k
HO3a19kZ3ZXlDl3VDg41SV/Z5LzNw9vaZKuF/vtGaktOjac5E5aznWGIA5czwsRg
ydEOcd8OVPMUMrdNWRI6XROtnbZaRSwmD8aJAJUDBRA3FKWuDu2852ZqdCEBAWVJ
A/4x3MjeQKV+KQoO6mOyoIcD4GK1DjWDvNHGujJbFGBmARjr/PCm2cq42cPzBxnf
RhCfyEvNaesNB0NjLjRU/m7ziyVn92flAzHqqmU36aEdqooXUY2T3vOYzo+bM7Vt
InarG1iUqw1G19GgXUwUkPvy9+dNIM/aYoI/e0Iv3P9uuohGBBARAgAGBQI587ih
AAoJECPnhum+7ZRu38oAn1qfuHdFzBdoeWd3RdjR0UGeXCreAJ9i4oZdvVV7KNjm
Pm1ebPSUYkznkw==
=WHRH
-----END PGP PUBLIC KEY BLOCK-----&a.murray;pub 1024/0E451F7D 2001/02/12 Murray Stokely <murray@freebsd.org>
Key fingerprint = E2CA 411D DD44 53FD BB4B 3CB5 B4D7 10A2 0E45 1F7D-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDqHuqsRBACMfFOo/NFWEADUNcCq/6yvGLAZL1V4okeB+zTlIf/NJCiA/AT2
AKiFNd4T3lYLlUjm44/OcPhelAqFSrtgmBLovWJibt7nva0dlOIXStQQSikzMOzV
4tgtiQF2ONXIqFlGcEfKo5/fcxrsJ2EpQqNX7ujGtsKHpsZpkqrcL74GowCgzuwK
PxnD+AHoa6YiX6LIhZA3ciMEAIS1vMlXFQJD1m7831ej8gBtdRVqYVHS3RohJmyY
91eGsVdDnDtywmWUA3sg/LTRRU77zx36MbAp40XZJJeSfLUp3UeKrcxSoxpI3L/V
C/V6BBnOLDQ5GcUiRwQTSClh8Ck2Hyi1msA00FZJxTdgPpa+CJANwAM5M+y3DJ6+
uZSpA/9/CNa8aRcI/OPfs5SeTA/m9SSV+ITSAIfcaVYflquqQwnNh+c7SJ+3Poys
BUahaTVcFHRrRmrVGUytek18i77cNe4ZItlUn1qu/yZwbVyTdGek8Zbv3pGIzP8r
8r57HwL8Gi252Yv5ovCRThzsshEfN5yQizbKgHiWWmr/1FEyUbQjTXVycmF5IFN0
b2tlbHkgPG11cnJheUBmcmVlYnNkLm9yZz6IVwQTEQIAFwUCOoe6qwULBwoDBAMV
AwIDFgIBAheAAAoJELTXEKIORR995IcAniQ+bgl1JAocyhGbknOzz55c9i+XAJ0Q
4/tU3vPZ3TkrU8xK8Zct2qvkNIkAlQMFEDqdf131FVv7jlQtXQEBYWQD/jEXwixB
kuVVuLboFETpUCdMeVc6BpPzrHdfa52aPFKHqt416fAeeeXRly6lAxMDdJPxU2ZG
3abR4iiaqDKWwiluFkEwLBL0AE2Qx2R/nNZqEYNB0BSUQNPH/Q//kG6mLOAVVvRL
AL5R3MEeK/Y0ErH/7JXn8JPrl/rKqwCbIsL1iQCVAwUQOp4Lm2Vgqaw0+fnVAQH5
wwQApzQwxOj8k7tBFASoFOJVZEtd8KM9oDRcJe3Dz+hzU5jbCkQJGDxtp6Y1kqel
fLXLqJB1R8kZdTxR+IrRO+B7XRGvu/sB0u6CuKCBwSWSwstiGB8AvLwLp2vnIJxP
+BxA3qoInj/Xjh4EivLwRpkxh3Gogzv/kTFvwTvAraBjbC+IRgQQEQIABgUCOq/2
ZwAKCRAgFTHVhF3+3bZ6AJ49+954CXOAFFifgekFxoS5gSffPACePqswwNhSUKg1
K/rvoludMtEAGACJAJUDBRA7PNuWDu2852ZqdCEBAbUvA/9SDqoqWGmNNtNG9prU
Mqe+Rx3HqkukymKicFzvEkCjULQa1sH2TeM7ZxfqDh86hbtJEzF2/AsbYIhk6fg7
adEV4+8WfZs3TRCHxBlWY2BXEW/9zWmSL/4YNox+BQSQyo7ue4S2K2wfk2JgJeh1
e/rEuBk1oR+G9NxfT7eKNT8W4Ig/AwUQOzzAuHfOKcWPoS4gEQJ3AwCgvzrXuZpT
TMLfzeriQCRJ1S5OnzIAn118IxEUOLjX027bAaN6Efd4EriziEYEEBECAAYFAjs7
m9EACgkQk6gHZCw343VSNgCdEB0pmVe7/lX+WS/4sncrAk2m3aYAnj9/+ggIsOyo
5QGITGrWEcCFEqRQiEYEEBECAAYFAjtNN/gACgkQbCk0DjIZ+YLIQACdFk/ofe08
SuTTYiTGHY0lCeSfIicAn2WzGB3b8n2lcA2q6xZhFVGCjXbUuQENBDqHuq0QBADx
deTM+SoNuQM94Puzgd+0H2bpApZvIHY0fc4k0vq5I2MXj/o/gZq0DcqncjPnTRoh
JPk4CYgcuqLYxN0UkB7lcMYp/cjCLk8WusYdD1/rFeWltN2FFYoJVpHr3TAy0wGh
FMHNMtn2b9WrOh7pOJOSyjWpzTEZ1NoIsrRrgk8quwADBQP8DDCPT8eUNP6d4jQ1
2eWEOs2w0f2gv6tpcTd/BVCThJzGkqWbw/xBP4KZiNp2h0LhkuQt0awq19/+yBhh
FRPVNHZfpK63lQw8c/8l2IV9g/uWb64npCWRz5npNtIE/YvYJt8S5dntM0tc0OgX
GArV+ZFcCFuT07NPfzFb8LHEoTaIRgQYEQIABgUCOoe6rQAKCRC01xCiDkUffay7
AJ9vjsasTySvGZmDyl9SSqjfiHbyrgCguqfXN5SQW2BxZYcTw4Qb4AWkjis=
=3nAk
-----END PGP PUBLIC KEY BLOCK-----&a.gsutter;pub 1024D/845DFEDD 2000-10-10 Gregory S. Sutter <gsutter@zer0.org>
Key fingerprint = D161 E4EA 4BFA 2427 F3F9 5B1F 2015 31D5 845D FEDD
uid Gregory S. Sutter <gsutter@freebsd.org>
uid Gregory S. Sutter <gsutter@daemonnews.org>
uid Gregory S. Sutter <gsutter@pobox.com>
sub 2048g/0A37BBCE 2000-10-10-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: ''
mQGiBDnjW8sRBACtLAIsIja7+4PNGeKl3CWK1BDt8mJrNTU7yIpIFyU7kbGFzNDc
nKuTGXwFlI/1N964p17uvwVBq49dFTGFOzw2AEvgwl5Mb75Wsf5ztYVSir8ng0b7
123nb09ZExWCQTMMbD6RXEVfTrIUEHazYMDIhuIU+/WkYVhNWuiaACvpJwCgjuEx
/8BANLXa9UkQt5ztgWwUUdkD/RvGakaQr4gAhVcm2mfDYjxLtm1+BxbzsDV9U2Nv
2nlXSfCyxvbTjwX+Bq4/bwR1a0KDIPvjqYAm2tQY+bsPGkjwBL0DUrHVTRK2PpPc
K/9avIFk+PYkpakPQx3saE9b67UbGk5rUCnbHU99mvqET3MtU5yRn9B8hu7owROi
EXFPA/92vhsPhcPsvTq9Wi4FlWF8MeDyZsEKA/lLUTl1A4QnbiRtC3bBvxOeoPPu
jQP25DskCdtWWcOuvHRZ6kE/WncID38oc00dqaB9xR+pi/ltnXZpOCjvU1Q0yMd5
QcoD9Im6fLN8zo4gr2f2cwWC7TQ6TLxTYpifGK6sbC0ATdnFkbQkR3JlZ29yeSBT
LiBTdXR0ZXIgPGdzdXR0ZXJAemVyMC5vcmc+iFYEExECABYFAjnjW8sECwoDBAMV
AwIDFgIBAheAAAoJECAVMdWEXf7djlEAn2xtSRV2lRFi0H7zG9gL55Ud+NSKAJ4q
48/IHLPlbE2hXoesDXTvwBvYwIhGBBARAgAGBQI57nu4AAoJEF1SHIzmsVAWxCYA
ni+wfeykRrWXDjx6LEbwY3/tJ+vFAKDkDFVK859XVpmHin5cwYESpiWEuIhGBBAR
AgAGBQI57ovLAAoJELYkBuZbwVKhP9cAoJbEJSB3b7Gs4fhkohykCTdN6ofKAKCG
SbPBOt9GK7r+XVOPBVJBpZwHYYkAlQMFEDnujg5NVigheQUMEQEBxocEAJOVMLs6
IKMMeWX6OiegkmdMaox86gHOOOS/94n78ClwTJ8kf4MVPF/qz9oLvCNYcSP0Ievl
MAAMgPQx4amUwwrdqO3lUWx01jrxO3L7r7PKLCT61gIfoVhjJSRvA4wVdGRBOhDF
Z18qzTkqUORDbjohknDSt6Ydxh6RwEKQM8EtiJwEEAEBAAYFAjnugY4ACgkQH3+p
CANY/L34TQP/e6VCd8sZhz8pqlaxk2zHmyCKR9gKHn1P34Fjd/wt+mMz16T7aJbr
6V0qpdvZdCkcmoQ9Q9btX9uu+GAQLUHPHLCn8bg7icw20d46LUmm1b3x3N1vOdBk
0AykVGei+TuSs7QLFQXWqwQCOfBWVk62Kw0fL1hMBVPKS0uHPotRqBOIRgQQEQIA
BgUCOe6NMAAKCRCI4Xsd/OVlYdj1AKCjZ04lHm8Dk56adtZkzdzBCx8C5gCgq3Qs
F46O590E55SsokQd7YD8kASIRgQQEQIABgUCOe6NOgAKCRAY9QOAJMJ4AlwIAJ98
qRCL2U3KnYKrbPc+p8bzZxbTZQCglbkX8ciJVvy5oHzJO/5f+HIg0k6IRgQQEQIA
BgUCOe6TegAKCRDC/IaqJTlGi2/FAJ9l+bY/2GWpmUxtZYs0hdnejFC4IwCgivx3
tjij0SfNTP79mbYFX3oJxo6IRgQQEQIABgUCOe6OpAAKCRBzh+KSrRDGxCeIAKDM
83nigOH0/v8H6M//+bS1LV/A0wCaAqGb5Nl+D8pnYK/hEER/YUCgVMKIRgQQEQIA
BgUCOe9ejAAKCRCTVeV2USQDllNdAJ9gmpeLdhkr5u0pWuO+o9GdUppyywCfQWuT
bYI1gUKl1z+19+YUo9+kJzWIPwMFEDnvZ0rjHjI9QK4wUhECp7YAnApxxvTZVLi4
bsBqM+VDVnbPyVHfAJ9vj8pXkv400Zm7Mq8warkniGN45YhGBBARAgAGBQI59Hwc
AAoJEBoX/tg15TvDXCUAnR3ymarKUUkgdFBMzq/H9paGWz6xAKCOLwiMYhtecwGD
JX6s65DkkK1V6og/AwUQOfzDgnfOKcWPoS4gEQJPAQCgnvIv2HFf1nX7KoolPVvV
NYS7y+IAnA073e5i5N1HQ6+ZdDPMCm4G1wPgtCdHcmVnb3J5IFMuIFN1dHRlciA8
Z3N1dHRlckBmcmVlYnNkLm9yZz6IVgQTEQIAFgUCOeOQigQLCgMEAxUDAgMWAgEC
F4AACgkQIBUx1YRd/t2vGACcC0MEXV6Nf9EStxuBBZJRuk112ZYAnjTE5LdyWOtg
jA6n7VgQAoYk4Ij9iEYEEBECAAYFAjnue8EACgkQXVIcjOaxUBZpNwCg7U9oUOaV
/ukWedDkV5UsUNQTfxQAn35HJBPhpAj7eszjGuAEdA9qLjuEiQCVAwUQOe6OKU1W
KCF5BQwRAQEkNAP+MszkQDMM+mcTaGzeVC5rQ9IlZ13OEWouY6vhr6W6OhhPYVtE
2KjBnpbypiUzcvlIPrjzwhM0/0M50EQX112kfNVnhq6ahBLLUwHOqAZLCw0atPJI
QrbRpvmNNduEo/xAi6VLZkhuF1VM7fdrwCx8NmHuelwQobFAORXIE+W+FbGInAQQ
AQEABgUCOe6BqAAKCRAff6kIA1j8vQc4BACOrAl4hvIfMp5aV8lkG5U+4BQVpGf6
Ypv9X5SML382/TQ4s3ioSv+0NsiigItFphFbuGjzvCkrXucNEa3C/zzdJ7Sn8ByL
ciZuJIbUcC3/cYwi3yJ0WwqIF6ls95dJUu3Ohm6FTGYPfHJDTB5ASM9FpAHOSGOZ
J8zd9vkNpTGIDYhGBBARAgAGBQI57o0yAAoJEIjhex385WVh4cAAniRnFP7j8R0s
xXJwb+0sl5es8e6MAJ0WlFl0JlAHj7+ga56zKFPR/utduohGBBARAgAGBQI57o07
AAoJEBj1A4AkwngC4E4An05K3XNo7BuRqdS89NeZg1A1eRq3AKCNAnLdP3ygeiLO
dtm+Em5VP8EuNohGBBARAgAGBQI57pN8AAoJEML8hqolOUaLnRQAni7rAcmZ18IN
m9t8VMarix/8LFWnAKC3RTTr8BN44zGQ/uiQ+XBtw2BmBIhGBBARAgAGBQI57o6n
AAoJEHOH4pKtEMbEensAnijhR0pU2R+DT2NR7LF0oUWn3J0GAJ0dnQ3dBIXCgnvY
DXc60qg3DFboeohGBBARAgAGBQI5716OAAoJEJNV5XZRJAOWUu8AnRVGIrjcoQyu
xTHYUPOYLPTHkSUfAJ466skILtnWEzBUYio/0PvjfSU+DIg/AwUQOe9ndOMeMj1A
rjBSEQJA3gCdFXWJQSVryXATTDQaFaWbaQZXarIAoILPRXC1iCa1d52o0zlDgPle
FwqYiQCVAwUQOe6BSgHbXdKX5jjdAQHpDQP+P3f9no+rtJeuAbQCLkDpvjBlgUiO
SpXAhF8uolfyjI9UKK63t2nov5wVc1+W2N6CPaH2f6p//xmZMu76iCX5vIbSJ9uL
sK0kaJgKRJv46PPsw6Jh+M4mtVCb4b7ad5jFF0Q2un0PZkdtBtTS7fsK51eW4/s8
K5/94ONR6yFCSH6IPwMFEDn12AvYyjFxW6BSwxECfHQAoNf0o/mySHhQx5ipk9me
lpxpaiYrAJ402bEDRhC98dVqFR/fFpy9PD09eIg/AwUQOfO0aXfOKcWPoS4gEQL+
KACgvfXBNMIEJWjvBlhM7VD/qE7O160AoL58uYfWHbKvVJB6ggZjip2mSFEhtCpH
cmVnb3J5IFMuIFN1dHRlciA8Z3N1dHRlckBkYWVtb25uZXdzLm9yZz6IVgQTEQIA
FgUCOeOQqQQLCgMEAxUDAgMWAgECF4AACgkQIBUx1YRd/t2fQACeLMOY1776b2k1
PCnkkXabN+WBN5IAnjs6+dKbAq6ehSLKr7fFQYcpFOi7iEYEEBECAAYFAjnue8EA
CgkQXVIcjOaxUBY9mACgsoodTyhdveG2hFhyy5oewjYr1AYAn3dZ79qupRRZRW3q
bUO+3dRwOn/NiQCVAwUQOe6OPE1WKCF5BQwRAQFUmQP+IyI5OaPkuQx+E7KrwaM6
LBOm6Hf5cpXqpKBZ7pVHwFajIg0g7Vg2H4p9ZkpgvqcvI3EX0cN2M59GDX92lqTF
ltqXUHkpTRwcR5HB97Yl34mlqV1L/LJGCV+QIxkpajnLkjisp2ixi7Cbd5UlYcfI
2gV+kPtjQ+yyIq1wyDFnux6InAQQAQEABgUCOe6BvAAKCRAff6kIA1j8vQ6rA/oD
ZzzfPvpnlqSxRMLVZVIX/gJgoEp3NE0TjPa4MLY7BMywS7j5l4ACOv9BTsH4/JMB
bmeSVEjH3UZtUDPqB5Kn4yot0bAokoV9JRxeRT24TIKMRbr0wp31J+QIMUZM8zJh
/VTCcfyJ2zfR9wpqDdnqocqs5WkJWp3OBoin8PvzX4hGBBARAgAGBQI57o0yAAoJ
EIjhex385WVhDSIAoM2eAx19zMc6FTzyogakO6JXxqGUAKCj2Y7nATGonAm6YJPU
KZ2Q3tjhuohGBBARAgAGBQI57o07AAoJEBj1A4AkwngCHqgAoKD+m2dlbkEG18Ej
SleHKzS6ptwVAJ9pfVOb2dyua2pkibU/3ZT6SN4dFIhGBBARAgAGBQI57pN8AAoJ
EML8hqolOUaL2HQAoI9MENn2chRdajyy+JQwbDgM0rjiAKDkviAQqwBZ+lftyr8p
R7ojLYpO2YhGBBARAgAGBQI57o6nAAoJEHOH4pKtEMbEtnoAmgMt8rPmEp2b7kI0
yWMcqlKT1TopAKCWmeWrmJPC1/Kk/FV0P4vEbrGjx4hGBBARAgAGBQI5716OAAoJ
EJNV5XZRJAOWLpsAn1aUNLR42oidEr8QSkkq2D5vV4MuAJ9K2xS9Ye++PGcT+QIH
mITcRvGSkog/AwUQOe9nfuMeMj1ArjBSEQIa8QCeNgevIAW0INNQOKFXRXzmvUV9
RoAAn3c4Ndwr18WojLPlG3C5faqjcOO7iD8DBRA5/MOxd84pxY+hLiARAq5wAJ95
PeVc1G2UkrgPrCAJBxhg1cOvEQCgj5xB8X6Cm+tGWt1MppCDZ/2gXX60JUdyZWdv
cnkgUy4gU3V0dGVyIDxnc3V0dGVyQHBvYm94LmNvbT6IVgQTEQIAFgUCOeOjaQQL
CgMEAxUDAgMWAgECF4AACgkQIBUx1YRd/t2u0ACeOCvSo2zRds0L9Mika4NYlaSH
HHAAnj5OSdkKUEqUpk2OfwCybAg+lYDriEYEEBECAAYFAjnue8EACgkQXVIcjOax
UBbyaQCg7HZBHWJeCBAiScd3bgE0a1eUWnQAn1vL1vQioH2NjY2rbKX0bfEowSUK
iJwEEAEBAAYFAjnugc8ACgkQH3+pCANY/L282AP9GEpsdVGY5FQoQavTn1B7GmA3
dhnFwT6TtP675ziDqfe7ob6qVgBq922/ERqAGAaKVhPdlCTk+3/ayzb6EJgkkQKH
X4SjfbTA8GuPE4KU7CLs3D6UgrlpxO0C3rTPEect8inwwmWtA9sgnndkAK2Wr6Fm
MZH8N3MW7W+qhRD71c2IRgQQEQIABgUCOe6NMgAKCRCI4Xsd/OVlYX+yAKCsDnbA
RHnXWJ+0URuk2+W1PV3ENwCgieqC11QPLwUWSpwsOQnQuwE1maCIRgQQEQIABgUC
Oe6NOwAKCRAY9QOAJMJ4AhgXAKCICWzasbpdixCKuH3ZHgjG/m4GIACeJEQb3+Q8
hGMWO7DWb4Cqd79aNt+IRgQQEQIABgUCOe6TfAAKCRDC/IaqJTlGi3r9AKDhuCEr
DqwZ5ffHhS9YSCXDWKftqgCeJq9g4r01/JE0+XVVilkaPgaTsI2IRgQQEQIABgUC
Oe6OpwAKCRBzh+KSrRDGxIzzAKDaDR4685TLyRf4rdgUUpBv9XSnaQCfRWJk8Ix2
t0qw/rLGGvbcc1fnLqmIPwMFEDnvZ1bjHjI9QK4wUhECso0AoIc66qQPaScOMZZ3
kk1CjhpAWFxYAKDHmcPFKqZeTpFMYzBlhuagDnfTK4g/AwUQOfzDiXfOKcWPoS4g
EQI8qwCglgCDUoo6HeIzY7giTJjufcIr+p4AoKpx+vsJn+6V3kKUXMjEkZkjNP30
uQINBDnjXC4QCAD0UBPSOUsYU8KA9uFCN/RNUtKzx/W16jjpYxqvCdKxbjb3pI7c
bmMQtwLHgIcwTC/jSHGxcJB8JcVHQeaf87XvHt06Gb4aOZAX+oAELe3T+nzSdQ1H
ttSplWPqzkH0AvoMdCf+ZmM738cTLrUHTIkgc/yGzUyXiV+m0bCsUBYgDSLgUwS2
hCl96r8ELxPqAVVHrDJa6GPVH+zfywkWaQUknn1TiVnM8JjQiC9x7V+tix9xisys
GAG+XPH+jYn9c4q781NcpsD/hLG8IKd1AjlfSnxS9TD+WOg3g2VdzfcTy64e1z4o
6XC/XJssQQlPQYmsnVvx3LnfIZjlJSO+aTQ7AAMFCADKSxl7M4TC9nEkt3xzx9Wl
4qc73J1RqF3+tCNlj2EtzcbKBxynifjY/m3FJdJcDvbsaJUubBE3Kze+SZih9gU3
5yZU81++Wq0KhqcpDK9LqnK3/+3YKqiXV64+Vq43dQXu1C2nsgzQ4vPZ15dgeRLb
K+4ez/Gt1fm/YJ86EA6tUGiZZo37N7wodPoBLfrL+8xRimC2kFK5vOCdsU50HZv4
v55t2oHRi5FRWJN6GGUHeDORcCvzkeulvNxomKaAOyRMMLwzch/kF2eQs36veVwz
ENiKDub28PCuhrFXP7keq/Ybz19GIsJFSd7lemnzuTSkMoQhPjXmlshsLXhi3Km6
iEYEGBECAAYFAjnjXC4ACgkQIBUx1YRd/t15/wCeK53sTVsgjbjDv984yiaHxGzK
z9sAn1jpwcaKsxGC0aycsTEQABKrEX0m
=Osmp
-----END PGP PUBLIC KEY BLOCK-----&a.wollman;pub 1024D/0B92FAEA 2000-01-20 Garrett Wollman <wollman@FreeBSD.org>
Key fingerprint = 4627 19AF 4649 31BF DE2E 3C66 3ECF 741B 0B92 FAEA
sub 1024g/90D5EBC2 2000-01-20-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
mQGiBDiHU3wRBADX+GS3fClPc0K3s2RePf2YeV+w7X3cmnWb0FLhAekfIzjLSHl8
PWxXXQRtFyjR4KpsiwpGusX/nIJmaEoAdyqROKvpqYZPa3CjI2ldq1t1mj8lUOLo
+ktQvgR/fZoveOl+HT1yIRZDsLrQWYE96lC8Xx2Iiip/16whzhE4rJfWvwCgyb+G
a2jW0JaqmVRmyEqwzudoeqEEAKNUV5lmGRcs/GxwAJ7JRcxMI5QtoUBTfDKYyJZi
t6pudVC9STIpMoEw9m4c5KRFixdiHno/dbkECvSzpTA1qAHiC2WxeTXAz91ySTfk
iGNVlc670A+eC7Qi3ZGYhWKgKAvm0hOlYxOrU83u9naHKA+l4dOIGCQoZ7ElcfdO
77T8BADQG/nzZcaoS0o9za11YcYMAWDiEHX2JyWF7+O+qJc7UmAGMZ4YHeYOBTkT
6ybzjn5JhQtSr9YQglweYFjFYdeOmQAYow1MJxJvh0e0eoXwzOgdwJ8fzbxpHeAQ
W9uuI754sm3U80ag7RvzgeWRX7HdETCtbFF8ZCWHSE7sj29ZB7QlR2FycmV0dCBX
b2xsbWFuIDx3b2xsbWFuQEZyZWVCU0Qub3JnPohWBBMRAgAWBQI4h1N9BAsKBAMD
FQMCAxYCAQIXgAAKCRA+z3QbC5L66jfWAJ9QRUBS9u2D9s861txzAAGDur0x/gCd
ELqxcKVno9Q/l0DFb6c2ZIlkTT2IRgQQEQIABgUCOIdUpAAKCRAj54bpvu2UbtDT
AJ9anhNRzF+bPhzGsoVJG1M0+aqsWgCfV6grZerQHY0jrzh7AcGCMNNDNYaInAQQ
AQEABgUCOe58UwAKCRAff6kIA1j8vYq/BACbNYb6vCIi7/qEYF6dcBrEKf3sQ9mR
U+ign91BqI1XR6KWREzMb7C/j/8ClreLp+UYpzf2dGiMtg6wo05VM9/wNTgQ9XGQ
lm8VHRuMG6nKMxzMmugVhoKM16g4ongkLwV2GP7i/UULLl/YtBY0HHeZrvX5dFTI
e0I71GmWy38WDIkAlQMFEDnug1NNVigheQUMEQEBX6EEAKTQbXGBs5XC1NuI3UdO
DRvpRnzwY1KXlcJNWEUBFnwKqNdu23XyWT9VoMSHQwntTH1LkdYrrZJDQIlCchHS
bRoobiveoUEqqHtWx9enhADBbSyl+SeDanOd1rx3jieplg8rseeqS7j2k5EUCaus
wsk2W7zn4mpRNR25WuO8JOhjiD8DBRA57ojmGPUDgCTCeAIRAvbfAJ9SwgJaBMEF
FYpRIoNsgvnHRaBmvACfVf1DdCW4EiCwtstuphmkZU9uv0aIPwMFEDnuiMGI4Xsd
/OVlYRECVBkAnRJA6imAt+d9i2csxiReRI2xCrC/AKDjL3Wlp0ustkS1SkXiEZmX
OcGfk4hGBBARAgAGBQI57oOaAAoJECAVMdWEXf7dfowAn3es+GZFfAzNl1BY3IdA
kHBkpybbAJ0SghHeM67I6UvsD3OY4aKDu7D/g4hGBBARAgAGBQI57pd1AAoJEML8
hqolOUaLhLEAoOj8APJHlYELhru0tPRZSfZYovDmAKD9rBzlJZzxeN36SfwkYiNW
nnl0A4g/AwUQOfXFQNjKMXFboFLDEQK0OQCg2TuAY5h0Q7dgZgDe3dW/1zlLjskA
oOFLVMM9s8oA8sTCTGAMqnca/3GduQENBDiHU6IQBACjT3ldbYOk2zYwEcaYhxom
HuhAht9WhqRkBstdrJbmHw04zMNdRyodfbZk/DunKPnYPjSXVL2m3aXXdzPLXmMJ
WTA7WykvMxBZX9A7GONMwWKOoZcEJheNagfgOa+be4rZ/S19AnUDBXQGDCgbXlYa
BCrSRuAmfOVQ4VLW+3OovwAECwP/Z1P1kKWACm9Ual6GAlk+R1pASGOJS2kOyYkt
0VvV9BBfYaxD+4E1xp6T4FEkdQk2Lz+91q/b6z7CA0Ed/2yNtm1HmVGyMc5yFRoj
U38i0Lrxf0fo06g+ewwIXXEEuZrdGEFaxQpWTZ/uCFiGe1wtnGT91B4FDENxuIQ/
IbrSxgOIRgQYEQIABgUCOIdTogAKCRA+z3QbC5L66mpDAKC1YD/4KeNybL31f9B9
iq7OH/kskwCfeEvJINcMBk0UEdjpgO85woB6QKI=
=stB+
-----END PGP PUBLIC KEY BLOCK-----&a.joerg;Type Bits/KeyID Date User ID
pub 1024/76A3F7B1 1996/04/27 Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
Key fingerprint = DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E
Joerg Wunsch <joerg_wunsch@interface-business.de>
Joerg Wunsch <j@uriah.heep.sax.de>
Joerg Wunsch <j@interface-business.de>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzGCFeAAAAEEAKmRBU2Nvc7nZy1Ouid61HunA/5hF4O91cXm71/KPaT7dskz
q5sFXvPJPpawwvqHPHfEbAK42ZaywyFp59L1GaYj87Pda+PlAYRJyY2DJl5/7JPe
ziq+7B8MdvbX6D526sdmcR+jPXPbHznASjkx9DPmK+7TgFujyXW7bjh2o/exAAUR
tCZKb2VyZyBXdW5zY2ggPGpAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokAlQMFEDHi
oSdlYKmsNPn51QEByz8D/10uMrwP7MdaXnptd1XNFhpaAPYTVAOcaKlYOGI/LLR9
PiU3FbqXO+7INhaxFjBxa0Tw/p4au5Lq1+Mx81edHniJZNS8tz3I3goijIC3+jn2
gnVAWnK5UZUTUVUn/JLVk/oSaIJNIMMDaw4J9xPVVkb+Fh1A+XqtPsVaYESrNp0+
iQCVAwUQMwXkzcdm8Q+/vPRJAQEA4QQAgNNX1HFgXrMetDb+w6yEGQDkJCDAY9b6
mA2HNeKLQAhsoZl4HwA1+iuQaCgo3lyFC+1Sf097OUTs74z5X1vCedqVoFw9CxI3
xuctt3pJCbbN68flOlnq0WdYouWWGlFwLlh5PEy//VtwX9lqgsizlhzit+fX6BT4
BgKi5baDhrWJAJUDBRAyCKveD9eCJxX4hUkBAebMA/9mRPy6K6i7TX2RjUKSl2p5
oYrXPk12Zsw4ijuktslxzQhOCyMSCGK2UEC4UM9MXp1H1JZQxN/DcfnM7VaUt+Ve
0wZ6DC9gBSHJ1hKVxHe5XTj26mIr4rcXNy2XEDMK9QsnBxIAZnBVTjSOLdhqqSMp
3ULLOpBlRL2RYrqi27IXr4kAlQMFEDGpbnd1u244dqP3sQEBJnQD/RVSAzgf4uor
v3fpbosI0LE3LUufAYGBSJNJnskeKyudZkNkI5zGGDwVneH/cSkKT4ORooeqcTBx
KeMaMuXPVl30QahgNwWjfuTvl5OZ8orsQGGWIn5FhqYXsKkjEGxIOBOfvvlVQ0Ub
cR0N2+5F6Mb5GqrXZpIesn7jFJpkQKPUiQCVAwUQNRkF14HR8QVbfEftAQHb6wQA
uXzEE+LHIk1kSINIgXX0+UcFpPc1rctiBkzZZhgzFvGC/kYrsI/GVYE4erL4sVXA
NJqZxaMC/AAaGfaduALRFXNidKinMJBrZg3NCtq7cqrc/3aDmZJ2IaHvxoS+XC/i
RVoeTk+jb6wcliqMkf41UlHsijyALtVK2Dd78T8GhJq0LUpvZXJnIFd1bnNjaCA8
am9lcmdfd3Vuc2NoQHVyaWFoLmhlZXAuc2F4LmRlPokAlQMFEDQUWQGzWmLrWZ8y
PQEB8MID+gJ+SOuG9HBEKlIvySUnVgOhQl2bD6/iclynDc6lhdvAo48sKWwTsrco
JCxwd6Xtq5/3Wet6QDBute/0KWnRN6Bh4BA2PDm9n18vpRnmXd8fwTYYYDv6SqA1
azUrECcbkZ1S8n2+LKtabx2pZEaj6WgNaVnXYvY6AAN+nuNVlMjWiQCVAwUQNA+s
uh9/qQgDWPy9AQHZdAQAr/5KxA8JP9fhEH88FvFSvbwakYkyfcBp8BoDemVjDedv
g41uoTD20m2h8CfhR4atqJbDycdhHYMDOgCNHo7O5fdO1RX7nsEjOtM8dw2RvqHx
8+4dT50XNH4s2g9oYmwV6i/rD5SDqpL3BrkUYMCBpGgsdLIHFxFWgJs4RpLlLkSJ
AJUDBRAzkGS1ZWCprDT5+dUBAYo/A/46JaGjdmbYYqmUSOJnnPHfLy6nNv6vVC61
vTyOvYTCNrTiEuDR8Ku3oB3cOhWrF7g86CEimYczg7i1xb3ZMdCKXvQIvN8LG19R
zp4POg/eSsPX8bCmbaEauZgD1v97P36va8oFudSE+YKCXHml/UjMdT1HZfJDP1e7
sUjZto5JmokAlQMFEDIIhZl1u244dqP3sQEBUzMD/jVUimHfqX7I71YYqQQH41ht
g7PZb+TKLviRcu8t1NdxFgVoJJk5FKxAo8Y0ys9lSgugArETbkCgKCXm2jCqv+wJ
y7QDQwy8l11S+VDZP7KVKkaZZyGqhcI3sV0bLGtnnPPHMsi+1yKjqRod3vpfHImm
W0IBK6l0PnecS3Ge7yxGiQCVAwUQNRkFNoHR8QVbfEftAQH59wP6Ar3emiJ3gseU
ayKAjx2SH9lDVMsvIJW8cZoeEsDfoHlTEbz448KLKuh5rKOBAU++WBFtXQoIbroi
4y+zVpJ7z2xJ6sHU/xo6M72QCvieahT4y3C6f1mPsZyjlMRpFoCpBddU+U8kbkqT
TBVjNF5DNyhj1keIR35DJNpevpCCE6q0MUpvZXJnIFd1bnNjaCA8am9lcmdfd3Vu
c2NoQGludGVyZmFjZS1idXNpbmVzcy5kZT6JAJUDBRAyCIX0dbtuOHaj97EBAVqC
A/0YQZvqrVvobtn6gI/XfAlYBCiboK8WSKV7gihbzvmwoELaILfRF/kyYeLPFFHX
BZMhCLvAk9gt0a69YK73JH8b604M0s77WMr9dO9l9xpFWPkpVDATAK3ZdajVtt6E
+0OefGo57Gi9OuVyeZux2nIE04pIqH2BvItbO067BHquj4kAlQMFEDWRxZdlYKms
NPn51QEBzt4D/RALkWpNJNTtlyKE0NBeSyRoci9OCfcYI42R+39HoJnLPAgT+aFc
EqinmEcsBvwECjJVrrwBN3f6/rESGp+JaYNiw5bz17lmouh27FEvWETy8QfcQl1+
Ck7HJqkMs1rpcLwhWvMmWlx49gBPJAJwcVSmhsuSVQKp5iSFDn5pbZCTiQCVAwUQ
NRkFU4HR8QVbfEftAQH2vQP+PzI1rHZq4Q6/E9RS3zW/HDuzByASi3A9iM5MARqi
ACLug+plFatfHfEaWII8nKytqY+kC3gaDESZ8+PFvGRZvMCRBrD5nv9YUC7LJIAX
NFGklsyIEvDAtlO/Q94LjgCct3ta6ypA45ZxaMkRdCkZer1EPjSloLrUBRpDhMeA
otu0IkpvZXJnIFd1bnNjaCA8akB1cmlhaC5oZWVwLnNheC5kZT6JAJUDBRAxpL3U
PiAdBSUb0JkBAZg7BACE+mKhsrd39/P6NattCCOSg76Pf2CVgZdvbb7qK4SmsVGz
+58pi2OWM1M0rcHgNZKTIg9rBy47gui2KOnqOR7ZuyMVJJqyEZZywmWmfCy/sR4U
i1PehZNNNBAi09u03ItbozrEH6Msa1oC8mp86XOA70Et8e4DYtj5a9tVbjjtJYkA
lQMFEDGpZGx1u244dqP3sQEBcMED/j2vNkHlqSRNJu3+A13fw4mAL4fw3l1rbm9X
10PcqgC9d9Z/Ds7EizG9D8Bv6sma6SutbE92wL7VZTX7WsZrg+8mn9UlEN6zZrAa
uf6I7v9xChIhXOILbsmlxu+Mu8tVwEiLLXJP9G8n7ztreM9Ee3dUUZykWHgrKTHF
I2LIbKCXiQCVAwUQMYJQHfUVW/uOVC1dAQHkqAP+Igll7mUWQ+vYH8KvsEoxUGi3
X8lK7Tk2weAlne4rXnDiZW009lwWL90puf6pEzosoMV78YXQdkP9kPUUm3zJCPMX
bDfjQH4XYYYQ7CcKWpkO0QCqcgHMz8QJBCof7oGLyCmQVmsWCDl443uKSqa6wOc6
VhK0z8IF+ClJtHyQOYWJAD8DBRA0Pun7CKyxtqPXKpQRAlWJAKC+2KEpwmX/f5rO
+QXv4ldCIKQ+JgCgqcjGveuHvlv8ehkHrucnz8VrHjqJAJUDBRA1kcVlZWCprDT5
+dUBAeX7A/0aZkBJdd0EKhje2rhXdoE99fr5jeg9utB0pACqgMb1hBcnVRi3SVZ4
ZBQIfqY26LeZP+WLUqGfTx6BSsBys13WlBT9PZuicuWkDHUtGX9zUl4qMsxGQkGj
NXdmn0/eCnheZP5ROvYXD15A0kjd626PxxftbyQKTuhKTWCT2jSnsYkAlQMFEDGF
mgWB0fEFW3xH7QEBhr8D/2kclzpVUU2wvwMT+POA8M9iDKNcZAUBQI8/j+QVZ1VB
3laHKKkpdvGrTUl/PVLvt6tSHIdDQrAOuPq9M4DMLIqS1jZr16+BhZ+7ffZJ2JpO
bFVOK5wmzVSixigPB1ytIkKqhJ9JQpMZOUKJ24n2E6Mr79fLJK1a4EMWuHZ5uXNk
=grTK
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/en_US.ISO8859-1/books/handbook/ports/chapter.sgml b/en_US.ISO8859-1/books/handbook/ports/chapter.sgml
index a143ef597c..35ec7aac9b 100644
--- a/en_US.ISO8859-1/books/handbook/ports/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/ports/chapter.sgml
@@ -1,1267 +1,1306 @@
Installing Applications: Packages and PortsSynopsis
+ ports
+ packagesThere is only so much you can do with FreeBSD. If you are an
operating systems developer then the base system likely contains
everything you need. If that is not what you are planning to do with
FreeBSD then you will probably want to install additional
software—perhaps a web server, or a mail reader, or a graphical
environment such as KDE or
GNOME.If you have used a Unix system before you will know that the typical
procedure for installing third party software goes something like
this:Download the software, which might be distributed in source code
format, or as a binary.Unpack the software from its distribution format (typically a
tarball compressed with either &man.compress.1; or &man.gzip.1;).Locate the documentation (perhaps a README
file, or some files in a doc/ subdirectory) and
read up on how to install the software.If the software was distributed in source format, compile it.
This may involve editing a Makefile, or
running a configure script, and other work.Test and install the software.And that is only if everything goes well. If you are installing a
software package that was not deliberately ported to FreeBSD you may
even have to go in and edit the code to make it work properly.Should you want to, you can continue to install software the
traditional way with FreeBSD. However, FreeBSD
provides two technologies which can save you a lot of effort;
packages and ports. At the time of writing, over &os.numports;
third party applications have been made available in this
way.For any given application, the FreeBSD package for that application
is a single file which you must download. The package contains
pre-compiled copies of all the commands for the application, as well as
any configuration files or documentation. A downloaded package file can
be manipulated with FreeBSD pkg_* commands, such as
&man.pkg.add.1; &man.pkg.delete.1;, &man.pkg.info.1;, and so on.Installing a new application can be carried out with a single
command.A FreeBSD port for an application is a collection of files designed
to automate the process of compiling an application from source
code.Remember that there are a number of steps you would normally carry
out if you compiled a program yourself (unpacking, patching, compiling,
installing). The files that make up a port contain all the necessary
information to allow the system to do this for you. You run a handful
of simple commands and the source code for the application is
automatically downloaded, extracted, patched, compiled, and installed
for you.In fact, the ports system can also be used to generate packages
which can later be manipulated with the pkg_*
commands.Both packages and ports understand
dependencies. Suppose you want to install an
application that depends on a specific library being installed. Both
the application and the library have been made available as FreeBSD
ports and packages. If you use the pkg_add command
or the ports system to add the application, both will notice that the
library has not been installed, and the commands will install the
library first.Given that the two technologies are quite similar, you might be
wondering why FreeBSD bothers with both. Packages and ports both have
their own strengths, and which one you use will depend on your own
preference.Package benefitsA compressed package tarball is typically smaller than the
compressed tarball containing the source code for the application.Packages do not require any additional compilation. For large
applications, such as Mozilla,
KDE, or GNOME
this can be important, particularly if you are on a slow system.Packages do not require you to understand any of the process
involved in compiling software on FreeBSD.Ports benefitsPackages are normally compiled with conservative options,
because they have to run on the maximum number of systems. By
installing from the port, you can tweak the compilation options to
(for example) generate code that is specific to a 686 processor.Some packages have compile time options relating to what they
can and can't do. For example, Apache
can be configured with a wide variety of different builtin options.
By building from the port you do not have to accept the default
options, and can set them yourself.In some cases, multiple packages will exist for the same
application to specify certain settings. For example,
Ghostscript is available as a
ghostscript package and a
ghostscript-nox11 package, depending on whether
or not you have installed an X11 server. This sort of rough
tweaking is possible with packages, but rapidly becomes impossible
if an application has more than one or two different compile time
options.The licensing conditions of some software distributions forbid
binary distribution. They must be distributed as source
code.Some people do not trust binary distributions. At least with
source code, you can (in theory) read through it and look for
potential problems yourself.If you have local patches, you will need the source in order to
apply them.Some people like having code around, so they can read it if they
get bored, hack it, borrow from it (license permitting, of course),
and so on.To keep track of updated ports, subscribe to
freebsd-ports.The remainder of this chapter will explain how to use packages and
ports to install and manage third party software on FreeBSD.Finding your applicationBefore you can install any applications you need to know what you
want, and what the application is called.FreeBSD's list of available applications is growing all the
time. Currently there are over &os.numports; applications
available as packages or ports. There are a number of ways to
find what you want.The FreeBSD web site maintains an up-to-date searchable list of
all the available applications, at
http://www.FreeBSD.org/ports/.
The name space is divided in to categories, and you may either
search for an application by name (if you know it), or you can list
all the applications available in a category.Dan Langille maintains FreshPorts, at
http://www.freshports.org/.
FreshPorts tracks changes to the applications in the ports tree as
they happen, and allows you to watch one or more
ports, and will send you an e-mail when they are updated.If you do not know the name of the application you want, try
using a site like FreshMeat
(http://www.freshmeat.net/)
or AppWatch
(http://www.appwatch.com/)
to find an application, then check back at the FreeBSD site to see
if the application has been ported yet.ChernLeeContributedUsing the Packages SystemInstalling a Package
+
+ packages
+ installing
+
+
+ pkg_add
+ You can use the &man.pkg.add.1; utility to install a
FreeBSD software package from a local file or from a server on
the network.Downloading a package and then installing it locally&prompt.root; ftp ftp2.freebsd.org
Connected to ftp2.freebsd.org.
220 ftp2.freebsd.org FTP server (Version 6.00LS) ready.
331 Guest login ok, send your email address as password.
230-
230- This machine is in Vienna, VA, USA, hosted by Verio.
230- Questions? E-mail freebsd@vienna.verio.net.
230-
230-
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>cd /pub/FreeBSD/ports/packages/irc
250 CWD command successful.
ftp>get xchat-1.7.1.tgz
local: xchat-1.7.1.tgz remote: xchat-1.7.1.tgz
150 Opening BINARY mode data connection for 'xchat-1.7.1.tgz' (471488 bytes).
100% |**************************************************| 460 KB 00:00 ETA
226 Transfer complete.
471488 bytes received in 5.37 seconds (85.70 KB/s)
ftp>exit
&prompt.root; pkg_add xchat-1.7.1.tgz
&prompt.root;If you don't have a source of local packages (such as a
FreeBSD CDROM set) then it will probably be easier to use the
-r option to &man.pkg.add.1;. This will cause the utility to
automatically determine the correct object format and release
and then to fetch and install the package from an FTP site.
+
+ pkg_add&prompt.root; pkg_add -r xchat-1.7.1This would download the correct package and add it without
any further user intervention.Package files are distributed in .tgz format. You can
find them at
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/,
or on the FreeBSD CDROM distribution. Every CD on the
FreeBSD 4-CD set (and PowerPak, etc) contains packages in
the /packages directory. The layout of
the packages is similar to that of the
/usr/ports tree. Each category has its
own directory, and every package can be found within the
All directory.
The directory structure of the package system is homologous
to that of the ports; they work with each other to form the entire
package/port system.
Deleting a Package&prompt.root pkg_delete xchat-1.7.1
+
+ pkg_delete
+
+
+ packages
+ deleting
+ &man.pkg.delete.1; is the utility for removing
previously installed software package distributions.
Managing packages
+
+ packages
+ managing
+ &man.pkg.info.1; a utility that lists and describes
the various packages installed.
+
+ pkg_info
+ &prompt.root pkg_info
cvsup-bin-16.1 A general network file distribution system optimized for CV
docbook-1.2 Meta-port for the different versions of the DocBook DTD
...&man.pkg.version.1; a utility that summarizes the
versions of all installed packages. It compares the package
version to the current version found in the ports tree.
&prompt.root pkg_version
cvsup-bin =
docbook =
...The symbols in the second column indicate the relative age
of the installed version and the version available in the local
ports tree.SymbolMeaning=The version of the
installed package matches that of the one found in the
local ports tree.<The installed version is older then the one available
in the ports tree.>The installed version is newer
than the one found in the local ports tree. (local ports
tree is probably out of date)?The installed package cannot be
found in the ports index.*There are multiple versions of the
package.Miscellaneous&man.pkg.add.1; &man.pkg.delete.1; &man.pkg.info.1;
&man.pkg.version.1; &man.pkg.create.1;
All package information is stored within the
/var/db/pkg directory. The listing
of contents and descriptions of each package can be found within
files in this directory.
Using the Ports CollectionThe following sections provide basic instructions on using the
ports collection to install or remove programs from your
system.Installing Ports
+
+ ports
+ installing
+ The first thing that should be explained
when it comes to the Ports collection is what is actually meant
by a skeleton. In a nutshell, a port skeleton is a
minimal set of files that are needed for a program to compile and
install cleanly on FreeBSD. Each port skeleton includes:A Makefile. The
Makefile contains various statements that
specify how the application should be compiled and where it
should be installed on your systemA distinfo file. This file contains
information about the files that must be downloaded to build the
port, and checksums, to ensure that those files have not been
corrupted during the download.A files directory. This directory
contains patches to make the program compile and install on
your FreeBSD system. Patches are basically small files that
specify changes to particular files. They are in plain text
format, and basically say Remove line 10 or
Change line 26 to this .... Patches are also
known as diffs because they are generated by the
diff program.This directory may also contain other files used in building
the port.A pkg-comment file. This is a one-line
description of the program.A pkg-descr file. This is a more
detailed, often multiple-line, description of the program.A pkg-plist file. This is a list of all
the files that will be installed by the port. It also tells the
ports system what files to remove upon deinstallation.Now that you have enough background information to know what
the Ports collection is used for, you are ready to install your
first port. There are two ways this can be done, and each is
explained below.Before we get into that however, you will need to choose a
port to install. There are a few ways to do this, with the
easiest method being the ports listing on the FreeBSD
web site. You can browse through the ports listed there
or use the search function on the site. Each port also includes
a description so you can read a bit about each port before
deciding to install it.Another method is to use the whereis
command. To use whereis, simply type
whereis <program you want to
install> at the prompt, and if it is found on
your system, you will be told where it is, like so:&prompt.root; whereis xchat
xchat: /usr/ports/irc/xchatThis tells us that xchat (an irc client)
can be found in the
/usr/ports/irc/xchat directory.Yet another way of finding a particular port is by using the
Ports collection's built-in search mechanism. To use the search
feature, you will need to be in the
/usr/ports directory. Once in that
directory, run make search key=program-name
where program-name is the name of the program you
want to find. For example, if you were looking for
xchat:&prompt.root; cd /usr/ports
&prompt.root; make search key=xchat
Port: xchat-1.3.8
Path: /usr/ports/irc/xchat
Info: An X11 IRC client using the GTK+ toolkit, and optionally, GNOME
Maint: jim@FreeBSD.org
Index: irc
B-deps: XFree86-3.3.5 bzip2-0.9.5d gettext-0.10.35 giflib-4.1.0 glib-1.2.6 gmake-3.77 gtk-1.2.6
imlib-1.9.8 jpeg-6b png-1.0.3 tiff-3.5.1
R-deps: XFree86-3.3.5 gettext-0.10.35 giflib-4.1.0 glib-1.2.6 gtk-1.2.6 imlib-1.9.8 jpeg-6b
png-1.0.3 tiff-3.5.1The part of the output you want to pay particular attention
to is the Path: line, since that tells you where to
find it. The other information provided is not needed in order
to install the port directly, so it will not be covered
here.You must be the root user to install
ports.Now that you have found a port you would like to install, you
are ready to do the actual installation.Installing ports from a CDROM
+
+ ports
+ installing from CDROM
+ As you may have guessed from the title, everything
described in this section assumes you have a FreeBSD CDROM set.
If you do not, you can order one from the FreeBSD Mall.Assuming that your FreeBSD CDROM is in the drive and is
mounted on /cdrom (and the mount point
must be /cdrom),
you are ready to install the port. To begin, change directories
to the directory where the port you want to install lives:&prompt.root; cd /usr/ports/irc/xchatOnce inside the xchat directory,
you will see the port
skeleton. The next step is to compile (also called build) the
port. This is done by simply typing make at
the prompt. Once you have done so, you should see something
like this:&prompt.root; make
>> xchat-1.3.8.tar.bz2 doesn't seem to exist on this system.
>> Attempting to fetch from file:/cdrom/ports/distfiles/.
===> Extracting for xchat-1.3.8
>> Checksum OK for xchat-1.3.8.tar.bz2.
===> xchat-1.3.8 depends on executable: bzip2 - found
===> xchat-1.3.8 depends on executable: gmake - found
===> xchat-1.3.8 depends on shared library: gtk12.2 - found
===> xchat-1.3.8 depends on shared library: Imlib.5 - found
===> xchat-1.3.8 depends on shared library: X11.6 - found
===> Patching for xchat-1.3.8
===> Applying FreeBSD patches for xchat-1.3.8
===> Configuring for xchat-1.3.8
...
[configure output snipped]
...
===> Building for xchat-1.3.8
...
[compilation snipped]
...
&prompt.root;Take notice that once the compile is complete you are
returned to your prompt. The next step is to install the
port. In order to install it, you simply need to tack one word
onto the make command, and that word is
install:&prompt.root; make install
===> Installing for xchat-1.3.8
===> xchat-1.3.8 depends on shared library: gtk12.2 - found
===> xchat-1.3.8 depends on shared library: Imlib.5 - found
===> xchat-1.3.8 depends on shared library: X11.6 - found
...
[install routines snipped]
...
===> Generating temporary packing list
===> Installing xchat docs in /usr/X11R6/share/doc/xchat
===> Registering installation for xchat-1.3.8
&prompt.root;Once you are returned to your prompt, you should be able to
run the application you just installed.You can save an extra step by just running make
install instead of make and
make install as two separate steps.Please be aware that the licenses of a few ports do not
allow for inclusion on the CDROM. This could be for various
reasons, including things such as registration form needs
to be filled out before downloading, if redistribution is not
allowed, and so on. If you wish to install a port not
included on the CDROM, you will need to be online in order to
do so (see the next
section).Installing ports from the InternetAs with the last section, this section makes an assumption
that you have a working Internet connection. If you do not,
you will need to do the CDROM
installation.Installing a port from the Internet is done exactly the same
way as it would be if you were installing from a CDROM. The
only difference between the two is that the program's source
code is downloaded from the Internet instead of pulled from the
CDROM.The steps involved are identical:&prompt.root; make install
>> xchat-1.3.8.tar.bz2 doesn't seem to exist on this system.
>> Attempting to fetch from http://xchat.org/files/v1.3/.
Receiving xchat-1.3.8.tar.bz2 (305543 bytes): 100%
305543 bytes transferred in 2.9 seconds (102.81 Kbytes/s)
===> Extracting for xchat-1.3.8
>> Checksum OK for xchat-1.3.8.tar.bz2.
===> xchat-1.3.8 depends on executable: bzip2 - found
===> xchat-1.3.8 depends on executable: gmake - found
===> xchat-1.3.8 depends on shared library: gtk12.2 - found
===> xchat-1.3.8 depends on shared library: Imlib.5 - found
===> xchat-1.3.8 depends on shared library: X11.6 - found
===> Patching for xchat-1.3.8
===> Applying FreeBSD patches for xchat-1.3.8
===> Configuring for xchat-1.3.8
...
[configure output snipped]
...
===> Building for xchat-1.3.8
...
[compilation snipped]
...
===> Installing for xchat-1.3.8
===> xchat-1.3.8 depends on shared library: gtk12.2 - found
===> xchat-1.3.8 depends on shared library: Imlib.5 - found
===> xchat-1.3.8 depends on shared library: X11.6 - found
...
[install routines snipped]
...
===> Generating temporary packing list
===> Installing xchat docs in /usr/X11R6/share/doc/xchat
===> Registering installation for xchat-1.3.8
&prompt.root;As you can see, the only difference is the line that tells
you where the system is fetching the port from.That about does it for installing ports onto your
system. In the next section you will learn how to remove a
port from your system.Removing Installed Ports
+
+ ports
+ removing
+ Now that you know how to install ports, you are probably
wondering how to remove them, just in case you install one and
later on you decide that you installed the wrong port. The next
few paragraphs will cover just that.Now we will remove our previous example (which was
xchat for
those of you not paying attention). As with installing ports,
the first thing you must do is change to the port directory,
which if you remember was
/usr/ports/irc/xchat. After you change
directories, you are ready to uninstall xchat.
This is done with
the make deinstall command (makes sense
right?):&prompt.root; cd /usr/ports/irc/xchat
&prompt.root; make deinstall
===> Deinstalling for xchat-1.3.8
&prompt.root;That was easy enough. You have now managed to remove
xchat
from your system. If you would like to reinstall it, you can do
so by running make reinstall from the
/usr/ports/irc/xchat directory.TroubleshootingThe following sections cover some of the more frequently asked
questions about the Ports collection and some basic troubleshooting
techniques, and what do to if a port is broken.Some Questions and AnswersI thought this was going to be a discussion about
modems??!Ah, you must be thinking of the serial ports on the back
of your computer. We are using port here to
mean the result of porting a program from one
version of Unix to another.What is a patch?A patch is a small file that specifies how to go from
one version of a file to another. It contains plain text,
and basically says things like delete line 23,
add these two lines after line 468, or
change line 197 to this. They are also known
as diffs because they are generated by the
diff program.
+ tarballWhat is all this about
tarballs?It is a file ending in .tar, or
with variations such as .tar.gz,
.tar.Z, .tar.bz2,
and even .tgz.Basically, it is a directory tree that has been archived
into a single file (.tar) and
optionally compressed (.gz). This
technique was originally used for Tape
ARchives (hence the name
tar), but it is a widely used way of
distributing program source code around the Internet.You can see what files are in them, or even extract them
yourself by using the standard Unix tar program, which comes
with the base FreeBSD system, like this:&prompt.user; tar tvzf foobar.tar.gz
&prompt.user; tar xzvf foobar.tar.gz
&prompt.user; tar tvf foobar.tar
&prompt.user; tar xvf foobar.tar
+ checksumAnd a checksum?It is a number generated by adding up all the data in
the file you want to check. If any of the characters
change, the checksum will no longer be equal to the total,
so a simple comparison will allow you to spot the
difference.I did what you said for compiling ports from a CDROM and
it worked great until I tried to install the kermit
port.&prompt.root; make install
>> cku190.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://kermit.columbia.edu/kermit/archives/.Why can it not be found? Have I got a dud CDROM?As was explained in the compiling ports from CDROM
section, some ports cannot be put on the CDROM set
due to licensing restrictions. Kermit is an example of
that. The licensing terms for kermit do not allow us to put
the tarball for it on the CDROM, so you will have to fetch
it by hand—sorry!The reason why you got all those error messages was
because you were not connected to the Internet at the time.
Once you have downloaded it from any of the MASTER_SITES
(listed in the Makefile), you can restart the install
process.I did that, but when I tried to put it into
/usr/ports/distfiles I got some error
about not having permission.The ports mechanism looks for the tarball in
/usr/ports/distfiles, but you will not
be able to copy anything there because it is symlinked to
the CDROM, which is read-only. You can tell it to look
somewhere else by doing:&prompt.root; make DISTDIR=/where/you/put/it installDoes the ports scheme only work if you have everything
in /usr/ports? My system administrator
says I must put everything under
/u/people/guests/wurzburger, but it
does not seem to work.You can use the PORTSDIR and
PREFIX variables to tell the ports
mechanism to use different directories. For
instance,&prompt.root; make PORTSDIR=/u/people/guests/wurzburger/ports installwill compile the port in
/u/people/guests/wurzburger/ports and
install everything under
/usr/local.&prompt.root; make PREFIX=/u/people/guests/wurzburger/local installwill compile it in /usr/ports and
install it in
/u/people/guests/wurzburger/local.And of course,&prompt.root; make PORTSDIR=../ports PREFIX=../local installwill combine the two (it is too long to write fully on
the page, but it should give you the general idea).Some ports that use &man.imake.1; (a part of the X Windows
System) don't work well with PREFIX, and will insist on
installing under /usr/X11R6. Similarly, some Perl ports
ignore PREFIX and install in the Perl tree. Making these
ports respect PREFIX is a difficult or impossible
job.If you do not fancy typing all that in every time you
install a port, it is a good idea to put these variables
into your environment. Read the man page for your shell for
instructions on doing so.I do not have a FreeBSD CDROM, but I would like to have
all the tarballs handy on my system so I do not have to wait
for a download every time I install a port. Is there any
way to get them all at once?To get every single tarball for the Ports collection,
do:&prompt.root; cd /usr/ports
&prompt.root; make fetchFor all the tarballs for a single ports directory,
do:&prompt.root; cd /usr/ports/directory
&prompt.root; make fetchand for just one port—well, you have probably
guessed already.I know it is probably faster to fetch the tarballs from
one of the FreeBSD mirror sites close by. Is there any way
to tell the port to fetch them from servers other than the
ones listed in the MASTER_SITES?Yes. If you know, for example, that ftp.FreeBSD.org is much closer to you
than the sites listed in MASTER_SITES,
do as follows:&prompt.root; cd /usr/ports/directory
&prompt.root; make MASTER_SITE_OVERRIDE= \
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ fetchI want to know what files make is
going to need before it tries to pull them down.make fetch-list will display a list
of the files needed for a port.Is there any way to stop the port from compiling? I
want to do some hacking on the source before I install it,
but it is a bit tiresome to watch it and hit control-C every
time.Doing make extract will stop it
after it has fetched and extracted the source code.I am trying to make my own port and I want to be able
to stop it compiling until I have had a chance to see if my
patches worked properly. Is there something like
make extract, but for patches?Yep, make patch is what you want.
You will probably find the PATCH_DEBUG
option useful as well. And by the way, thank you for your
efforts!I have heard that some compiler options can cause bugs.
Is this true? How can I make sure that I compile ports
with the right settings?Yes, with version 2.6.3 of gcc (the
version shipped with FreeBSD 2.1.0 and 2.1.5), the
option could result in buggy code
unless you used the
option as well. (Most of the ports do not use
). You should be
able to specify the compiler options used by something
like:&prompt.root; make CFLAGS='-O2 -fno-strength-reduce' installor by editing /etc/make.conf, but
unfortunately not all ports respect this. The surest way
is to do make configure, then go into
the source directory and inspect the Makefiles by hand, but
this can get tedious if the source has lots of
sub-directories, each with their own Makefiles.The default FreeBSD compiler options are quite conservative,
so if you have not changed them you should not have any
problems.There are so many ports it is hard to find the one I
want. Is there a list anywhere of what ports are
available?Look in the INDEX file in
/usr/ports. If you would like to
search the ports collection for a keyword, you can do that
too. For example, you can find ports relevant to the LISP
programming language using:&prompt.user; cd /usr/ports
&prompt.user; make search key=lispI went to install the foo port but
the system suddenly stopped compiling it and starting
compiling the bar port. What is going
on?The foo port needs something that is
supplied with bar — for instance,
if foo uses graphics,
bar might have a library with useful
graphics processing routines. Or bar
might be a tool that is needed to compile the
foo port. I installed the
grizzle program from the ports and
frankly it is a complete waste of disk space. I want to
delete it but I do not know where it put all the files.
Any clues?No problem, just do:&prompt.root; pkg_delete grizzle-6.5Alternatively, you can do:&prompt.root; cd /usr/ports/somewhere/grizzle
&prompt.root; make deinstallHang on a minute, you have to know the version number
to use that command. You do not seriously expect me to
remember that, do you??Not at all, you can find it out by doing:&prompt.root; pkg_info -I 'grizzle*'
Information for grizzle-6.5:
grizzle-6.5 - the combined piano tutorial, LOGO interpreter and shoot 'em up
arcade game.Talking of disk space, the ports directory seems to be
taking up an awful lot of room. Is it safe to go in there
and delete things?Yes, if you have installed the program and are fairly
certain you will not need the source again, there is no
point in keeping it hanging around. The best way to do
this is:&prompt.root; cd /usr/ports
&prompt.root; make cleanwhich will go through all the ports subdirectories and
delete everything except the skeletons for each
port.I tried that and it still left all those tarballs or
whatever you called them in the
distfiles directory. Can I delete
those as well?Yes, if you are sure you have finished with them,
those can go as well. They can be removed manually, or by
using make distclean.I like having lots and lots of programs to play with.
Is there any way of installing all the ports in one
go?Just do:&prompt.root; cd /usr/ports
&prompt.root; make installBe careful, as some ports may install files with the same
name. If you install two graphics ports and they both install
/usr/local/bin/plot then you will obviously
have problems.OK, I tried that, but I thought it would take a very
long time so I went to bed and left it to get on with it.
When I looked at the computer this morning, it had only
done three and a half ports. Did something go
wrong?No, the problem is that some of the ports need to ask
you questions that we cannot answer for you (e.g., Do
you want to print on A4 or US letter sized paper?)
and they need to have someone on hand to answer
them.I really do not want to spend all day staring at the
monitor. Any better ideas?OK, do this before you go to bed/work/the local
park:&prompt.root cd /usr/ports
&prompt.root; make -DBATCH installThis will install every port that does
not require user input. Then, when
you come back, do:&prompt.root; cd /usr/ports
&prompt.root; make -DINTERACTIVE installto finish the job.At work, we are using frobble, which
is in your Ports collection, but we have altered it quite a
bit to get it to do what we need. Is there any way of making
our own packages, so we can distribute it more easily around
our sites?No problem, assuming you know how to make patches for
your changes:&prompt.root; cd /usr/ports/somewhere/frobble
&prompt.root; make extract
&prompt.root; cd work/frobble-2.8
[Apply your patches]
&prompt.root; cd ../..
&prompt.root; make packageThis ports stuff is really clever. I am desperate to
find out how you did it. What is the secret?Nothing secret about it at all, just look at the
bsd.port.mk and
bsd.port.subdir.mk files in your
makefiles
directory.(Readers with an aversion to intricate shell-scripts are
advised not to follow this link...)Help! This port is broken!If you come across a port that doesn't work for you, there are
a few things you can do, including:Fix it! The Porter's
Handbook should help you do this.Gripe—by email only! Send
email to the maintainer of the port first. Type make
maintainer or read the Makefile
to find the maintainer's email address. Remember to include
the name and version of the port (send the
$FreeBSD: line from the
Makefile) and the output leading up to the
error when you email the maintainer. If you do not get a
response from the maintainer, you can use
send-pr to submit a bug report.Grab the package from an ftp site near you. The
master package collection is on ftp.FreeBSD.org in the packages
directory, but be sure to check your local mirror
first! These are more likely to work
than trying to compile from source and are a lot faster as
well. Use the &man.pkg.add.1; program to install the package
on your system.Advanced TopicsThe documentation that was here has been moved to its own Porter's Handbook for ease of
reference. Please go there if you wish to create and submit your own
ports.
diff --git a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
index ff601288fb..97212a3f5e 100644
--- a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
@@ -1,2845 +1,2862 @@
PPP and SLIPRestructured, reorganized, and updated by &a.jim;,
1 March 2000.SynopsisPPPSLIPIf you are connecting to the Internet via modem, or wish to
provide dial-up connections to the Internet for others using FreeBSD,
you have the option of using PPP or SLIP.PPPuser PPPPPPkernel PPPPPPover EthernetThis chapter covers three varieties of PPP;
user, kernel, and
PPPoE (PPP over Ethernet). It also covers
setting up a SLIP client and server.The first variety of PPP that will be covered is User PPP. User
PPP was introduced into FreeBSD in 2.0.5-RELEASE as an addition to
the already existing kernel implementation of PPP.You may be wondering what the main difference is between User
PPP and kernel PPP. The answer is simple; user PPP does not run as
a daemon, and can run as and when desired. No PPP interface needs
to be compiled into their kernel; it runs as a user process, and uses
the tunnel device driver (tun) to get data
into and out of the kernel.From here on out in this chapter, user ppp will simply be
referred to as ppp unless a distinction needs to be made between it
and any other PPP software such as pppd.
Unless otherwise stated, all of the commands explained in this
section should be executed as root.Using User PPPOriginally contributed by &a.brian;, with input
from &a.nik;, &a.dirkvangulik;, and &a.pjc;.User PPPAssumptionsThis document assumes you have the following:ISPPPPAn account with an Internet Service Provider (ISP) which
you connect to using PPP. Further, you have a modem or
other device connected to your system and configured
correctly, which allows you to connect to your ISP.The dial-up number(s) of your ISP.PAPCHAPUnixlogin namepasswordYour login name and password. This can be either a
regular Unix-style login and password pair, or a PAP or CHAP
login and password pair.name serverThe IP address(es) of one or more name servers.
Normally, you will be given two IP addresses by your ISP to
use for this. If they have not given you at least one, then
you can use the enable dns command in
your ppp.conf file to tell
ppp to set the name servers for
you.The following information may be supplied by your ISP, but
is not completely necessary:The IP address of your ISP's gateway. The gateway is
the machine to which you will connect and will be set up as
your default route. If you do not have
this information, we can make one up and your ISP's PPP
server will tell us the correct value when we connect.This IP number is referred to as
HISADDR by
ppp.The netmask you should use. If your ISP has not
provided you with one, you can safely use 255.255.255.0.static IP addressIf your ISP provides you with a static IP address and
hostname, you can enter it. Otherwise, we simply let the
peer assign whatever IP address it sees fit.If you do not have any of the required information, contact
your ISP and make sure they provide it to you.Preparing the KernelAs previously mentioned, ppp
uses the tun device, and whichever kernel
you are using must have tun configured.
The tun device is preconfigured
for the default GENERIC kernel that ships
with FreeBSD. However, if you have installed a custom kernel,
you must make sure your kernel is configured for ppp.kernelcompilationTo check, go to your kernel compile directory
(/sys/i386/conf or
/sys/pc98/conf) and examine your
configuration file. It should have the following line somewhere
in it:pseudo-device tun 1If this line is not present, you will need to add it to the
configuration file and recompile your kernel. The stock
GENERIC kernel has this included, so if you
have not installed a custom kernel or do not have a
/sys directory, you do not have to change
anything. If you do need to recompile your kernel, please refer
to the kernel configuration
section for more information.You can check how many tunnel devices your current kernel
has by typing the following:&prompt.root; ifconfig -a
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 200.10.100.1 --> 203.10.100.24 netmask 0xffffffff
tun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 576
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 203.10.100.1 --> 203.10.100.20 netmask 0xffffffff
tun3: flags=8010<POINTOPOINT,MULTICAST> mtu 1500In FreeBSD 4.0 and later releases, you will only see any
tun devices which have already been
used. This means you might not see anytun devices. If this is the case, do
not worry; the device should be created dynamically when
ppp attempts to use it.This case shows four tunnel devices, two of which are
currently configured and being used. It should be noted that
the RUNNING flag above indicates that the
interface has been used at some point—it is not an error
if your interface does not show up as
RUNNING.If for some reason you have a kernel that does not have the
tun device in it and cannot recompile
the kernel, all is not lost. You should be able to dynamically
load the code. Please refer to the appropriate
&man.modload.8; and &man.lkm.4; man pages for further
details.Check the tun deviceUnder normal circumstances, most users will only require one
tun device
(/dev/tun0). If you have specified more
than one on the pseudo-device line for
tun in your kernel configuration file,
then alter all references to tun0 below
to reflect whichever device number you are using (e.g.,
tun2).The easiest way to make sure that the
tun0 device is configured correctly,
is to remake the device. This process is quite easy. To remake
the device, do the following:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun0If you need 16 tunnel devices in your kernel, you will need
to create them. This can be done by executing the following
commands:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun15To confirm that the kernel is configured correctly, issue
the follow command and compare the results:&prompt.root; ifconfig tun0
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mut 1500The RUNNING flag may not yet be set, in
which case you will see:&prompt.root; ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500Remember from earlier that you might not see the device if it
has not been used yet, as tun devices are
created on demand in FreeBSD 4.0 and later releases.Name Resolution Configurationresolver
- hostname
- hosts
+
+ hostname
+
+
+ hosts
+ The resolver is the part of the system that turns IP
addresses into hostnames and vice versa. It can be configured
to look for maps that describe IP to hostname mappings in one of
two places. The first is a file called
/etc/hosts. Read &man.hosts.5; for more
information. The second is the Internet Domain Name Service
(DNS), a distributed data base, the discussion of which is
beyond the scope of this document.The resolver is a set of system calls that do the name
mappings, but you have to tell them where to find their
information. You do this by first editing the file
/etc/host.conf. Do not
call this file /etc/hosts.conf (note the
extra s) as the results can be
confusing.Edit /etc/host.confThis file should contain the following two lines (in this
order):hosts
bindThese instruct the resolver to first look in the file
/etc/hosts, and then to consult the DNS
if the name was not found.Edit /etc/hostsThis file should contain the IP addresses and names of
machines on your network. At a bare minimum it should contain
entries for the machine which will be running ppp. Assuming
that your machine is called foo.bar.com with the IP address 10.0.0.1,
/etc/hosts should contain:127.0.0.1 localhost.bar.com localhost
127.0.0.1 localhost.bar.com.
10.0.0.1 foo.bar.com foo
10.0.0.1 foo.bar.com.The first two lines define the alias
localhost as a synonym for the current
machine. Regardless of your own IP address, the IP address
for this line should always be 127.0.0.1. The second two lines map
the name foo.bar.com (and the
shorthand foo) to the IP address 10.0.0.1.If your provider allocates you a static IP address and
name, use them in place of the 10.0.0.1 entry.Edit /etc/resolv.confThe /etc/resolv.conf file tells the
resolver how to behave. If you are running your own DNS, you
may leave this file empty. Normally, you will need to enter
the following line(s):domain bar.com
nameserver x.x.x.x
nameserver y.y.y.yThe x.x.x.x and
y.y.y.y
addresses are those given to you by your ISP. Add as many
nameserver lines as your ISP provides. The
domain line defaults to your hostname's
domain, and is probably unnecessary. Refer to the
&man.resolv.conf.5; manual page for details of other possible
entries in this file.PPPISPIf you are running PPP version 2 or greater, the
enable dns command will tell PPP to request
that your ISP confirms the nameserver values. If your ISP
supplies different addresses (or if there are no nameserver
lines in /etc/resolv.conf), PPP will
rewrite the file with the ISP-supplied values.PPP ConfigurationPPPconfigurationBoth ppp and pppd
(the kernel level implementation of PPP) use the configuration
files located in the /usr/share/examples/ppp directory.
The sample configuration files provided are a good reference,
so do not delete them.Configuring ppp requires that you edit a
number of files, depending on your requirements. What you put
in them depends to some extent on whether your ISP allocates IP
addresses statically (i.e., you get given one IP address, and
always use that one) or dynamically (i.e., your IP address
changes each time you connect to your ISP).PPP and Static IP AddressesPPPwith static IP addressesYou will need to create a configuration file called
/etc/ppp/ppp.conf. It should look
similar to the example below.Lines that end in a : start in the
first column, all other lines should be indented as shown
using spaces or tabs.1 default:
2 set device /dev/cuaa0
3 set speed 115200
4 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT"
5 provider:
6 set phone "(123) 456 7890"
7 set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp"
8 set timeout 300
9 set ifaddr x.x.x.xy.y.y.y 255.255.255.0 0.0.0.0
10 add default HISADDR
11 enable dnsDo not include the line numbers, they are just for
reference in this discussion.Line 1:Identifies the default entry. Commands in this
entry are executed automatically when ppp is run.Line 2:Identifies the device to which the modem is
connected. COM1 is
/dev/cuaa0 and
COM2 is
/dev/cuaa1.Line 3:Sets the speed you want to connect at. If 115200
does not work (it should with any reasonably new modem),
try 38400 instead.Line 4:PPPuser PPPThe dial string. User PPP uses an expect-send
syntax similar to the &man.chat.8; program. Refer to
the manual page for information on the features of this
language.Line 5:Identifies an entry for a provider called
provider.Line 6:Sets the phone number for this provider. Multiple
phone numbers may be specified using the colon
(:) or pipe character
(|)as a separator. The difference
between the two separators is described in &man.ppp.8;.
To summarize, if you want to rotate through the numbers,
use a colon. If you want to always attempt to dial the
first number first and only use the other numbers if the
first number fails, use the pipe character. Always
quote the entire set of phone numbers as shown.Line 7:The login string is of the same chat-like syntax as
the dial string. In this example, the string works for
a service whose login session looks like this:J. Random Provider
login: foo
password: bar
protocol: pppYou will need to alter this script to suit your own
needs. When you write this script for the first time,
you should enable chat logging to ensure
that the conversation is going as expected.PAPCHAPIf you are using PAP or CHAP, there will be no login
at this point, so your login string can be left blank.
See PAP and CHAP
authentication for further details.Line 8:timeoutSets the default timeout (in seconds) for the
connection. Here, the connection will be closed
automatically after 300 seconds of inactivity. If you
never want to timeout, set this value to zero.Line 9:ISPSets the interface addresses. The string
x.x.x.x should be replaced by
the IP address that your provider has allocated to you.
The string y.y.y.y should be
replaced by the IP address that your ISP indicated for
their gateway (the machine to which you connect). If
your ISP hasn't given you a gateway address, use 10.0.0.2/0. If you need to use
a guessed address, make sure that you
create an entry in
/etc/ppp/ppp.linkup as per the
instructions for PPP
and Dynamic IP addresses. If this line is
omitted, ppp cannot run in
or
mode.Line 10:Adds a default route to your ISP's gateway. The
special word HISADDR is replaced with
the gateway address specified on line 9. It is
important that this line appears after line 9,
otherwise HISADDR will not yet be
initialized.Line 11:nameserverThis line tells PPP to ask your ISP to confirm that
your nameserver addresses are correct. If your ISP
supports this facility, PPP can then update
/etc/resolv.conf with the correct
nameserver entries.It is not necessary to add an entry to
ppp.linkup when you have a static IP
address as your routing table entries are already correct
before you connect. You may however wish to create an entry
to invoke programs after connection. This is explained later
with the sendmail example.Example configuration files can be found in the
/usr/share/examples/ppp directory.PPP and Dynamic IP AddressesPPPwith dynamic IP addressesIPCPIf your service provider does not assign static IP
addresses, ppp can be configured to
negotiate the local and remote addresses. This is done by
guessing an IP address and allowing
ppp to set it up correctly using the IP
Configuration Protocol (IPCP) after connecting. The
ppp.conf configuration is the same as
PPP and Static IP
Addresses, with the following change:9 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0Again, do not include the line numbers, they are just for
reference. Indentation of at least one space is
required.Line 9:The number after the / character
is the number of bits of the address that ppp will
insist on. You may wish to use IP numbers more
appropriate to your circumstances, but the above example
will always work.The last argument (0.0.0.0) tells
PPP to negotiate using address 0.0.0.0 rather than 10.0.0.1. Do not use
0.0.0.0 as the first argument to
set ifaddr as it prevents PPP from
setting up an initial route in
mode.If you are running version 1.x of PPP, you will also need
to create an entry in /etc/ppp/ppp.linkup.
ppp.linkup is used after a connection has
been established. At this point, ppp will
know what IP addresses should really be
used. The following entry will delete the existing bogus
routes, and create correct ones:1 provider:
2 delete ALL
3 add 0 0 HISADDRLine 1:On establishing a connection, ppp
will look for an entry in ppp.linkup
according to the following rules: First, try to match
the same label as we used in
ppp.conf. If that fails, look for
an entry for the IP address of our gateway. This entry
is a four-octet IP style label. If we still have not
found an entry, look for the MYADDR
entry.Line 2:This line tells ppp to delete all
of the existing routes for the acquired
tun interface (except the
direct route entry).Line 3:This line tells ppp to add a
default route that points to HISADDR.
HISADDR will be replaced with the IP
number of the gateway as negotiated in the IPCP.See the pmdemand entry in the files
/usr/share/examples/ppp/ppp.conf.sample and
/usr/share/examples/ppp/ppp.linkup.sample for a
detailed example.Version 2 of PPP introduces sticky routes.
Any add or delete lines
that contain MYADDR or
HISADDR will be remembered, and any time
the actual values of MYADDR or
HISADDR change, the routes will be
reapplied. This removes the necessity of repeating these
lines in ppp.linkup.Receiving Incoming CallsPPPreceiving
incoming callsWhen you configure ppp to
receive incoming calls on a machine connected to a LAN, you
must decide if you wish to forward packets to the LAN. If you
do, you should allocate the peer an IP number from your LAN's
subnet, and use the command enable proxy in
your /etc/ppp/ppp.conf file. You should
also confirm that the /etc/rc.conf file
contains the following:gateway="YES"Which getty?Configuring FreeBSD for Dial-up
Services provides a good description on enabling
dial-up services using &man.getty.8;.An alternative to getty is mgetty,
a smarter version of getty designed with
dial-up lines in mind.The advantages of using mgetty is
that it actively talks to modems,
meaning if port is turned off in
/etc/ttys then your modem will not answer
the phone.Later versions of mgetty (from
0.99beta onwards) also support the automatic detection of
PPP streams, allowing your clients script-less access to
your server.Refer to Mgetty and
AutoPPP for more information on
mgetty.PPP PermissionsThe ppp command must normally be run
as user id 0. If however, you wish to allow
ppp to run in server mode as a normal
user by executing ppp as described below,
that user must be given permission to run
ppp by adding them to the
network group in
/etc/group.You will also need to give them access to one or more
sections of the configuration file using the
allow command:allow users fred maryIf this command is used in the default
section, it gives the specified users access to
everything.PPP Shells for Dynamic-IP UsersPPP shellsCreate a file called
/etc/ppp/ppp-shell containing the
following:#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENTThis script should be executable. Now make a symbolic
link called ppp-dialup to this script
using the following commands:&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialupYou should use this script as the
shell for all of your dialup users.
This is an example from /etc/password
for a dialup PPP user with username
pchilds (remember don't directly edit
the password file, use vipw).pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialupCreate a /home/ppp directory that
is world readable containing the following 0 byte
files:-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhostswhich prevents /etc/motd from being
displayed.PPP shells for Static-IP UsersPPP shellsCreate the ppp-shell file as above
and for each account with statically assigned IPs create a
symbolic link to ppp-shell.For example, if you have three dialup customers
fred, sam, and
mary, that you route class C networks
for, you would type the following:&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-maryEach of these users dialup accounts should have their
shell set to the symbolic link created above (i.e.,
mary's shell should be
/etc/ppp/ppp-mary).Setting up ppp.conf for dynamic-IP usersThe /etc/ppp/ppp.conf file should
contain something along the lines of:default:
set debug phase lcp chat
set timeout 0
ttyd0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxyThe indenting is important.The default: section is loaded for
each session. For each dialup line enabled in
/etc/ttys create an entry similar to
the one for ttyd0: above. Each line
should get a unique IP address from your pool of IP
addresses for dynamic users.Setting up ppp.conf for static-IP
usersAlong with the contents of the sample
/usr/share/examples/ppp/ppp.conf above you should add
a section for each of the statically assigned dialup users.
We will continue with our fred,
sam, and mary
example.fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255The file /etc/ppp/ppp.linkup should
also contain routing information for each static IP user if
required. The line below would add a route for the 203.14.101.0 class C via the
client's ppp link.fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDRMore on mgetty, AutoPPP, and MS
extensionsmgetty and AutoPPP
- mgetty
+
+ mgetty
+ AutoPPPLCPConfiguring and compiling mgetty with
the AUTO_PPP option enabled allows
mgetty to detect the LCP phase of PPP
connections and automatically spawn off a ppp shell.
However, since the default login/password sequence does not
occur it is necessary to authenticate users using either PAP
or CHAP.This section assumes the user has successfully
configured, compiled, and installed a version of
mgetty with the
AUTO_PPP option (v0.99beta or
later).Make sure your
/usr/local/etc/mgetty+sendfax/login.config
file has the following in it:/AutoPPP/ - - /etc/ppp/ppp-pap-dialupThis will tell mgetty to run the
ppp-pap-dialup script for detected PPP
connections.Create a file called
/etc/ppp/ppp-pap-dialup containing the
following (the file should be executable):#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENTFor each dialup line enabled in
/etc/ttys, create a corresponding entry
in /etc/ppp/ppp.conf. This will
happily co-exist with the definitions we created
above.pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxyEach user logging in with this method will need to have
a username/password in
/etc/ppp/ppp.secret file, or
alternatively add the following option to authenticate users
via PAP from /etc/password file.enable passwdauthIf you wish to assign some users a static IP number, you
can specify the number as the third argument in
/etc/ppp/ppp.secret. See
/usr/share/examples/ppp/ppp.secret.sample for
examples.MS extensionsDNSNetBIOSPPPMicrosoft extensionsIt is possible to configure PPP to supply DNS and
NetBIOS nameserver addresses on demand.To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
/etc/ppp/ppp.conf.enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5And for PPP version 2 and above:accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5This will tell the clients the primary and secondary
name server addresses, and a netbios nameserver host.In version 2 and above, if the
set dns line is omitted, PPP will use the
values found in /etc/resolv.conf.PAP and CHAP authenticationPAPCHAPSome ISPs set their system up so that the authentication
part of your connection is done using either of the PAP or
CHAP authentication mechanisms. If this is the case, your ISP
will not give a login: prompt when you
connect, but will start talking PPP immediately.PAP is less secure than CHAP, but security is not normally
an issue here as passwords, although being sent as plain text
with PAP, are being transmitted down a serial line only.
There's not much room for crackers to
eavesdrop.Referring back to the PPP
and Static IP addresses or PPP and Dynamic IP addresses
sections, the following alterations must be made:7 set login
…
12 set authname MyUserName
13 set authkey MyPasswordAs always, do not include the line numbers, they are just
for reference in this discussion. Indentation of at least one
space is required.Line 7:Your ISP will not normally require that you log into
the server if you're using PAP or CHAP. You must
therefore disable your set login
string.Line 12:This line specifies your PAP/CHAP user name. You
will need to insert the correct value for
MyUserName.Line 13:passwordThis line specifies your PAP/CHAP password. You
will need to insert the correct value for
MyPassword. You may want to
add an additional line, such as:15 accept PAPor15 accept CHAPto make it obvious that this is the intention, but
PAP and CHAP are both accepted by default.Changing your ppp configuration on the
flyIt is possible to talk to the ppp
program while it is running in the background, but only if a
suitable diagnostic port has been set up. To do this, add the
following line to your configuration:set server /var/run/ppp-tun%d DiagnosticPassword 0177This will tell PPP to listen to the specified unix-domain
socket, asking clients for the specified password before
allowing access. The %d in the name is
replaced with the tun device number
that is in use.Once a socket has been set up, the &man.pppctl.8; program
may be used in scripts that wish to manipulate the running
program.Final system configurationPPPconfigurationYou now have ppp configured, but there
are a few more things to do before it is ready to work. They
all involve editing the /etc/rc.conf
file.Working from the top down in this file, make sure the
hostname= line is set, e.g.:hostname="foo.bar.com"If your ISP has supplied you with a static IP address and
name, it's probably best that you use this name as your host
name.Look for the network_interfaces variable.
If you want to configure your system to dial your ISP on demand,
make sure the tun0 device is added to
the list, otherwise remove it.network_interfaces="lo0 tun0" ifconfig_tun0=The ifconfig_tun0 variable should be
empty, and a file called
/etc/start_if.tun0 should be created.
This file should contain the line:ppp -auto mysystemThis script is executed at network configuration time,
starting your ppp daemon in automatic mode. If you have a LAN
for which this machine is a gateway, you may also wish to use
the switch. Refer to the manual page
for further details.Set the router program to NO with
following line in your
/etc/rc.conf:router_enable="NO"
- routed
+
+ routed
+ It is important that the routed daemon is
not started (it is started by default), as it
routed tends to delete the default routing
table entries created by ppp.It is probably worth your while ensuring that the
sendmail_flags line does not include the
option, otherwise
sendmail will attempt to do a network lookup
every now and then, possibly causing your machine to dial out.
You may try:sendmail_flags="-bd"
- sendmail
+
+ sendmail
+ The downside of this is that you must force
sendmail to re-examine the mail queue
whenever the ppp link is up by typing:&prompt.root; /usr/sbin/sendmail -qYou may wish to use the !bg command in
ppp.linkup to do this automatically:1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30mSMTPIf you don't like this, it is possible to set up a
dfilter to block SMTP traffic. Refer to the
sample files for further details.Now the only thing left to do is reboot the machine.All that is left is to reboot the machine. After rebooting,
you can now either type:&prompt.root; pppand then dial provider to start the PPP
session, or, if you want ppp to establish
sessions automatically when there is outbound traffic (and
you have not created the start_if.tun0
script), type:&prompt.root; ppp -auto providerSummaryTo recap, the following steps are necessary when setting up
ppp for the first time:Client side:Ensure that the tun device is
built into your kernel.Ensure that the
tunX device
file is available in the /dev
directory.Create an entry in
/etc/ppp/ppp.conf. The
pmdemand example should suffice for
most ISPs.If you have a dynamic IP address, create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf
file.Create a start_if.tun0 script if
you require demand dialing.Server side:Ensure that the tun device is
built into your kernel.Ensure that the
tunX device
file is available in the /dev
directory.Create an entry in /etc/passwd
(using the &man.vipw.8; program).Create a profile in this users home directory that runs
ppp -direct direct-server or
similar.Create an entry in
/etc/ppp/ppp.conf. The
direct-server example should
suffice.Create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf
file.Using Kernel PPPParts originally contributed by &a.gena; and
&a.rhuff;.Setting up Kernel PPPPPPkernel PPPBefore you start setting up PPP on your machine make sure
that pppd is located in
/usr/sbin and the directory
/etc/ppp exists.pppd can work in two modes:As a client, i.e., you want to connect your
machine to the outside world via a PPP serial connection or
modem line.PPPserveras a server, i.e. your machine is located on
the network and used to connect other computers using
PPP.In both cases you will need to set up an options file
(/etc/ppp/options or
~/.ppprc if you have more than one user on
your machine that uses PPP).You also will need some modem/serial software (preferably
kermit) so you can dial and establish a connection with the
remote host.Using pppd as a clientPPPclientCiscoThe following /etc/ppp/options might be
used to connect to a CISCO terminal server PPP line.crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address.
# if the remote host doesn't send your IP during IPCP
# negotiation , remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:<remote_ip> # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be your
# default routerTo connect:kermitmodemDial to the remote host using kermit (or some other modem
program), and enter your user name and password (or whatever
is needed to enable PPP on the remote host).Exit kermit (without hanging up the line).Enter the following:&prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty0119200Be sure to use the appropriate speed and device name.Now your computer is connected with PPP. If the connection
fails, you can add the option to the
/etc/ppp/options file and check messages on
the console to track the problem.Following /etc/ppp/pppup script will make
all 3 stages automatically:#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200kermit/etc/ppp/kermit.dial is a kermit script
that dials and makes all necessary authorization on the remote
host (an example of such a script is attached to the end of this
document).Use the following /etc/ppp/pppdown script
to disconnect the PPP line:#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptestCheck to see if PPP is still running by executing
/usr/etc/ppp/ppptest, which should look like
this:#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0To hang up the modem, execute
/etc/ppp/kermit.hup, which should
contain:set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exitHere is an alternate method using chat
instead of kermit.The following two files are sufficient to accomplish a
pppd connection./etc/ppp/options:/dev/cuaa1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address.
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain <your.domain> # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be
# your default router/etc/ppp/login.chat.script:The following should go on a single line.ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
TIMEOUT 5 sword: <password>Once these are installed and modified correctly, all you need
to do is run pppd, like so:&prompt.root; pppdThis sample is based primarily on information provided by:
Trev Roydhouse <Trev.Roydhouse@f401.n711.z3.fidonet.org>
and used with permission.Using pppd as a server/etc/ppp/options should contain something
similar to the following:crtscts # Hardware flow control
netmask 255.255.255.0 # netmask ( not required )
192.114.208.20:192.114.208.165 # ip's of local and remote hosts
# local ip must be different from one
# you assigned to the ethernet ( or other )
# interface on your machine.
# remote IP is ip address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem lineThe following /etc/ppp/pppserv script
will enable tell pppd to behave as a
server:#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200Use this /etc/ppp/pppservdown script to
stop the server:#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noansThe following kermit script
(/etc/ppp/kermit.ans) will enable/disable
autoanswer mode on your modem. It should look like this:set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mod
inp 5 OK
echo \13
exitA script named /etc/ppp/kermit.dial is
used for dialing and authenticating on the remote host. You will
need to customize it for your needs. Put your login and password
in this script; you will also need to change the input statement
depending on responses from your modem and remote host.;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:Using PPP over Ethernet (PPPoE)PPPover EthernetPPPoE (see PPP, over Ethernet)Contributed by &a.jim; (from node.to) 10 Jan 2000.The following describes how to set up PPP over Ethernet, a.k.a,
PPPoE.PrerequisitesThere are a few requirements that your system will need to meet
in order for PPPoE to function properly. They are:Kernel source for FreeBSD 3.4 or laterppp from FreeBSD 3.4 or laterKernel ConfigurationkernelconfigurationYou will need to set the following options in your kernel
configuration file and then compile a new
kernel.Optionally, you can add
although if this functionality is not available at runtime,
ppp will load the relevant modules
on demand
Setting up ppp.confHere is an example of a working
ppp.conf:default: # or name_of_service_provider
set device PPPoE:xl1 # replace xl1 with your ethernet device
set mru 1492
set mtu 1492
set authname YOURLOGINNAME
set authkey YOURPASSWORD
set log Phase tun command # you can add more detailed logging if you wish
set dial
set login
set ifaddr 10.0.0.1/0 10.0.0.2/0
add default HISADDR
nat enable yes # if you want to enable nat for your local net
papchap:
set authname YOURLOGINNAME
set authkey YOURPASSWORD
Care should be taken when running PPPoE with the
option.
Running PPPAs root, you can run:&prompt.root; ppp -ddial name_of_service_providerStarting PPP at BootAdd the following to your /etc/rc.conf
file:ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="default" # or your providerPPPoE with a 3Com HomeConnect ADSL Modem Dual LinkContributed by &a.lioux;, 07 Apr
2001.In short, it does not work. It should, but unfortunately,
that is not the case. For whatever reason, this modem does not
follow RFC
2516 (A Method for transmitting PPP over
Ethernet (PPPoE), written by L. Mamakos, K. Lidl,
J. Evarts, D. Carrel, D. Simone, and R. Wheeler).Since it does not follow the specification, FreeBSD's PPPoE
implementation will not talk to it. It is very likely that it will
not work under other Unix systems for that same reason.
Complain to 3Com if you think it should
comply with the PPPoE specification.ADSLIf you absolutely want to use your ADSL connection with
FreeBSD and are stuck with this modem, you can either:DSLTry replacing the modem with a different brand or model
if your DSL provider permits you to do so. If you are not
sure which brand(s) will work, the &a.questions; is a good
place to ask.Try to get it working. Keep in mind that there is no
guarantee it will work, your mileage may vary.If you want to try to make it work, you can do the
following, but please keep in mind that you do this at
your own risk! Just because it worked for me does
not mean it will work for you.There are three steps to the process. They are:Make sure you already have ppp.conf
set up. See the beginning of this chapter for more details
on doing so.Since the modem does not speak the correct protocol, we
need to learn how to speak its variant of the protocol.
This information was obtained from a DSLreports
forum message.The modem speaks 0x3c12 for
DISCOVERY, and 0x3c13
for PAYLOAD identifiers instead of
0x8863 and 0x8864
respectively, as mandated by the PPPoE specification.CodeRFC's CodeDual Link Modem's CodePAYLOAD0x88630x3c12PAYLOAD0x88640x3c13So, now what? You need to recompile the
NETGRAPH_PPPOE code with the modem's
codes. For this, you should have installed the full kernel
sources.Find the
/usr/src/sys/netgraph/ng_pppoe.h file.
Be careful while editing this file. You have to modify both
the little and the big endian entries.For big endian, find the line with
0x8863 in it, and replace the number
with 0x3c12. Do the same with
0x8864, replacing it with
0x3c13.For little endian, find the line with
0x6388in it, and replace the number
with 0x123c. Do the same with
0x6488, replacing it with
0x133c.Here is a diff of how the new file
should look:&prompt.user; diff -u ng_pppoe.h.orig ng_pppoe.h
--- ng_pppoe.h.orig Thu Apr 12 13:42:46 2001
+++ ng_pppoe.h Thu Apr 12 13:44:47 2001
@@ -148,8 +148,8 @@
#define PTT_SYS_ERR (0x0202)
#define PTT_GEN_ERR (0x0203)
-#define ETHERTYPE_PPPOE_DISC 0x8863 /* pppoe discovery packets */
-#define ETHERTYPE_PPPOE_SESS 0x8864 /* pppoe session packets */
+#define ETHERTYPE_PPPOE_DISC 0x3c12 /* pppoe discovery packets */
+#define ETHERTYPE_PPPOE_SESS 0x3c13 /* pppoe session packets */
#else
#define PTT_EOL (0x0000)
#define PTT_SRV_NAME (0x0101)
@@ -162,8 +162,8 @@
#define PTT_SYS_ERR (0x0202)
#define PTT_GEN_ERR (0x0302)
-#define ETHERTYPE_PPPOE_DISC 0x6388 /* pppoe discovery packets */
-#define ETHERTYPE_PPPOE_SESS 0x6488 /* pppoe session packets */
+#define ETHERTYPE_PPPOE_DISC 0x123c /* pppoe discovery packets */
+#define ETHERTYPE_PPPOE_SESS 0x133c /* pppoe session packets */
#endif
struct pppoe_tag {Then do the following as
root:&prompt.root; cd /usr/src/sys/modules/netgraph/pppoe
&prompt.root; make clean depend all install
&prompt.root; make cleanNow you can speak the modem's variant of the PPPoE
specification.The third step is to figure out the name of the profile
your ISP assigned to the modem. The information for this
step was obtained from the Roaring Penguin
PPPoE program which can be found in the ports collection. If you still are
not able to find it, ask your ISP's tech support.If they do not know it either, and you are feeling bold
(this may de-program your modem and render it useless, so
think twice about doing it).Install the program shipped with the modem by your
provider. Then, access the System menu
from the program. The name of your profile should be
listed there. It is usually ISP.The profile name will be used in the PPPoE configuration
inside ppp.conf as the provider
parameter. See the &man.ppp.8; manual page for more
information.The PPPoE line in your ppp.conf
should look like this:set device PPPoE:xl1:ISPDo not forget to change xl1
to the proper device for your Ethernet card.Do not forget to change ISP
to the profile you have just found above.For additional information, you can try:Cheaper
Broadband with FreeBSD on DSL by Renaud
Waldura in Daemon
News.Another PPPoE tutorial by Sympatico
Users Group.Using SLIPSLIPOriginally contributed by &a.asami; and
&a.ghelmer;, with input from &a.wilko; and
&a.piero;.Setting up a SLIP ClientSLIPclientThe following is one way to set up a FreeBSD machine for SLIP
on a static host network. For dynamic hostname assignments (i.e.,
your address changes each time you dial up), you probably need to
do something much fancier.First, determine which serial port your modem is connected to.
I have a symbolic link to /dev/modem from
/dev/cuaa1, and only use the modem name in
my configuration files. It can become quite cumbersome when you
need to fix a bunch of files in /etc and
.kermrc's all over the system!/dev/cuaa0 is
COM1, cuaa1 is
COM2, etc.Make sure you have the following in your kernel configuration
file:pseudo-device sl 1It is included in the GENERIC kernel, so
this should not be a problem unless you have deleted it.Things you have to do only onceAdd your home machine, the gateway and nameservers to
your /etc/hosts file. Mine looks like
this:127.0.0.1 localhost loghost
136.152.64.181 silvia.HIP.Berkeley.EDU silvia.HIP silvia
136.152.64.1 inr-3.Berkeley.EDU inr-3 slip-gateway
128.32.136.9 ns1.Berkeley.edu ns1
128.32.136.12 ns2.Berkeley.edu ns2Make sure you have before
in your
/etc/host.conf. Otherwise, funny
things may happen.Edit the /etc/rc.conf file.Set your hostname by editing the line that
says:hostname=myname.my.domainYou should give it your full Internet
hostname.Add sl0 to the list of network interfaces by
changing the line that says:network_interfaces="lo0"to:network_interfaces=lo0 sl0Set the startup flags of sl0 by adding a
line:ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"default routerDesignate the default router by changing the
line:defaultrouter=NOto:defaultrouter=slip-gatewayMake a file /etc/resolv.conf which
contains:domain HIP.Berkeley.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12name serverdomain nameAs you can see, these set up the nameserver hosts. Of
course, the actual domain names and addresses depend on your
environment.Set the password for root and
toor (and any other
accounts that do not have a password). Use passwd or
&man.vipw.8;, do not edit the
/etc/passwd or
/etc/master.passwd files!Reboot your machine and make sure it comes up with the
correct hostname.Making a SLIP connectionSLIPconnecting withDial up, type slip at the prompt,
enter your machine name and password. The things you need
to enter depends on your environment. If you use kermit, you
can try a script like this:# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0aOf course, you have to change the hostname and password
to fit yours. After doing so, you can just type
slip from the kermit prompt to get
connected.Leaving your password in plain text anywhere in the
filesystem is generally a BAD idea. Do it at your own
risk.Leave the kermit there (you can suspend it by
z) and as root, type:&prompt.root; slattach -h -c -s 115200 /dev/modemIf you are able to ping hosts on the
other side of the router, you are connected! If it does not
work, you might want to try instead of
as an argument to
slattach.How to shutdown the connectionDo the following:&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`to kill slattach. Keep in mind you must be
root to do the above. Then go back to
kermit (fg if you suspended it) and exit from
it (q).The slattach man page says you have
to use ifconfig sl0 down
to mark the interface down, but this does not
seem to make any difference for me.
(ifconfig sl0 reports the same thing.)Some times, your modem might refuse to drop the carrier
(mine often does). In that case, simply start kermit and quit
it again. It usually goes out on the second try.TroubleshootingIf it does not work, feel free to ask me. The things that
people tripped over so far:Not using or in
slattach (I have no idea why this
can be fatal, but adding
this flag solved the problem for at least one
person).Using instead of
(might be hard to see the difference on
some fonts).Try ifconfig sl0 to see your
interface status. For example, you might get:&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00Also, netstat -r will give the
routing table, in case you get the no route to
host messages from ping. Mine looks like:&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Berkeley.EDU UG 8 224515 sl0 - -
localhost.Berkel localhost.Berkeley UH 5 42127 lo0 - 0.438
inr-3.Berkeley.E silvia.HIP.Berkele UH 1 0 sl0 - -
silvia.HIP.Berke localhost.Berkeley UGH 34 47641234 lo0 - 0.438
(root node)This is after transferring a bunch of files, your
numbers should be smaller).Setting up a SLIP ServerSLIPserverThis document provides suggestions for setting up SLIP Server
services on a FreeBSD system, which typically means configuring
your system to automatically startup connections upon login for
remote SLIP clients. The author has written this document based
on his experience; however, as your system and needs may be
different, this document may not answer all of your questions, and
the author cannot be responsible if you damage your system or lose
data due to attempting to follow the suggestions here.PrerequisitesTCP/IPThis document is very technical in nature, so background
knowledge is required. It is assumed that you are familiar with
the TCP/IP network protocol, and in particular, network and node
addressing, network address masks, subnetting, routing, and
routing protocols, such as RIP. Configuring SLIP services on a
dial-up server requires a knowledge of these concepts, and if
you are not familiar with them, please read a copy of either
Craig Hunt's TCP/IP Network Administration
published by O'Reilly & Associates, Inc. (ISBN Number
0-937175-82-X), or Douglas Comer's books on the TCP/IP
protocol.modemIt is further assumed that you have already setup your
modem(s) and configured the appropriate system files to allow
logins through your modems. If you have not prepared your
system for this yet, please see the tutorial for configuring
dialup services; if you have a World-Wide Web browser available,
browse the list of tutorials at http://www.FreeBSD.org/.
You may also want to check the manual pages for &man.sio.4; for
information on the serial port device driver and &man.ttys.5;,
&man.gettytab.5;, &man.getty.8;, & &man.init.8; for
information relevant to configuring the system to accept logins
on modems, and perhaps &man.stty.1; for information on setting
serial port parameters (such as clocal for
directly-connected serial interfaces).Quick OverviewIn its typical configuration, using FreeBSD as a SLIP server
works as follows: a SLIP user dials up your FreeBSD SLIP Server
system and logs in with a special SLIP login ID that uses
/usr/sbin/sliplogin as the special user's
shell. The sliplogin program browses the
file /etc/sliphome/slip.hosts to find a
matching line for the special user, and if it finds a match,
connects the serial line to an available SLIP interface and then
runs the shell script
/etc/sliphome/slip.login to configure the
SLIP interface.An Example of a SLIP Server LoginFor example, if a SLIP user ID were
Shelmerg, Shelmerg's
entry in /etc/master.passwd would look
something like this (except it would be all on one
line):Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliploginWhen Shelmerg logs in,
sliplogin will search
/etc/sliphome/slip.hosts for a line that
had a matching user ID; for example, there may be a line in
/etc/sliphome/slip.hosts that
reads:Shelmerg dc-slip sl-helmer 0xfffffc00 autocompsliplogin will find that matching line,
hook the serial line into the next available SLIP interface,
and then execute /etc/sliphome/slip.login
like this:/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocompIf all goes well,
/etc/sliphome/slip.login will issue an
ifconfig for the SLIP interface to which
sliplogin attached itself (slip interface
0,in the above example, which was the first parameter in the
list given to slip.login) to set the
local IP address (dc-slip), remote IP address
(sl-helmer), network mask for the SLIP
interface (0xfffffc00), and
any additional flags (autocomp). If
something goes wrong, sliplogin usually
logs good informational messages via the
daemon syslog facility, which usually goes
into /var/log/messages (see the manual
pages for &man.syslogd.8; and &man.syslog.conf.5; and perhaps
check /etc/syslog.conf to see to which
files syslogd is logging).OK, enough of the examples — let us dive into
setting up the system.Kernel ConfigurationkernelconfigurationFreeBSD's default kernels usually come with two SLIP
interfaces defined (sl0 and
sl1); you can use netstat
-i to see whether these interfaces are defined in your
kernel.Sample output from netstat -i:Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
lo0 65535 <Link> 79 0 79 0 0
lo0 65535 loop localhost 79 0 79 0 0
sl0* 296 <Link> 0 0 0 0 0
sl1* 296 <Link> 0 0 0 0 0The sl0 and
sl1 interfaces shown in
netstat -i's output indicate that there are
two SLIP interfaces built into the kernel. (The asterisks after
the sl0 and sl1 indicate
that the interfaces are down.)However, FreeBSD's default kernels do not come configured
to forward packets (ie, your FreeBSD machine will not act as a
router) due to Internet RFC requirements for Internet hosts (see
RFCs 1009 [Requirements for Internet Gateways], 1122
[Requirements for Internet Hosts — Communication Layers],
and perhaps 1127 [A Perspective on the Host Requirements RFCs]),
so if you want your FreeBSD SLIP Server to act as a router, you
will have to edit the /etc/rc.conf file and
change the setting of the gateway_enable variable to
.You will then need to reboot for the new settings to take
effect.You will notice that near the end of the default kernel
configuration file (/sys/i386/conf/GENERIC)
is a line that reads:pseudo-device sl 2SLIPThis is the line that defines the number of SLIP devices
available in the kernel; the number at the end of the line is
the maximum number of SLIP connections that may be operating
simultaneously.Please refer to Configuring the
FreeBSD Kernel for help in reconfiguring your
kernel.Sliplogin ConfigurationAs mentioned earlier, there are three files in the
/etc/sliphome directory that are part of
the configuration for /usr/sbin/sliplogin
(see &man.sliplogin.8; for the actual manual page for
sliplogin): slip.hosts,
which defines the SLIP users & their associated IP
addresses; slip.login, which usually just
configures the SLIP interface; and (optionally)
slip.logout, which undoes
slip.login's effects when the serial
connection is terminated.slip.hosts Configuration/etc/sliphome/slip.hosts contains
lines which have at least four items, separated by
whitespace:SLIP user's login IDLocal address (local to the SLIP server) of the SLIP
linkRemote address of the SLIP linkNetwork maskThe local and remote addresses may be host names (resolved
to IP addresses by /etc/hosts or by the
domain name service, depending on your specifications in
/etc/host.conf), and the
network mask may be a name that can be resolved by a lookup
into /etc/networks. On a sample system,
/etc/sliphome/slip.hosts looks like
this:#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocompAt the end of the line is one or more of the
options. — no header
compression — compress
headers — compress headers if
the remote end allows it — disable ICMP packets
(so any ping packets will be dropped instead
of using up your bandwidth)Note that sliplogin under early releases
of FreeBSD 2 ignored the options that FreeBSD 1.x recognized,
so the options ,
, , and
had no effect until support was added
in FreeBSD 2.2 (unless your slip.login
script included code to make use of the flags).SLIPTCP/IPYour choice of local and remote addresses for your SLIP
links depends on whether you are going to dedicate a TCP/IP
subnet or if you are going to use proxy ARP on
your SLIP server (it is not true proxy ARP, but
that is the terminology used in this document to describe it).
If you are not sure which method to select or how to assign IP
addresses, please refer to the TCP/IP books referenced in the
slips-prereqs section
and/or consult your IP network manager.
- gated
+
+ gated
+ If you are going to use a separate subnet for your SLIP
clients, you will need to allocate the subnet number out of
your assigned IP network number and assign each of your SLIP
client's IP numbers out of that subnet. Then, you will
probably either need to configure a static route to the SLIP
subnet via your SLIP server on your nearest IP router, or
install gated on your FreeBSD SLIP server
and configure it to talk the appropriate routing protocols to
your other routers to inform them about your SLIP server's
route to the SLIP subnet.EthernetOtherwise, if you will use the proxy ARP
method, you will need to assign your SLIP client's IP
addresses out of your SLIP server's Ethernet subnet, and you
will also need to adjust your
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout scripts to use
&man.arp.8; to manage the proxy-ARP entries in the SLIP
server's ARP table.slip.login ConfigurationThe typical /etc/sliphome/slip.login
file looks like this:#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6This slip.login file merely
ifconfig's the appropriate SLIP interface
with the local and remote addresses and network mask of the
SLIP interface.If you have decided to use the proxy ARP
method (instead of using a separate subnet for your SLIP
clients), your /etc/sliphome/slip.login
file will need to look something like this:#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pubThe additional line in this
slip.login, arp -s
$5 00:11:22:33:44:55 pub, creates an ARP entry
in the SLIP server's ARP table. This ARP entry causes the
SLIP server to respond with the SLIP server's Ethernet MAC
address whenever a another IP node on the Ethernet asks to
speak to the SLIP client's IP address.EthernetMAC addressWhen using the example above, be sure to replace the
Ethernet MAC address (00:11:22:33:44:55) with the MAC address of
your system's Ethernet card, or your proxy ARP
will definitely not work! You can discover your SLIP server's
Ethernet MAC address by looking at the results of running
netstat -i; the second line of the output
should look something like:ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116This indicates that this particular system's Ethernet MAC
address is 00:02:c1:28:5f:4a
— the periods in the Ethernet MAC address given by
netstat -i must be changed to colons and
leading zeros should be added to each single-digit hexadecimal
number to convert the address into the form that &man.arp.8;
desires; see the manual page on &man.arp.8; for complete
information on usage.When you create
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout, the
execute bit (ie, chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
must be set, or sliplogin will be unable
to execute it.slip.logout Configuration/etc/sliphome/slip.logout is not
strictly needed (unless you are implementing proxy
ARP), but if you decide to create it, this is an
example of a basic
slip.logout script:#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 downIf you are using proxy ARP, you will want to
have /etc/sliphome/slip.logout remove the
ARP entry for the SLIP client:#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5The arp -d $5 removes the ARP entry
that the proxy ARPslip.login added when the SLIP client
logged in.It bears repeating: make sure
/etc/sliphome/slip.logout has the execute
bit set for after you create it (ie, chmod 755
/etc/sliphome/slip.logout).Routing Considerations
- SLIProuting
+
+ SLIP
+ routing
+ If you are not using the proxy ARP method for
routing packets between your SLIP clients and the rest of your
network (and perhaps the Internet), you will probably either
have to add static routes to your closest default router(s) to
route your SLIP client subnet via your SLIP server, or you will
probably need to install and configure gated
on your FreeBSD SLIP server so that it will tell your routers
via appropriate routing protocols about your SLIP subnet.Static Routesstatic routesAdding static routes to your nearest default routers can
be troublesome (or impossible, if you do not have authority to
do so...). If you have a multiple-router network in your
organization, some routers, such as Cisco and Proteon, may
not only need to be configured with the static route to the
SLIP subnet, but also need to be told which static routes to
tell other routers about, so some expertise and
troubleshooting/tweaking may be necessary to get
static-route-based routing to work.Running gated
- gated
+
+ gated
+ An alternative to the headaches of static routes is to
install gated on your FreeBSD SLIP server
and configure it to use the appropriate routing protocols
(RIP/OSPF/BGP/EGP) to tell other routers about your SLIP
subnet. You can use gated from the ports collection or retrieve and build
it yourself from the
GateD anonymous FTP site; the current version
as of this writing is
gated-R3_5Alpha_8.tar.Z, which includes
support for FreeBSD out-of-the-box. Complete
information and documentation on gated is
available on the Web starting at the Merit GateD
Consortium. Compile and install it, and then write a
/etc/gated.conf file to configure your
gated; here is a sample, similar to what the author used on a
FreeBSD SLIP server:#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
rip yes {
interface sl noripout noripin ;
interface ed ripin ripout version 1 ;
traceoptions route ;
} ;
#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
traceoptions remnants request routes info interface ;
} ;
#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#
export proto rip interface ed {
proto direct {
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
} ;
} ;
#
# Accept routes from RIP via ed Ethernet interfaces
import proto rip interface ed {
all ;
} ;RIPThe above sample gated.conf file
broadcasts routing information regarding the SLIP subnet
xxx.xxx.yy via RIP onto the
Ethernet; if you are using a different Ethernet driver than
the ed driver, you will need to
change the references to the ed
interface appropriately. This sample file also sets up
tracing to /var/tmp/gated.output for
debugging gated's activity; you can
certainly turn off the tracing options if
gated works OK for you. You will need to
change the xxx.xxx.yy's into the
network address of your own SLIP subnet (be sure to change the
net mask in the proto direct clause as
well).When you get gated built and installed
and create a configuration file for it, you will need to run
gated in place of routed
on your FreeBSD system; change the
routed/gated startup parameters in
/etc/netstart as appropriate for your
system. Please see the manual page for
gated for information on
gated's command-line parameters.
diff --git a/en_US.ISO8859-1/books/handbook/printing/chapter.sgml b/en_US.ISO8859-1/books/handbook/printing/chapter.sgml
index 55288668b2..84cb0f31e6 100644
--- a/en_US.ISO8859-1/books/handbook/printing/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/printing/chapter.sgml
@@ -1,4681 +1,4683 @@
PrintingContributed by &a.kelly;, 30 September 1995.
Restructured and updated by &a.jim;, March 2000.SynopsisLPD spooling systemprintingIn order to use printers with FreeBSD, you will need to set them
up to work with the Berkeley line printer spooling system, also
known as the LPD spooling system. It is the standard printer
control system in FreeBSD. This chapter introduces the LPD spooling
system, often simply called LPD, and will guide you through its
configuration.If you are already familiar with LPD or another printer spooling
system, you may wish to skip to section Setting up the spooling
system.IntroductionLPD controls everything about a host's printers. It is
responsible for a number of things:It controls access to attached printers and printers
attached to other hosts on the network.print jobsIt enables users to submit files to be printed; these
submissions are known as jobs.It prevents multiple users from accessing a printer at the
same time by maintaining a queue for each
printer.It can print header pages (also known
as banner or burst
pages) so users can easily find jobs they have printed in a
stack of printouts.It takes care of communications parameters for printers
connected on serial ports.It can send jobs over the network to a LPD spooler on
another host.It can run special filters to format jobs to be printed for
various printer languages or printer capabilities.It can account for printer usage.Through a configuration file
(/etc/printcap), and by providing the special
filter programs, you can enable the LPD system to do all or some
subset of the above for a great variety of printer hardware.Why You Should Use the SpoolerIf you are the sole user of your system, you may be wondering
why you should bother with the spooler when you do not need access
control, header pages, or printer accounting. While it is
possible to enable direct access to a printer, you should use the
spooler anyway since:LPD prints jobs in the background; you do not have to wait
for data to be copied to the printer.TeXLPD can conveniently run a job to be printed through
filters to add date/time headers or convert a special file
format (such as a TeX DVI file) into a format the printer will
understand. You will not have to do these steps
manually.Many free and commercial programs that provide a print
feature usually expect to talk to the spooler on your system.
By setting up the spooling system, you will more easily
support other software you may later add or already
have.Basic SetupTo use printers with the LPD spooling system, you will need to
set up both your printer hardware and the LPD software. This
document describes two levels of setup:See section Simple Printer
Setup to learn how to connect a printer, tell LPD how to
communicate with it, and print plain text files to the
printer.See section Advanced
Printer Setup to find out how to print a variety of
special file formats, to print header pages, to print across a
network, to control access to printers, and to do printer
accounting.Simple Printer SetupThis section tells how to configure printer hardware and the
LPD software to use the printer. It teaches the basics:Section Hardware
Setup gives some hints on connecting the printer to a
port on your computer.Section Software
Setup shows how to setup the LPD spooler configuration
file (/etc/printcap).If you are setting up a printer that uses a network protocol
to accept data to print instead of a serial or parallel interface,
see Printers With
Networked Data Stream Interfaces.Although this section is called Simple Printer
Setup, it is actually fairly complex. Getting the printer
to work with your computer and the LPD spooler is the hardest
part. The advanced options like header pages and accounting are
fairly easy once you get the printer working.Hardware SetupThis section tells about the various ways you can connect a
printer to your PC. It talks about the kinds of ports and
cables, and also the kernel configuration you may need to enable
FreeBSD to speak to the printer.If you have already connected your printer and have
successfully printed with it under another operating system, you
can probably skip to section Software Setup.Ports and CablesNearly all printers you can get for a PC today support one
or both of the following interfaces:printerserialSerial interfaces use a serial
port on your computer to send data to the printer. Serial
interfaces are common in the computer industry and cables
are readily available and also easy to construct. Serial
interfaces sometimes need special cables and might require
you to configure somewhat complex communications
options.printerparallelParallel interfaces use a
parallel port on your computer to send data to the
printer. Parallel interfaces are common in the PC market.
Cables are readily available but more difficult to
construct by hand. There are usually no communications
options with parallel interfaces, making their
configuration exceedingly simple.centronics (see parallel printers)Parallel interfaces are sometimes known as
Centronics interfaces, named after the
connector type on the printer.In general, serial interfaces are slower than parallel
interfaces. Parallel interfaces usually offer just
one-way communication (computer to printer) while serial
gives you two-way. Many newer parallel ports and printers
can communicate in both directions under FreeBSD when a
IEEE1284 compliant cable is used.PostScriptUsually, the only time you need two-way communication with
the printer is if the printer speaks PostScript. PostScript
printers can be very verbose. In fact, PostScript jobs are
actually programs sent to the printer; they need not produce
paper at all and may return results directly to the computer.
PostScript also uses two-way communication to tell the
computer about problems, such as errors in the PostScript
program or paper jams. Your users may be appreciative of such
information. Furthermore, the best way to do effective
accounting with a PostScript printer requires two-way
communication: you ask the printer for its page count (how
many pages it has printed in its lifetime), then send the
user's job, then ask again for its page count. Subtract the
two values and you know how much paper to charge the
user.Parallel PortsTo hook up a printer using a parallel interface, connect
the Centronics cable between the printer and the computer.
The instructions that came with the printer, the computer, or
both should give you complete guidance.Remember which parallel port you used on the computer.
The first parallel port is /dev/lpt0 to
FreeBSD; the second is /dev/lpt1, and so
on.Serial PortsTo hook up a printer using a serial interface, connect the
proper serial cable between the printer and the computer. The
instructions that came with the printer, the computer, or both
should give you complete guidance.If you are unsure what the proper serial
cable is, you may wish to try one of the following
alternatives:A modem cable connects each pin
of the connector on one end of the cable straight through
to its corresponding pin of the connector on the other
end. This type of cable is also known as a
DTE-to-DCE cable.null-modem cableA null-modem cable connects some
pins straight through, swaps others (send data to receive
data, for example), and shorts some internally in each
connector hood. This type of cable is also known as a
DTE-to-DTE cable.A serial printer cable, required
for some unusual printers, is like the null-modem cable,
but sends some signals to their counterparts instead of
being internally shorted.baud rateparityflow control protocolYou should also set up the communications parameters for
the printer, usually through front-panel controls or DIP
switches on the printer. Choose the highest
bps (bits per second, sometimes
baud rate) rate that both your computer
and the printer can support. Choose 7 or 8 data bits; none,
even, or odd parity; and 1 or 2 stop bits. Also choose a flow
control protocol: either none, or XON/XOFF (also known as
in-band or software) flow control.
Remember these settings for the software configuration that
follows.Software SetupThis section describes the software setup necessary to print
with the LPD spooling system in FreeBSD.Here is an outline of the steps involved:Configure your kernel, if necessary, for the port you
are using for the printer; section Kernel Configuration tells
you what you need to do.Set the communications mode for the parallel port, if
you are using a parallel port; section Setting the
Communication Mode for the Parallel Port gives
details.Test if the operating system can send data to the printer.
Section Checking Printer
Communications gives some suggestions on how to do
this.Set up LPD for the printer by modifying the file
/etc/printcap. You will find out how
to do this later in this chapter.Kernel ConfigurationThe operating system kernel is compiled to work with a
specific set of devices. The serial or parallel interface for
your printer is a part of that set. Therefore, it might be
necessary to add support for an additional serial or parallel
port if your kernel is not already configured for one.To find out if the kernel you are currently using supports
a serial interface, type:&prompt.root; dmesg | grep sioNWhere N is the number of the
serial port, starting from zero. If you see output similar to
the following:sio2 at 0x3e8-0x3ef irq 5 on isa
sio2: type 16550Athen the kernel supports the port.To find out if the kernel supports a parallel interface,
type:&prompt.root; dmesg | grep lptNWhere N is the number of the
parallel port, starting from zero. If you see output similar
to the following lpt0 at 0x378-0x37f on isa
then the kernel supports the port.You might have to reconfigure your kernel in order for the
operating system to recognize and use the parallel or serial
port you are using for the printer.To add support for a serial port, see the section on
kernel configuration. To add support for a parallel port, see
that section and the section that
follows.Adding /dev Entries for the
PortsEven though the kernel may support communication along a
serial or parallel port, you will still need a software
interface through which programs running on the system can
send and receive data. That is what entries in the
/dev directory are for.To add a /dev entry for a
port:Become root with the &man.su.1; command. Enter the
root password when prompted.Change to the /dev
directory:&prompt.root; cd /devType:&prompt.root; ./MAKEDEV portWhere port is the device
entry for the port you want to make. Use
lpt0 for the first parallel port,
lpt1 for the second, and so on; use
ttyd0 for the first serial port,
ttyd1 for the second, and so on.Type:&prompt.root; ls -l portto make sure the device entry got created.Setting the Communication Mode for the Parallel
PortWhen you are using the parallel interface, you can choose
whether FreeBSD should use interrupt-driven or polled
communication with the printer.The interrupt-driven method is
the default with the GENERIC kernel. With this method,
the operating system uses an IRQ line to determine when
the printer is ready for data.The polled method directs the
operating system to repeatedly ask the printer if it is
ready for more data. When it responds ready, the kernel
sends more data.The interrupt-driven method is somewhat faster but uses up
a precious IRQ line. You should use whichever one
works.You can set the communications mode in two ways: by
configuring the kernel or by using the &man.lptcontrol.8;
program.To set the communications mode by configuring
the kernel:Edit your kernel configuration file. Look for or add
an lpt0 entry. If you are setting up
the second parallel port, use lpt1
instead. Use lpt2 for the third port,
and so on.If you want interrupt-driven mode, add the
irq specifier:device lpt0 at isa? port? tty irq N vector lptintrWhere N is the IRQ
number for your computer's parallel port.If you want polled mode, do not add the
irq specifier:device lpt0 at isa? port? tty vector lptintrSave the file. Then configure, build, and install the
kernel, then reboot. See kernel configuration for
more details.To set the communications mode with
&man.lptcontrol.8;:Type:&prompt.root; lptcontrol -i -u Nto set interrupt-driven mode for
lptN.Type:&prompt.root; lptcontrol -p -u Nto set polled-mode for
lptN.You could put these commands in your
/etc/rc.local file to set the mode each
time your system boots. See &man.lptcontrol.8; for more
information.Checking Printer CommunicationsBefore proceeding to configure the spooling system, you
should make sure the operating system can successfully send
data to your printer. It is a lot easier to debug printer
communication and the spooling system separately.To test the printer, we will send some text to it. For
printers that can immediately print characters sent to them,
the program &man.lptest.1; is perfect: it generates all 96
printable ASCII characters in 96 lines.PostScriptFor a PostScript (or other language-based) printer, we
will need a more sophisticated test. A small PostScript
program, such as the following, will suffice:%!PS
100 100 moveto 300 300 lineto stroke
310 310 moveto /Helvetica findfont 12 scalefont setfont
(Is this thing working?) show
showpageThe above PostScript code can be placed into a file and
used as shown in the examples appearing in the following
sections.PCLWhen this document refers to a printer language, it is
assuming a language like PostScript, and not Hewlett
Packard's PCL. Although PCL has great functionality, you
can intermingle plain text with its escape sequences.
PostScript cannot directly print plain text, and that is the
kind of printer language for which we must make special
accommodations.Checking a Parallel PrinterprinterparallelThis section tells you how to check if FreeBSD can
communicate with a printer connected to a parallel
port.To test a printer on a parallel
port:Become root with &man.su.1;.Send data to the printer.If the printer can print plain text, then use
&man.lptest.1;. Type:&prompt.root; lptest > /dev/lptNWhere N is the number
of the parallel port, starting from zero.If the printer understands PostScript or other
printer language, then send a small program to the
printer. Type:&prompt.root; cat > /dev/lptNThen, line by line, type the program
carefully as you cannot edit a
line once you have pressed RETURN
or ENTER. When you have finished
entering the program, press
CONTROL+D, or whatever your end
of file key is.Alternatively, you can put the program in a file
and type:&prompt.root; cat file > /dev/lptNWhere file is the
name of the file containing the program you want to
send to the printer.You should see something print. Do not worry if the
text does not look right; we will fix such things
later.Checking a Serial PrinterprinterserialThis section tells you how to check if FreeBSD can
communicate with a printer on a serial port.To test a printer on a serial
port:Become root with &man.su.1;.Edit the file /etc/remote. Add
the following entry:printer:dv=/dev/port:br#bps-rate:pa=paritybits-per-secondserial portparityWhere port is the device
entry for the serial port (ttyd0,
ttyd1, etc.),
bps-rate is the
bits-per-second rate at which the printer communicates,
and parity is the parity
required by the printer (either even,
odd, none, or
zero).Here is a sample entry for a printer connected via
a serial line to the third serial port at 19200 bps with
no parity:printer:dv=/dev/ttyd2:br#19200:pa=noneConnect to the printer with &man.tip.1;.
Type:&prompt.root; tip printerIf this step does not work, edit the file
/etc/remote again and try using
/dev/cuaaN
instead of
/dev/ttydN.Send data to the printer.If the printer can print plain text, then use
&man.lptest.1;. Type:~$lptestIf the printer understands PostScript or other
printer language, then send a small program to the
printer. Type the program, line by line,
very carefully as backspacing
or other editing keys may be significant to the
printer. You may also need to type a special
end-of-file key for the printer so it knows it
received the whole program. For PostScript
printers, press CONTROL+D.Alternatively, you can put the program in a file
and type:~>fileWhere file is the
name of the file containing the program. After
&man.tip.1; sends the file, press any required
end-of-file key.You should see something print. Do not worry if the
text does not look right; we will fix that later.Enabling the Spooler: The /etc/printcap
FileAt this point, your printer should be hooked up, your kernel
configured to communicate with it (if necessary), and you have
been able to send some simple data to the printer. Now, we are
ready to configure LPD to control access to your printer.You configure LPD by editing the file
/etc/printcap. The LPD spooling system
reads this file each time the spooler is used, so updates to the
file take immediate effect.printercapabilitiesThe format of the &man.printcap.5; file is straightforward.
Use your favorite text editor to make changes to
/etc/printcap. The format is identical to
other capability files like
/usr/share/misc/termcap and
/etc/remote. For complete information
about the format, see the &man.cgetent.3;.The simple spooler configuration consists of the following
steps:Pick a name (and a few convenient aliases) for the
printer, and put them in the
/etc/printcap file; see the
Naming the Printer
section for more information on naming.header pagesTurn off header pages (which are on by default) by
inserting the sh capability; see the
Suppressing Header
Pages section for more information.Make a spooling directory, and specify its location with
the sd capability; see the Making the Spooling
Directory section for more information.Set the /dev entry to use for the
printer, and note it in /etc/printcap
with the lp capability; see the Identifying the Printer
Device for more information. Also, if the printer is
on a serial port, set up the communication parameters with
the fs, fc,
xs, and xc
capabilities; which is discussed in the Configuring Spooler
Communications Parameters section.Install a plain text input filter; see the Installing the Text
Filter section for details.Test the setup by printing something with the
&man.lpr.1; command. More details are available in the
Trying It Out and
Troubleshooting
sections.Language-based printers, such as PostScript printers,
cannot directly print plain text. The simple setup outlined
above and described in the following sections assumes that if
you are installing such a printer you will print only files
that the printer can understand.Users often expect that they can print plain text to any of
the printers installed on your system. Programs that interface
to LPD to do their printing usually make the same assumption.
If you are installing such a printer and want to be able to
print jobs in the printer language and
print plain text jobs, you are strongly urged to add an
additional step to the simple setup outlined above: install an
automatic plain-text-to-PostScript (or other printer language)
conversion program. The section entitled Accommodating Plain
Text Jobs on PostScript Printers tells how to do
this.Naming the PrinterThe first (easy) step is to pick a name for your printer
It really does not matter whether you choose functional or
whimsical names since you can also provide a number of aliases
for the printer.At least one of the printers specified in the
/etc/printcap should have the alias
lp. This is the default printer's name.
If users do not have the PRINTER environment
variable nor specify a printer name on the command line of any
of the LPD commands, then lp will be the
default printer they get to use.Also, it is common practice to make the last alias for a
printer be a full description of the printer, including make
and model.Once you have picked a name and some common aliases, put
them in the /etc/printcap file. The name
of the printer should start in the leftmost column. Separate
each alias with a vertical bar and put a colon after the last
alias.In the following example, we start with a skeletal
/etc/printcap that defines two printers
(a Diablo 630 line printer and a Panasonic KX-P4455 PostScript
laser printer):#
# /etc/printcap for host rose
#
rattan|line|diablo|lp|Diablo 630 Line Printer:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:In this example, the first printer is named
rattan and has as aliases
line, diablo,
lp, and Diablo 630 Line
Printer. Since it has the alias
lp, it is also the default printer. The
second is named bamboo, and has as aliases
ps, PS,
S, panasonic, and
Panasonic KX-P4455 PostScript v51.4.Suppressing Header Pagesprintingheader pagesThe LPD spooling system will by default print a
header page for each job. The header
page contains the user name who requested the job, the host
from which the job came, and the name of the job, in nice
large letters. Unfortunately, all this extra text gets in the
way of debugging the simple printer setup, so we will suppress
header pages.To suppress header pages, add the sh
capability to the entry for the printer in
/etc/printcap. Here is an example
/etc/printcap with sh
added:#
# /etc/printcap for host rose - no header pages anywhere
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:Note how we used the correct format: the first line starts
in the leftmost column, and subsequent lines are indented with
a single TAB. Every line in an entry except the last ends in
a backslash character.Making the Spooling Directoryprinter spoolprint jobsThe next step in the simple spooler setup is to make a
spooling directory, a directory where
print jobs reside until they are printed, and where a number
of other spooler support files live.Because of the variable nature of spooling directories, it
is customary to put these directories under
/var/spool. It is not necessary to
backup the contents of spooling directories, either.
Recreating them is as simple as running &man.mkdir.1;.It is also customary to make the directory with a name
that is identical to the name of the printer, as shown
below:&prompt.root; mkdir /var/spool/printer-nameHowever, if you have a lot of printers on your network,
you might want to put the spooling directories under a single
directory that you reserve just for printing with LPD. We
will do this for our two example printers
rattan and
bamboo:&prompt.root; mkdir /var/spool/lpd
&prompt.root; mkdir /var/spool/lpd/rattan
&prompt.root; mkdir /var/spool/lpd/bambooIf you are concerned about the privacy of jobs that
users print, you might want to protect the spooling
directory so it is not publicly accessible. Spooling
directories should be owned and be readable, writable, and
searchable by user daemon and group daemon, and no one else.
We will do this for our example printers:&prompt.root; chown daemon:daemon /var/spool/lpd/rattan
&prompt.root; chown daemon:daemon /var/spool/lpd/bamboo
&prompt.root; chmod 770 /var/spool/lpd/rattan
&prompt.root; chmod 770 /var/spool/lpd/bambooFinally, you need to tell LPD about these directories
using the /etc/printcap file. You
specify the pathname of the spooling directory with the
sd capability:#
# /etc/printcap for host rose - added spooling directories
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:Note that the name of the printer starts in the first
column but all other entries describing the printer should be
indented with a tab and each line escaped with a
backslash.If you do not specify a spooling directory with
sd, the spooling system will use
/var/spool/lpd as a default.Identifying the Printer DeviceIn the Adding
/dev Entries for the Ports
section, we identified which entry in the
/dev directory FreeBSD will use to
communicate with the printer. Now, we tell LPD that
information. When the spooling system has a job to print, it
will open the specified device on behalf of the filter program
(which is responsible for passing data to the printer).List the /dev entry pathname in the
/etc/printcap file using the
lp capability.In our running example, let us assume that
rattan is on the first parallel port, and
bamboo is on a sixth serial port; here are
the additions to /etc/printcap:#
# /etc/printcap for host rose - identified what devices to use
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:If you do not specify the lp capability
for a printer in your /etc/printcap file,
LPD uses /dev/lp as a default.
/dev/lp currently does not exist in
FreeBSD.If the printer you are installing is connected to a
parallel port, skip to the section entitled, Installing the Text
Filter. Otherwise, be sure to follow the instructions
in the next section.Configuring Spooler Communication ParametersprinterserialFor printers on serial ports, LPD can set up the bps rate,
parity, and other serial communication parameters on behalf of
the filter program that sends data to the printer. This is
advantageous since:It lets you try different communication parameters by
simply editing the /etc/printcap
file; you do not have to recompile the filter
program.It enables the spooling system to use the same filter
program for multiple printers which may have different
serial communication settings.The following /etc/printcap
capabilities control serial communication parameters of the
device listed in the lp capability:br#bps-rateSets the communications speed of the device to
bps-rate, where
bps-rate can be 50, 75, 110,
134, 150, 200, 300, 600, 1200, 1800, 2400, 4800, 9600,
19200, or 38400 bits-per-second.fc#clear-bitsClears the flag bits
clear-bits in the
sgttyb structure after
opening the device.fs#set-bitsSets the flag bits
set-bits in the
sgttyb structure.xc#clear-bitsClears local mode bits
clear-bits after opening the
device.xs#set-bitsSets local mode bits
set-bits.For more information on the bits for the
fc, fs,
xc, and xs capabilities,
see the file
/usr/include/sys/ioctl_compat.h.When LPD opens the device specified by the
lp capability, it reads the flag bits in
the sgttyb structure; it clears any bits in
the fc capability, then sets bits in the
fs capability, then applies the resultant
setting. It does the same for the local mode bits as
well.Let us add to our example printer on the sixth serial
port. We will set the bps rate to 38400. For the flag bits,
we will set the TANDEM,
ANYP, LITOUT,
FLUSHO, and PASS8 flags.
For the local mode bits, we will set the
LITOUT and PASS8
flags:bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:fs#0x82000c1:xs#0x820:Installing the Text Filterprint filtersWe are now ready to tell LPD what text filter to use to
send jobs to the printer. A text filter,
also known as an input filter, is a
program that LPD runs when it has a job to print. When LPD
runs the text filter for a printer, it sets the filter's
standard input to the job to print, and its standard output to
the printer device specified with the lp
capability. The filter is expected to read the job from
standard input, perform any necessary translation for the
printer, and write the results to standard output, which will
get printed. For more information on the text filter, see
the Filters
section.For our simple printer setup, the text filter can be a
small shell script that just executes
/bin/cat to send the job to the printer.
FreeBSD comes with another filter called
lpf that handles backspacing and
underlining for printers that might not deal with such
character streams well. And, of course, you can use any other
filter program you want. The filter lpf is
described in detail in section entitled lpf: a Text
Filter.First, let us make the shell script
/usr/local/libexec/if-simple be a simple
text filter. Put the following text into that file with your
favorite text editor:#!/bin/sh
#
# if-simple - Simple text input filter for lpd
# Installed in /usr/local/libexec/if-simple
#
# Simply copies stdin to stdout. Ignores all filter arguments.
/bin/cat && exit 0
exit 2Make the file executable:&prompt.root; chmod 555 /usr/local/libexec/if-simpleAnd then tell LPD to use it by specifying it with the
if capability in
/etc/printcap. We will add it to the two
printers we have so far in the example
/etc/printcap:#
# /etc/printcap for host rose - added text filter
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:fs#0x82000e1:xs#0x820:\
:if=/usr/local/libexec/if-simple:Turn on LPD&man.lpd.8; is run from /etc/rc,
controlled by the lpd_enable variable. This
variable defaults to NO. If you have not done
so already, add the line:lpd_enable="YES"to /etc/rc.conf, and then either restart
your machine, or just run &man.lpd.8;.&prompt.root; lpdTrying It OutYou have reached the end of the simple LPD setup.
Unfortunately, congratulations are not quite yet in order,
since we still have to test the setup and correct any
problems. To test the setup, try printing something. To
print with the LPD system, you use the command &man.lpr.1;,
which submits a job for printing.You can combine &man.lpr.1; with the &man.lptest.1;
program, introduced in section Checking Printer
Communications to generate some test text.To test the simple LPD setup:Type:&prompt.root; lptest 20 5 | lpr -Pprinter-nameWhere printer-name is a the
name of a printer (or an alias) specified in
/etc/printcap. To test the default
printer, type &man.lpr.1; without any
argument. Again, if you are testing a printer that expects
PostScript, send a PostScript program in that language instead
of using &man.lptest.1;. You can do so by putting the program
in a file and typing lpr
file.For a PostScript printer, you should get the results of
the program. If you are using &man.lptest.1;, then your
results should look like the following:!"#$%&'()*+,-./01234
"#$%&'()*+,-./012345
#$%&'()*+,-./0123456
$%&'()*+,-./01234567
%&'()*+,-./012345678To further test the printer, try downloading larger
programs (for language-based printers) or running
&man.lptest.1; with different arguments. For example,
lptest 80 60 will produce 60 lines of 80
characters each.If the printer did not work, see the Troubleshooting
section.Advanced Printer SetupThis section describes filters for printing specially formatted
files, header pages, printing across networks, and restricting and
accounting for printer usage.Filtersprint filtersAlthough LPD handles network protocols, queuing, access control,
and other aspects of printing, most of the real
work happens in the filters. Filters are
programs that communicate with the printer and handle its device
dependencies and special requirements. In the simple printer setup,
we installed a plain text filter—an extremely simple one that
should work with most printers (section Installing the Text
Filter).However, in order to take advantage of format conversion, printer
accounting, specific printer quirks, and so on, you should understand
how filters work. It will ultimately be the filter's responsibility
to handle these aspects. And the bad news is that most of the time
you have to provide filters yourself. The good
news is that many are generally available; when they are not, they are
usually easy to write.Also, FreeBSD comes with one,
/usr/libexec/lpr/lpf, that works with many
printers that can print plain text. (It handles backspacing and tabs
in the file, and does accounting, but that is about all it does.)
There are also several filters and filter components in the FreeBSD
ports collection.Here is what you will find in this section:Section How Filters
Work, tries to give an overview of a filter's role in the
printing process. You should read this section to get an
understanding of what is happening under the hood
when LPD uses filters. This knowledge could help you anticipate
and debug problems you might encounter as you install more and
more filters on each of your printers.LPD expects every printer to be able to print plain text by
default. This presents a problem for PostScript (or other
language-based printers) which cannot directly print plain text.
Section Accommodating
Plain Text Jobs on PostScript Printers tells you what you
should do to overcome this problem. You should read this
section if you have a PostScript printer.PostScript is a popular output format for many programs. Even
some people (myself included) write PostScript code directly. But
PostScript printers are expensive. Section Simulating PostScript on
Non-PostScript Printers tells how you can further modify
a printer's text filter to accept and print PostScript data on a
non-PostScript printer. You should read
this section if you do not have a PostScript printer.Section Conversion
Filters tells about a way you can automate the conversion
of specific file formats, such as graphic or typesetting data,
into formats your printer can understand. After reading this
section, you should be able to set up your printers such that
users can type lpr -t to print troff data, or
lpr -d to print TeX DVI data, or lpr
-v to print raster image data, and so forth. I
recommend reading this section.Section Output
Filters tells all about a not often used feature of LPD:
output filters. Unless you are printing header pages (see Header Pages),
you can probably skip that section altogether.Section lpf: a Text
Filter describes lpf, a fairly
complete if simple text filter for line printers (and laser
printers that act like line printers) that comes with FreeBSD. If
you need a quick way to get printer accounting working for plain
text, or if you have a printer which emits smoke when it sees
backspace characters, you should definitely consider
lpf.How Filters WorkAs mentioned before, a filter is an executable program started
by LPD to handle the device-dependent part of communicating with the
printer.When LPD wants to print a file in a job, it starts a filter
program. It sets the filter's standard input to the file to print,
its standard output to the printer, and its standard error to the
error logging file (specified in the lf
capability in /etc/printcap, or
/dev/console by default).
- troff
+
+ troff
+ Which filter LPD starts and the filter's arguments depend on
what is listed in the /etc/printcap file and
what arguments the user specified for the job on the
&man.lpr.1; command line. For example, if the user typed
lpr -t, LPD would start the troff filter, listed
in the tf capability for the destination printer.
If the user wanted to print plain text, it would start the
if filter (this is mostly true: see Output Filters for
details).There are three kinds of filters you can specify in
/etc/printcap:The text filter, confusingly called the
input filter in LPD documentation, handles
regular text printing. Think of it as the default filter. LPD
expects every printer to be able to print plain text by default,
and it is the text filter's job to make sure backspaces, tabs,
or other special characters do not confuse the printer. If you
are in an environment where you have to account for printer
usage, the text filter must also account for pages printed,
usually by counting the number of lines printed and comparing
that to the number of lines per page the printer supports. The
text filter is started with the following argument list:
filter-name-c-wwidth-llength-iindent-n login-h hostacct-file
where
appears if the job's submitted with lpr
-lwidthis the value from the pw (page
width) capability specified in
/etc/printcap, default 132lengthis the value from the pl (page
length) capability, default 66indentis the amount of the indentation from lpr
-i, default 0loginis the account name of the user printing the
filehostis the host name from which the job was
submittedacct-fileis the name of the accounting file from the
af capability.printerfiltersA conversion filter converts a specific
file format into one the printer can render onto paper. For
example, ditroff typesetting data cannot be directly printed,
but you can install a conversion filter for ditroff files to
convert the ditroff data into a form the printer can digest and
print. Section Conversion
Filters tells all about them. Conversion filters also
need to do accounting, if you need printer accounting.
Conversion filters are started with the following arguments:
filter-name-xpixel-width-ypixel-height-n login-h hostacct-file
where pixel-width is the value
from the px capability (default 0) and
pixel-height is the value from the
py capability (default 0).The output filter is used only if there
is no text filter, or if header pages are enabled. In my
experience, output filters are rarely used. Section Output Filters describe
them. There are only two arguments to an output filter:
filter-name-wwidth-llength
which are identical to the text filters and
arguments.Filters should also exit with the
following exit status:exit 0If the filter printed the file successfully.exit 1If the filter failed to print the file but wants LPD to
try to print the file again. LPD will restart a filter if it
exits with this status.exit 2If the filter failed to print the file and does not want
LPD to try again. LPD will throw out the file.The text filter that comes with the FreeBSD release,
/usr/libexec/lpr/lpf, takes advantage of the
page width and length arguments to determine when to send a form
feed and how to account for printer usage. It uses the login, host,
and accounting file arguments to make the accounting entries.If you are shopping for filters, see if they are LPD-compatible.
If they are, they must support the argument lists described above.
If you plan on writing filters for general use, then have them
support the same argument lists and exit codes.Accommodating Plain Text Jobs on PostScript Printersprint jobsIf you are the only user of your computer and PostScript (or
other language-based) printer, and you promise to never send plain
text to your printer and to never use features of various programs
that will want to send plain text to your printer, then you do not
need to worry about this section at all.But, if you would like to send both PostScript and plain text
jobs to the printer, then you are urged to augment your printer
setup. To do so, we have the text filter detect if the arriving job
is plain text or PostScript. All PostScript jobs must start with
%! (for other printer languages, see your printer
documentation). If those are the first two characters in the job,
we have PostScript, and can pass the rest of the job directly. If
those are not the first two characters in the file, then the filter
will convert the text into PostScript and print the result.How do we do this?printerserialIf you have got a serial printer, a great way to do it is to
install lprps. lprps is a
PostScript printer filter which performs two-way communication with
the printer. It updates the printer's status file with verbose
information from the printer, so users and administrators can see
exactly what the state of the printer is (such as toner
low or paper jam). But more
importantly, it includes a program called psif
which detects whether the incoming job is plain text and calls
textps (another program that comes with
lprps) to convert it to PostScript. It then uses
lprps to send the job to the printer.lprps is part of the FreeBSD ports collection
(see The Ports Collection). You can
fetch, build and install it yourself, of course. After installing
lprps, just specify the pathname to the
psif program that is part of
lprps. If you installed lprps
from the ports collection, use the following in the serial
PostScript printer's entry in
/etc/printcap::if=/usr/local/libexec/psif:You should also specify the rw capability;
that tells LPD to open the printer in read-write mode.If you have a parallel PostScript printer (and therefore cannot
use two-way communication with the printer, which
lprps needs), you can use the following shell
script as the text filter:#!/bin/sh
#
# psif - Print PostScript or plain text on a PostScript printer
# Script version; NOT the version that comes with lprps
# Installed in /usr/local/libexec/psif
#
read first_line
first_two_chars=`expr "$first_line" : '\(..\)'`
if [ "$first_two_chars" = "%!" ]; then
#
# PostScript job, print it.
#
echo "$first_line" && cat && printf "\004" && exit 0
exit 2
else
#
# Plain text, convert it, then print it.
#
( echo "$first_line"; cat ) | /usr/local/bin/textps && printf "\004" && exit 0
exit 2
fiIn the above script, textps is a program we
installed separately to convert plain text to PostScript. You can
use any text-to-PostScript program you wish. The FreeBSD ports
collection (see The Ports Collection)
includes a full featured text-to-PostScript program called
a2ps that you might want to investigate.Simulating PostScript on Non-PostScript PrintersPostScriptemulatingGhostscriptPostScript is the de facto standard for
high quality typesetting and printing. PostScript is, however, an
expensive standard. Thankfully, Alladin
Enterprises has a free PostScript work-alike called
Ghostscript that runs with FreeBSD.
Ghostscript can read most PostScript files and can render their
pages onto a variety of devices, including many brands of
non-PostScript printers. By installing Ghostscript and using a
special text filter for your printer, you can make your
non-PostScript printer act like a real PostScript printer.Ghostscript is in the FreeBSD ports collection, if you
would like to install it from there. You can fetch, build, and
install it quite easily yourself, as well.To simulate PostScript, we have the text filter detect if it is
printing a PostScript file. If it is not, then the filter will pass
the file directly to the printer; otherwise, it will use Ghostscript
to first convert the file into a format the printer will
understand.Here is an example: the following script is a text filter
for Hewlett Packard DeskJet 500 printers. For other printers,
substitute the argument to the
gs (Ghostscript) command. (Type gs
-h to get a list of devices the current installation of
Ghostscript supports.)#!/bin/sh
#
# ifhp - Print Ghostscript-simulated PostScript on a DeskJet 500
# Installed in /usr/local/libexec/hpif
#
# Treat LF as CR+LF:
#
printf "\033&k2G" || exit 2
#
# Read first two characters of the file
#
read first_line
first_two_chars=`expr "$first_line" : '\(..\)'`
if [ "$first_two_chars" = "%!" ]; then
#
# It is PostScript; use Ghostscript to scan-convert and print it.
#
# Note that PostScript files are actually interpreted programs,
# and those programs are allowed to write to stdout, which will
# mess up the printed output. So, we redirect stdout to stderr
# and then make descriptor 3 go to stdout, and have Ghostscript
# write its output there. Exercise for the clever reader:
# capture the stderr output from Ghostscript and mail it back to
# the user originating the print job.
#
exec 3>&1 1>&2
/usr/local/bin/gs -dSAFER -dNOPAUSE -q -sDEVICE=djet500 \
-sOutputFile=/dev/fd/3 - && exit 0
#
/usr/local/bin/gs -dSAFER -dNOPAUSE -q -sDEVICE=djet500 -sOutputFile=- - \
&& exit 0
else
#
# Plain text or HP/PCL, so just print it directly; print a form
# at the end to eject the last page.
#
echo $first_line && cat && printf "\033&l0H" &&
exit 0
fi
exit 2Finally, you need to notify LPD of the filter via the
if capability::if=/usr/local/libexec/hpif:That is it. You can type lpr plain.text and
lpr whatever.ps and both should print
successfully.Conversion FiltersAfter completing the simple setup described in Simple Printer Setup, the first
thing you will probably want to do is install conversion filters for
your favorite file formats (besides plain ASCII text).Why Install Conversion Filters?TeXprinting dvi filesConversion filters make printing various kinds of files easy.
As an example, suppose we do a lot of work with the TeX
typesetting system, and we have a PostScript printer. Every time
we generate a DVI file from TeX, we cannot print it directly until
we convert the DVI file into PostScript. The command sequence
goes like this:&prompt.user; dvips seaweed-analysis.dvi
&prompt.user; lpr seaweed-analysis.psBy installing a conversion filter for DVI files, we can skip
the hand conversion step each time by having LPD do it for us.
Now, each time we get a DVI file, we are just one step away from
printing it:&prompt.user; lpr -d seaweed-analysis.dviWe got LPD to do the DVI file conversion for us by specifying
the option. Section Formatting and Conversion
Options lists the conversion options.For each of the conversion options you want a printer to
support, install a conversion filter and
specify its pathname in /etc/printcap. A
conversion filter is like the text filter for the simple printer
setup (see section Installing
the Text Filter) except that instead of printing plain
text, the filter converts the file into a format the printer can
understand.Which Conversions Filters Should I Install?You should install the conversion filters you expect to use.
If you print a lot of DVI data, then a DVI conversion filter is in
order. If you have got plenty of troff to print out, then you
probably want a troff filter.The following table summarizes the filters that LPD works
with, their capability entries for the
/etc/printcap file, and how to invoke them
with the lpr command:File type/etc/printcap capabilitylpr optioncifplotcfDVIdfplotgfditroffnfFORTRAN textrftroffrfrastervfplain textifnone, , or
In our example, using lpr -d means the
printer needs a df capability in its entry in
/etc/printcap.fortranDespite what others might contend, formats like FORTRAN text
and plot are probably obsolete. At your site, you can give new
meanings to these or any of the formatting options just by
installing custom filters. For example, suppose you would like to
directly print Printerleaf files (files from the Interleaf desktop
publishing program), but will never print plot files. You could
install a Printerleaf conversion filter under the
gf capability and then educate your users that
lpr -g mean print Printerleaf
files.Installing Conversion FiltersSince conversion filters are programs you install outside of
the base FreeBSD installation, they should probably go under
/usr/local. The directory
/usr/local/libexec is a popular location,
since they are specialized programs that only LPD will run;
regular users should not ever need to run them.To enable a conversion filter, specify its pathname under the
appropriate capability for the destination printer in
/etc/printcap.In our example, we will add the DVI conversion filter to the
entry for the printer named bamboo. Here is
the example /etc/printcap file again, with
the new df capability for the printer
bamboo.#
# /etc/printcap for host rose - added df filter for bamboo
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:fs#0x82000e1:xs#0x820:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:The DVI filter is a shell script named
/usr/local/libexec/psdf. Here is that
script:#!bin/sh
#
# psdf - DVI to PostScript printer filter
# Installed in /usr/local/libexec/psdf
#
# Invoked by lpd when user runs lpr -d
#
exec /usr/local/bin/dvips -f | /usr/local/libexec/lprps "$@"This script runs dvips in filter mode (the
argument) on standard input, which is the job
to print. It then starts the PostScript printer filter
lprps (see section Accommodating Plain
Text Jobs on PostScript Printers) with the arguments LPD
passed to this script. lprps will use those
arguments to account for the pages printed.More Conversion Filter ExamplesSince there is no fixed set of steps to install conversion
filters, let me instead provide more examples. Use these as
guidance to making your own filters. Use them directly, if
appropriate.This example script is a raster (well, GIF file, actually)
conversion filter for a Hewlett Packard LaserJet III-Si
printer:#!/bin/sh
#
# hpvf - Convert GIF files into HP/PCL, then print
# Installed in /usr/local/libexec/hpvf
PATH=/usr/X11R6/bin:$PATH; export PATH
giftopnm | ppmtopgm | pgmtopbm | pbmtolj -resolution 300 \
&& exit 0 \
|| exit 2It works by converting the GIF file into a portable anymap,
converting that into a portable graymap, converting that into a
portable bitmap, and converting that into LaserJet/PCL-compatible
data.Here is the /etc/printcap file with an
entry for a printer using the above filter:#
# /etc/printcap for host orchid
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/hpif:\
:vf=/usr/local/libexec/hpvf:The following script is a conversion filter for troff data
from the groff typesetting system for the PostScript printer named
bamboo:#!/bin/sh
#
# pstf - Convert groff's troff data into PS, then print.
# Installed in /usr/local/libexec/pstf
#
exec grops | /usr/local/libexec/lprps "$@"The above script makes use of lprps again
to handle the communication with the printer. If the printer were
on a parallel port, we would use this script instead:#!/bin/sh
#
# pstf - Convert groff's troff data into PS, then print.
# Installed in /usr/local/libexec/pstf
#
exec gropsThat is it. Here is the entry we need to add to
/etc/printcap to enable the filter::tf=/usr/local/libexec/pstf:Here is an example that might make old hands at FORTRAN blush.
It is a FORTRAN-text filter for any printer that can directly
print plain text. We will install it for the printer
teak:#!/bin/sh
#
# hprf - FORTRAN text filter for LaserJet 3si:
# Installed in /usr/local/libexec/hprf
#
printf "\033&k2G" && fpr && printf "\033&l0H" &&
exit 0
exit 2And we will add this line to the
/etc/printcap for the printer
teak to enable this filter::rf=/usr/local/libexec/hprf:Here is one final, somewhat complex example. We will add a
DVI filter to the LaserJet printer teak
introduced earlier. First, the easy part: updating
/etc/printcap with the location of the DVI
filter::df=/usr/local/libexec/hpdf:Now, for the hard part: making the filter. For that, we need
a DVI-to-LaserJet/PCL conversion program. The FreeBSD ports
collection (see The Ports Collection)
has one: dvi2xx is the name of the package.
Installing this package gives us the program we need,
dvilj2p, which converts DVI into LaserJet IIp,
LaserJet III, and LaserJet 2000 compatible codes.dvilj2p makes the filter
hpdf quite complex since
dvilj2p cannot read from standard input. It
wants to work with a filename. What is worse, the filename has to
end in .dvi so using
/dev/fd/0 for standard input is problematic.
We can get around that problem by linking (symbolically) a
temporary file name (one that ends in .dvi)
to /dev/fd/0, thereby forcing
dvilj2p to read from standard input.The only other fly in the ointment is the fact that we cannot
use /tmp for the temporary link. Symbolic
links are owned by user and group bin. The
filter runs as user daemon. And the
/tmp directory has the sticky bit set. The
filter can create the link, but it will not be able clean up when
done and remove it since the link will belong to a different
user.Instead, the filter will make the symbolic link in the current
working directory, which is the spooling directory (specified by
the sd capability in
/etc/printcap). This is a perfect place for
filters to do their work, especially since there is (sometimes)
more free disk space in the spooling directory than under
/tmp.Here, finally, is the filter:#!/bin/sh
#
# hpdf - Print DVI data on HP/PCL printer
# Installed in /usr/local/libexec/hpdf
PATH=/usr/local/bin:$PATH; export PATH
#
# Define a function to clean up our temporary files. These exist
# in the current directory, which will be the spooling directory
# for the printer.
#
cleanup() {
rm -f hpdf$$.dvi
}
#
# Define a function to handle fatal errors: print the given message
# and exit 2. Exiting with 2 tells LPD to do not try to reprint the
# job.
#
fatal() {
echo "$@" 1>&2
cleanup
exit 2
}
#
# If user removes the job, LPD will send SIGINT, so trap SIGINT
# (and a few other signals) to clean up after ourselves.
#
trap cleanup 1 2 15
#
# Make sure we are not colliding with any existing files.
#
cleanup
#
# Link the DVI input file to standard input (the file to print).
#
ln -s /dev/fd/0 hpdf$$.dvi || fatal "Cannot symlink /dev/fd/0"
#
# Make LF = CR+LF
#
printf "\033&k2G" || fatal "Cannot initialize printer"
#
# Convert and print. Return value from dvilj2p does not seem to be
# reliable, so we ignore it.
#
dvilj2p -M1 -q -e- dfhp$$.dvi
#
# Clean up and exit
#
cleanup
exit 0Automated Conversion: An Alternative To Conversion
FiltersAll these conversion filters accomplish a lot for your
printing environment, but at the cost forcing the user to specify
(on the &man.lpr.1; command line) which one to use.
If your users are not particularly computer literate, having to
specify a filter option will become annoying. What is worse,
though, is that an incorrectly specified filter option may run a
filter on the wrong type of file and cause your printer to spew
out hundreds of sheets of paper.Rather than install conversion filters at all, you might want
to try having the text filter (since it is the default filter)
detect the type of file it has been asked to print and then
automatically run the right conversion filter. Tools such as
file can be of help here. Of course, it will
be hard to determine the differences between
some file types—and, of course, you can
still provide conversion filters just for them.apsfilterprinterfiltersapsfilterThe FreeBSD ports collection has a text filter that performs
automatic conversion called apsfilter. It can
detect plain text, PostScript, and DVI files, run the proper
conversions, and print.Output FiltersThe LPD spooling system supports one other type of filter that
we have not yet explored: an output filter. An output filter is
intended for printing plain text only, like the text filter, but
with many simplifications. If you are using an output filter but no
text filter, then:LPD starts an output filter once for the entire job instead
of once for each file in the job.LPD does not make any provision to identify the start or the
end of files within the job for the output filter.LPD does not pass the user's login or host to the filter, so
it is not intended to do accounting. In fact, it gets only two
arguments:filter-name-wwidth-llengthWhere width is from the
pw capability and
length is from the
pl capability for the printer in
question.Do not be seduced by an output filter's simplicity. If you
would like each file in a job to start on a different page an output
filter will not work. Use a text filter (also
known as an input filter); see section Installing the Text Filter.
Furthermore, an output filter is actually more
complex in that it has to examine the byte stream being
sent to it for special flag characters and must send signals to
itself on behalf of LPD.However, an output filter is necessary if
you want header pages and need to send escape sequences or other
initialization strings to be able to print the header page. (But it
is also futile if you want to charge header
pages to the requesting user's account, since LPD does not give any
user or host information to the output filter.)On a single printer, LPD allows both an output filter and text
or other filters. In such cases, LPD will start the output filter
to print the header page (see section Header Pages)
only. LPD then expects the output filter to stop
itself by sending two bytes to the filter: ASCII 031
followed by ASCII 001. When an output filter sees these two bytes
(031, 001), it should stop by sending SIGSTOP to itself. When LPD's
done running other filters, it will restart the output filter by
sending SIGCONT to it.If there is an output filter but no text
filter and LPD is working on a plain text job, LPD uses the output
filter to do the job. As stated before, the output filter will
print each file of the job in sequence with no intervening form
feeds or other paper advancement, and this is probably
not what you want. In almost all cases, you
need a text filter.The program lpf, which we introduced earlier
as a text filter, can also run as an output filter. If you need a
quick-and-dirty output filter but do not want to write the byte
detection and signal sending code, try lpf. You
can also wrap lpf in a shell script to handle any
initialization codes the printer might require.lpf: a Text FilterThe program /usr/libexec/lpr/lpf that comes
with FreeBSD binary distribution is a text filter (input filter)
that can indent output (job submitted with lpr
-i), allow literal characters to pass (job submitted
with lpr -l), adjust the printing position for
backspaces and tabs in the job, and account for pages printed. It
can also act like an output filter.lpf is suitable for many printing
environments. And although it has no capability to send
initialization sequences to a printer, it is easy to write a shell
script to do the needed initialization and then execute
lpf.page accountingaccountingprinterIn order for lpf to do page accounting
correctly, it needs correct values filled in for the
pw and pl capabilities in the
/etc/printcap file. It uses these values to
determine how much text can fit on a page and how many pages were in
a user's job. For more information on printer accounting, see Accounting for Printer
Usage.Header PagesIf you have lots of users, all of them using
various printers, then you probably want to consider header
pages as a necessary evil.banner pages (see header pages)header pagesHeader pages, also known as banner or
burst pages identify to whom jobs belong after
they are printed. They are usually printed in large, bold letters,
perhaps with decorative borders, so that in a stack of printouts they
stand out from the real documents that comprise users' jobs. They
enable users to locate their jobs quickly. The obvious drawback to a
header page is that it is yet one more sheet that has to be printed
for every job, their ephemeral usefulness lasting not more than a few
minutes, ultimately finding themselves in a recycling bin or rubbish
heap. (Note that header pages go with each job, not each file in a
job, so the paper waste might not be that bad.)The LPD system can provide header pages automatically for your
printouts if your printer can directly print
plain text. If you have a PostScript printer, you will need an
external program to generate the header page; see Header Pages on
PostScript Printers.Enabling Header PagesIn the Simple Printer
Setup, we turned off header pages by specifying
sh (meaning suppress header) in the
/etc/printcap file. To enable header pages for
a printer, just remove the sh capability.Sounds too easy, right?You are right. You might have to provide
an output filter to send initialization strings to the printer.
Here is an example output filter for Hewlett Packard PCL-compatible
printers:#!/bin/sh
#
# hpof - Output filter for Hewlett Packard PCL-compatible printers
# Installed in /usr/local/libexec/hpof
printf "\033&k2G" || exit 2
exec /usr/libexec/lpr/lpfSpecify the path to the output filter in the
of capability. See Output Filters for more
information.Here is an example /etc/printcap file for
the printer teak that we introduced earlier; we
enabled header pages and added the above output filter:#
# /etc/printcap for host orchid
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/hpif:\
:vf=/usr/local/libexec/hpvf:\
:of=/usr/local/libexec/hpof:Now, when users print jobs to teak, they get
a header page with each job. If users want to spend time searching
for their printouts, they can suppress header pages by submitting
the job with lpr -h; see Header Page Options for
more &man.lpr.1; options.LPD prints a form feed character after the header page. If
your printer uses a different character or sequence of characters
to eject a page, specify them with the ff
capability in /etc/printcap.Controlling Header PagesBy enabling header pages, LPD will produce a long
header, a full page of large letters identifying the
user, host, and job. Here is an example (kelly printed the job
named outline from host rose): k ll ll
k l l
k l l
k k eeee l l y y
k k e e l l y y
k k eeeeee l l y y
kk k e l l y y
k k e e l l y yy
k k eeee lll lll yyy y
y
y y
yyyy
ll
t l i
t l
oooo u u ttttt l ii n nnn eeee
o o u u t l i nn n e e
o o u u t l i n n eeeeee
o o u u t l i n n e
o o u uu t t l i n n e e
oooo uuu u tt lll iii n n eeee
r rrr oooo ssss eeee
rr r o o s s e e
r o o ss eeeeee
r o o ss e
r o o s s e e
r oooo ssss eeee
Job: outline
Date: Sun Sep 17 11:04:58 1995LPD appends a form feed after this text so the job starts on a
new page (unless you have sf (suppress form
feeds) in the destination printer's entry in
/etc/printcap).If you prefer, LPD can make a short header;
specify sb (short banner) in the
/etc/printcap file. The header page will look
like this:rose:kelly Job: outline Date: Sun Sep 17 11:07:51 1995Also by default, LPD prints the header page first, then the job.
To reverse that, specify hl (header last) in
/etc/printcap.Accounting for Header PagesUsing LPD's built-in header pages enforces a particular paradigm
when it comes to printer accounting: header pages must be
free of charge.Why?Because the output filter is the only external program that will
have control when the header page is printed that could do
accounting, and it is not provided with any user or
host information or an accounting file, so it has no
idea whom to charge for printer use. It is also not enough to just
add one page to the text filter or any of the
conversion filters (which do have user and host information) since
users can suppress header pages with lpr -h.
They could still be charged for header pages they did not print.
Basically, lpr -h will be the preferred option of
environmentally-minded users, but you cannot offer any incentive to
use it.It is still not enough to have each of the
filters generate their own header pages (thereby being able to
charge for them). If users wanted the option of suppressing the
header pages with lpr -h, they will still get
them and be charged for them since LPD does not pass any knowledge
of the option to any of the filters.So, what are your options?You can:Accept LPD's paradigm and make header pages free.Install an alternative to LPD, such as LPRng. Section
Alternatives to the
Standard Spooler tells more about other spooling
software you can substitute for LPD.Write a smart output filter. Normally,
an output filter is not meant to do anything more than
initialize a printer or do some simple character conversion. It
is suited for header pages and plain text jobs (when there is no
text (input) filter). But, if there is a text filter for the
plain text jobs, then LPD will start the output filter only for
the header pages. And the output filter can parse the header
page text that LPD generates to determine what user and host to
charge for the header page. The only other problem with this
method is that the output filter still does not know what
accounting file to use (it is not passed the name of the file
from the af capability), but if you have a
well-known accounting file, you can hard-code that into the
output filter. To facilitate the parsing step, use the
sh (short header) capability in
/etc/printcap. Then again, all that might
be too much trouble, and users will certainly appreciate the
more generous system administrator who makes header pages
free.Header Pages on PostScript PrintersAs described above, LPD can generate a plain text header page
suitable for many printers. Of course, PostScript cannot directly
print plain text, so the header page feature of LPD is
useless—or mostly so.One obvious way to get header pages is to have every conversion
filter and the text filter generate the header page. The filters
should use the user and host arguments to generate a suitable
header page. The drawback of this method is that users will always
get a header page, even if they submit jobs with lpr
-h.Let us explore this method. The following script takes three
arguments (user login name, host name, and job name) and makes a
simple PostScript header page:#!/bin/sh
#
# make-ps-header - make a PostScript header page on stdout
# Installed in /usr/local/libexec/make-ps-header
#
#
# These are PostScript units (72 to the inch). Modify for A4 or
# whatever size paper you are using:
#
page_width=612
page_height=792
border=72
#
# Check arguments
#
if [ $# -ne 3 ]; then
echo "Usage: `basename $0` <user> <host> <job>" 1>&2
exit 1
fi
#
# Save these, mostly for readability in the PostScript, below.
#
user=$1
host=$2
job=$3
date=`date`
#
# Send the PostScript code to stdout.
#
exec cat <<EOF
%!PS
%
% Make sure we do not interfere with user's job that will follow
%
save
%
% Make a thick, unpleasant border around the edge of the paper.
%
$border $border moveto
$page_width $border 2 mul sub 0 rlineto
0 $page_height $border 2 mul sub rlineto
currentscreen 3 -1 roll pop 100 3 1 roll setscreen
$border 2 mul $page_width sub 0 rlineto closepath
0.8 setgray 10 setlinewidth stroke 0 setgray
%
% Display user's login name, nice and large and prominent
%
/Helvetica-Bold findfont 64 scalefont setfont
$page_width ($user) stringwidth pop sub 2 div $page_height 200 sub moveto
($user) show
%
% Now show the boring particulars
%
/Helvetica findfont 14 scalefont setfont
/y 200 def
[ (Job:) (Host:) (Date:) ] {
200 y moveto show /y y 18 sub def }
forall
/Helvetica-Bold findfont 14 scalefont setfont
/y 200 def
[ ($job) ($host) ($date) ] {
270 y moveto show /y y 18 sub def
} forall
%
% That is it
%
restore
showpage
EOFNow, each of the conversion filters and the text filter can call
this script to first generate the header page, and then print the
user's job. Here is the DVI conversion filter from earlier in this
document, modified to make a header page:#!/bin/sh
#
# psdf - DVI to PostScript printer filter
# Installed in /usr/local/libexec/psdf
#
# Invoked by lpd when user runs lpr -d
#
orig_args="$@"
fail() {
echo "$@" 1>&2
exit 2
}
while getopts "x:y:n:h:" option; do
case $option in
x|y) ;; # Ignore
n) login=$OPTARG ;;
h) host=$OPTARG ;;
*) echo "LPD started `basename $0` wrong." 1>&2
exit 2
;;
esac
done
[ "$login" ] || fail "No login name"
[ "$host" ] || fail "No host name"
( /usr/local/libexec/make-ps-header $login $host "DVI File"
/usr/local/bin/dvips -f ) | eval /usr/local/libexec/lprps $orig_argsNotice how the filter has to parse the argument list in order to
determine the user and host name. The parsing for the other
conversion filters is identical. The text filter takes a slightly
different set of arguments, though (see section How Filters
Work).As we have mentioned before, the above scheme, though fairly
simple, disables the suppress header page option (the
option) to lpr. If users
wanted to save a tree (or a few pennies, if you charge for header
pages), they would not be able to do so, since every filter's going
to print a header page with every job.To allow users to shut off header pages on a per-job basis, you
will need to use the trick introduced in section Accounting for
Header Pages: write an output filter that parses the
LPD-generated header page and produces a PostScript version. If the
user submits the job with lpr -h, then LPD will
not generate a header page, and neither will your output filter.
Otherwise, your output filter will read the text from LPD and send
the appropriate header page PostScript code to the printer.If you have a PostScript printer on a serial line, you can make
use of lprps, which comes with an output filter,
psof, which does the above. Note that
psof does not charge for header pages.Networked Printingprinternetworknetwork printingFreeBSD supports networked printing: sending jobs to remote
printers. Networked printing generally refers to two different
things:Accessing a printer attached to a remote host. You install a
printer that has a conventional serial or parallel interface on
one host. Then, you set up LPD to enable access to the printer
from other hosts on the network. Section Printers Installed on
Remote Hosts tells how to do this.Accessing a printer attached directly to a network. The
printer has a network interface in addition (or in place of) a
more conventional serial or parallel interface. Such a printer
might work as follows:It might understand the LPD protocol and can even queue
jobs from remote hosts. In this case, it acts just like a
regular host running LPD. Follow the same procedure in
section Printers
Installed on Remote Hosts to set up such a
printer.It might support a data stream network connection. In this
case, you attach the printer to one host on the
network by making that host responsible for spooling jobs and
sending them to the printer. Section Printers with
Networked Data Stream Interfaces gives some
suggestions on installing such printers.Printers Installed on Remote HostsThe LPD spooling system has built-in support for sending jobs to
other hosts also running LPD (or are compatible with LPD). This
feature enables you to install a printer on one host and make it
accessible from other hosts. It also works with printers that have
network interfaces that understand the LPD protocol.To enable this kind of remote printing, first install a printer
on one host, the printer host, using the simple
printer setup described in Simple
Printer Setup. Do any advanced setup in Advanced Printer Setup that you
need. Make sure to test the printer and see if it works with the
features of LPD you have enabled. Also ensure that the
local host has authorization to use the LPD
service in the remote host (see Restricting Jobs
from Remote Printers).printernetworknetwork printingIf you are using a printer with a network interface that is
compatible with LPD, then the printer host in
the discussion below is the printer itself, and the
printer name is the name you configured for the
printer. See the documentation that accompanied your printer and/or
printer-network interface.If you are using a Hewlett Packard Laserjet then the printer
name text will automatically perform the LF to
CRLF conversion for you, so you will not require the
hpif script.Then, on the other hosts you want to have access to the printer,
make an entry in their /etc/printcap files with
the following:Name the entry anything you want. For simplicity, though,
you probably want to use the same name and aliases as on the
printer host.Leave the lp capability blank, explicitly
(:lp=:).Make a spooling directory and specify its location in the
sd capability. LPD will store jobs here
before they get sent to the printer host.Place the name of the printer host in the
rm capability.Place the printer name on the printer
host in the rp
capability.That is it. You do not need to list conversion filters, page
dimensions, or anything else in the
/etc/printcap file.Here is an example. The host rose has two
printers, bamboo and rattan.
We will enable users on the host orchid to print to those printers.
Here is the /etc/printcap file for
orchid (back from section Enabling Header
Pages). It already had the entry for the printer
teak; we have added entries for the two printers
on the host rose:#
# /etc/printcap for host orchid - added (remote) printers on rose
#
#
# teak is local; it is connected directly to orchid:
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/ifhp:\
:vf=/usr/local/libexec/vfhp:\
:of=/usr/local/libexec/ofhp:
#
# rattan is connected to rose; send jobs for rattan to rose:
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan:
#
# bamboo is connected to rose as well:
#
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:Then, we just need to make spooling directories on
orchid:&prompt.root; mkdir -p /var/spool/lpd/rattan /var/spool/lpd/bamboo
&prompt.root; chmod 770 /var/spool/lpd/rattan /var/spool/lpd/bamboo
&prompt.root; chown daemon:daemon /var/spool/lpd/rattan /var/spool/lpd/bambooNow, users on orchid can print to
rattan and bamboo. If, for
example, a user on orchid typed
&prompt.user; lpr -P bamboo -d sushi-review.dvi
the LPD system on orchid would copy the job to the spooling
directory /var/spool/lpd/bamboo and note that
it was a DVI job. As soon as the host rose has room in its
bamboo spooling directory, the two LPDs would
transfer the file to rose. The file would wait in rose's queue
until it was finally printed. It would be converted from DVI to
PostScript (since bamboo is a PostScript printer) on rose.Printers with Networked Data Stream InterfacesOften, when you buy a network interface card for a printer, you
can get two versions: one which emulates a spooler (the more
expensive version), or one which just lets you send data to it as if
you were using a serial or parallel port (the cheaper version).
This section tells how to use the cheaper version. For the more
expensive one, see the previous section Printers Installed on
Remote Hosts.The format of the /etc/printcap file lets
you specify what serial or parallel interface to use, and (if you
are using a serial interface), what baud rate, whether to use flow
control, delays for tabs, conversion of newlines, and more. But
there is no way to specify a connection to a printer that is
listening on a TCP/IP or other network port.To send data to a networked printer, you need to develop a
communications program that can be called by the text and conversion
filters. Here is one such example: the script
netprint takes all data on standard input and
sends it to a network-attached printer. We specify the hostname of
the printer as the first argument and the port number to which to
connect as the second argument to netprint. Note
that this supports one-way communication only (FreeBSD to printer);
many network printers support two-way communication, and you might
want to take advantage of that (to get printer status, perform
accounting, etc.).#!/usr/bin/perl
#
# netprint - Text filter for printer attached to network
# Installed in /usr/local/libexec/netprint
#
$#ARGV eq 1 || die "Usage: $0 <printer-hostname> <port-number>";
$printer_host = $ARGV[0];
$printer_port = $ARGV[1];
require 'sys/socket.ph';
($ignore, $ignore, $protocol) = getprotobyname('tcp');
($ignore, $ignore, $ignore, $ignore, $address)
= gethostbyname($printer_host);
$sockaddr = pack('S n a4 x8', &AF_INET, $printer_port, $address);
socket(PRINTER, &PF_INET, &SOCK_STREAM, $protocol)
|| die "Can't create TCP/IP stream socket: $!";
connect(PRINTER, $sockaddr) || die "Can't contact $printer_host: $!";
while (<STDIN>) { print PRINTER; }
exit 0;We can then use this script in various filters. Suppose we had
a Diablo 750-N line printer connected to the network. The printer
accepts data to print on port number 5100. The host name of the
printer is scrivener. Here is the text filter for the
printer:#!/bin/sh
#
# diablo-if-net - Text filter for Diablo printer `scrivener' listening
# on port 5100. Installed in /usr/local/libexec/diablo-if-net
#
exec /usr/libexec/lpr/lpf "$@" | /usr/local/libexec/netprint scrivener 5100Restricting Printer Usageprinterrestricting access toThis section gives information on restricting printer usage. The
LPD system lets you control who can access a printer, both locally or
remotely, whether they can print multiple copies, how large their jobs
can be, and how large the printer queues can get.Restricting Multiple CopiesThe LPD system makes it easy for users to print multiple copies
of a file. Users can print jobs with lpr -#5
(for example) and get five copies of each file in the job. Whether
this is a good thing is up to you.If you feel multiple copies cause unnecessary wear and tear on
your printers, you can disable the option to
&man.lpr.1; by adding the sc capability to the
/etc/printcap file. When users submit jobs
with the option, they will see:lpr: multiple copies are not allowedNote that if you have set up access to a printer remotely (see
section Printers
Installed on Remote Hosts), you need the
sc capability on the remote
/etc/printcap files as well, or else users will
still be able to submit multiple-copy jobs by using another
host.Here is an example. This is the
/etc/printcap file for the host
rose. The printer rattan is
quite hearty, so we will allow multiple copies, but the laser
printer bamboo's a bit more delicate, so we will
disable multiple copies by adding the sc
capability:#
# /etc/printcap for host rose - restrict multiple copies on bamboo
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:\
:lp=/dev/ttyd5:fs#0x82000e1:xs#0x820:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:Now, we also need to add the sc capability on
the host orchid's
/etc/printcap (and while we are at it, let us
disable multiple copies for the printer
teak):#
# /etc/printcap for host orchid - no multiple copies for local
# printer teak or remote printer bamboo
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:sc:\
:if=/usr/local/libexec/ifhp:\
:vf=/usr/local/libexec/vfhp:\
:of=/usr/local/libexec/ofhp:
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:sc:By using the sc capability, we prevent the
use of lpr -#, but that still does not prevent
users from running &man.lpr.1;
multiple times, or from submitting the same file multiple times in
one job like this:&prompt.user; lpr forsale.sign forsale.sign forsale.sign forsale.sign forsale.signThere are many ways to prevent this abuse (including ignoring
it) which you are free to explore.Restricting Access To PrintersYou can control who can print to what printers by using the Unix
group mechanism and the rg capability in
/etc/printcap. Just place the users you want
to have access to a printer in a certain group, and then name that
group in the rg capability.Users outside the group (including root) will be greeted with
lpr: Not a member of the restricted group
if they try to print to the controlled printer.As with the sc (suppress multiple copies)
capability, you need to specify rg on remote
hosts that also have access to your printers, if you feel it is
appropriate (see section Printers Installed on
Remote Hosts).For example, we will let anyone access the printer
rattan, but only those in group
artists can use bamboo. Here
is the familiar /etc/printcap for host
rose:#
# /etc/printcap for host rose - restricted group for bamboo
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:\
:lp=/dev/ttyd5:fs#0x82000e1:xs#0x820:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:Let us leave the other example
/etc/printcap file (for the host
orchid) alone. Of course, anyone on
orchid can print to bamboo. It
might be the case that we only allow certain logins on
orchid anyway, and want them to have access to the
printer. Or not.There can be only one restricted group per printer.Controlling Sizes of Jobs Submittedprint jobsIf you have many users accessing the printers, you probably need
to put an upper limit on the sizes of the files users can submit to
print. After all, there is only so much free space on the
filesystem that houses the spooling directories, and you also need
to make sure there is room for the jobs of other users.print jobscontrollingLPD enables you to limit the maximum byte size a file in a job
can be with the mx capability. The units are in
BUFSIZ blocks, which are 1024 bytes. If you put a zero for this
capability, there will be no limit on file size; however, if no
mx capability is specified, then a default limit
of 1000 blocks will be used.The limit applies to files in a job, and
not the total job size.LPD will not refuse a file that is larger than the limit you
place on a printer. Instead, it will queue as much of the file up
to the limit, which will then get printed. The rest will be
discarded. Whether this is correct behavior is up for
debate.Let us add limits to our example printers
rattan and bamboo. Since
those artists' PostScript files tend to be large, we will limit them
to five megabytes. We will put no limit on the plain text line
printer:#
# /etc/printcap for host rose
#
#
# No limit on job size:
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:mx#0:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
#
# Limit of five megabytes:
#
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\
:lp=/dev/ttyd5:fs#0x82000e1:xs#0x820:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:Again, the limits apply to the local users only. If you have
set up access to your printers remotely, remote users will not get
those limits. You will need to specify the mx
capability in the remote /etc/printcap files as
well. See section Printers Installed on
Remote Hosts for more information on remote
printing.There is another specialized way to limit job sizes from remote
printers; see section Restricting Jobs
from Remote Printers.Restricting Jobs from Remote PrintersThe LPD spooling system provides several ways to restrict print
jobs submitted from remote hosts:Host restrictionsYou can control from which remote hosts a local LPD
accepts requests with the files
/etc/hosts.equiv and
/etc/hosts.lpd. LPD checks to see if an
incoming request is from a host listed in either one of these
files. If not, LPD refuses the request.The format of these files is simple: one host name per
line. Note that the file
/etc/hosts.equiv is also used by the
&man.ruserok.3; protocol, and affects programs like
&man.rsh.1; and &man.rcp.1;, so be careful.For example, here is the
/etc/hosts.lpd file on the host
rose:orchid
violet
madrigal.fishbaum.deThis means rose will accept requests from
the hosts orchid, violet,
and madrigal.fishbaum.de. If any
other host tries to access rose's
LPD, the job will be refused.Size restrictionsYou can control how much free space there needs to remain
on the filesystem where a spooling directory resides. Make a
file called minfree in the spooling
directory for the local printer. Insert in that file a number
representing how many disk blocks (512 bytes) of free space
there has to be for a remote job to be accepted.This lets you insure that remote users will not fill your
filesystem. You can also use it to give a certain priority to
local users: they will be able to queue jobs long after the
free disk space has fallen below the amount specified in the
minfree file.For example, let us add a minfree
file for the printer bamboo. We examine
/etc/printcap to find the spooling
directory for this printer; here is bamboo's
entry:bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\
:lp=/dev/ttyd5:fs#0x82000e1:xs#0x820:rw:mx#5000:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:The spooling directory is the given in the
sd capability. We will make three
megabytes (which is 6144 disk blocks) the amount of free disk
space that must exist on the filesystem for LPD to accept
remote jobs:&prompt.root; echo 6144 > /var/spool/lpd/bam
boo/minfreeUser restrictionsYou can control which remote users can print to local
printers by specifying the rs capability in
/etc/printcap. When
rs appears in the entry for a
locally-attached printer, LPD will accept jobs from remote
hosts if the user submitting the job also
has an account of the same login name on the local host.
Otherwise, LPD refuses the job.This capability is particularly useful in an environment
where there are (for example) different departments sharing a
network, and some users transcend departmental boundaries. By
giving them accounts on your systems, they can use your
printers from their own departmental systems. If you would
rather allow them to use only your
printers and not your compute resources, you can give them
token accounts, with no home directory and a
useless shell like /usr/bin/false.Accounting for Printer UsageaccountingprinterSo, you need to charge for printouts. And why not? Paper and ink
cost money. And then there are maintenance costs—printers are
loaded with moving parts and tend to break down. You have examined
your printers, usage patterns, and maintenance fees and have come up
with a per-page (or per-foot, per-meter, or per-whatever) cost. Now,
how do you actually start accounting for printouts?Well, the bad news is the LPD spooling system does not provide
much help in this department. Accounting is highly dependent on the
kind of printer in use, the formats being printed, and
your requirements in charging for printer
usage.To implement accounting, you have to modify a printer's text
filter (to charge for plain text jobs) and the conversion filters (to
charge for other file formats), to count pages or query the printer
for pages printed. You cannot get away with using the simple output
filter, since it cannot do accounting. See section Filters.Generally, there are two ways to do accounting:Periodic accounting is the more common
way, possibly because it is easier. Whenever someone prints a
job, the filter logs the user, host, and number of pages to an
accounting file. Every month, semester, year, or whatever time
period you prefer, you collect the accounting files for the
various printers, tally up the pages printed by users, and charge
for usage. Then you truncate all the logging files, starting with
a clean slate for the next period.Timely accounting is less common,
probably because it is more difficult. This method has the
filters charge users for printouts as soon as they use the
printers. Like disk quotas, the accounting is immediate. You can
prevent users from printing when their account goes in the red,
and might provide a way for users to check and adjust their
print quotas. But this method requires some database
code to track users and their quotas.The LPD spooling system supports both methods easily: since you
have to provide the filters (well, most of the time), you also have to
provide the accounting code. But there is a bright side: you have
enormous flexibility in your accounting methods. For example, you
choose whether to use periodic or timely accounting. You choose what
information to log: user names, host names, job types, pages printed,
square footage of paper used, how long the job took to print, and so
forth. And you do so by modifying the filters to save this
information.Quick and Dirty Printer AccountingFreeBSD comes with two programs that can get you set up with
simple periodic accounting right away. They are the text filter
lpf, described in section lpf: a Text Filter, and
&man.pac.8;, a program to gather and total
entries from printer accounting files.As mentioned in the section on filters (Filters), LPD starts
the text and the conversion filters with the name of the accounting
file to use on the filter command line. The filters can use this
argument to know where to write an accounting file entry. The name
of this file comes from the af capability in
/etc/printcap, and if not specified as an
absolute path, is relative to the spooling directory.LPD starts lpf with page width and length
arguments (from the pw and pl
capabilities). lpf uses these arguments to
determine how much paper will be used. After sending the file to
the printer, it then writes an accounting entry in the accounting
file. The entries look like this:2.00 rose:andy
3.00 rose:kelly
3.00 orchid:mary
5.00 orchid:mary
2.00 orchid:zhangYou should use a separate accounting file for each printer, as
lpf has no file locking logic built into it, and
two lpfs might corrupt each other's entries if
they were to write to the same file at the same time. A easy way to
insure a separate accounting file for each printer is to use
af=acct in /etc/printcap.
Then, each accounting file will be in the spooling directory for a
printer, in a file named acct.When you are ready to charge users for printouts, run the
&man.pac.8; program. Just change to the spooling directory for
the printer you want to collect on and type pac.
You will get a dollar-centric summary like the following: Login pages/feet runs price
orchid:kelly 5.00 1 $ 0.10
orchid:mary 31.00 3 $ 0.62
orchid:zhang 9.00 1 $ 0.18
rose:andy 2.00 1 $ 0.04
rose:kelly 177.00 104 $ 3.54
rose:mary 87.00 32 $ 1.74
rose:root 26.00 12 $ 0.52
total 337.00 154 $ 6.74These are the arguments &man.pac.8; expects:Which printer to summarize.
This option works only if there is an absolute path in the
af capability in
/etc/printcap.Sort the output by cost instead of alphabetically by user
name.Ignore host name in the accounting files. With this
option, user smith on host
alpha is the same user
smith on host gamma.
Without, they are different users.Compute charges with price
dollars per page or per foot instead of the price from the
pc capability in
/etc/printcap, or two cents (the
default). You can specify price as
a floating point number.Reverse the sort order.Make an accounting summary file and truncate the
accounting file.name…Print accounting information for the given user
names only.In the default summary that &man.pac.8; produces, you see the
number of pages printed by each user from various hosts. If, at
your site, host does not matter (because users can use any host),
run pac -m, to produce the following
summary: Login pages/feet runs price
andy 2.00 1 $ 0.04
kelly 182.00 105 $ 3.64
mary 118.00 35 $ 2.36
root 26.00 12 $ 0.52
zhang 9.00 1 $ 0.18
total 337.00 154 $ 6.74To compute the dollar amount due,
&man.pac.8; uses the pc capability in the
/etc/printcap file (default of 200, or 2 cents
per page). Specify, in hundredths of cents, the price per page or
per foot you want to charge for printouts in this capability. You
can override this value when you run &man.pac.8; with the
option. The units for the
option are in dollars, though, not hundredths of cents. For
example,
&prompt.root; pac -p1.50
makes each page cost one dollar and fifty cents. You can really
rake in the profits by using this option.Finally, running pac -s will save the summary
information in a summary accounting file, which is named the same as
the printer's accounting file, but with _sum
appended to the name. It then truncates the accounting file. When
you run &man.pac.8; again, it rereads the
summary file to get starting totals, then adds information from the
regular accounting file.How Can You Count Pages Printed?In order to perform even remotely accurate accounting, you need
to be able to determine how much paper a job uses. This is the
essential problem of printer accounting.For plain text jobs, the problem is not that hard to solve: you
count how many lines are in a job and compare it to how many lines
per page your printer supports. Do not forget to take into account
backspaces in the file which overprint lines, or long logical lines
that wrap onto one or more additional physical lines.The text filter lpf (introduced in lpf: a Text Filter) takes
into account these things when it does accounting. If you are
writing a text filter which needs to do accounting, you might want
to examine lpf's source code.How do you handle other file formats, though?Well, for DVI-to-LaserJet or DVI-to-PostScript conversion, you
can have your filter parse the diagnostic output of
dvilj or dvips and look to see
how many pages were converted. You might be able to do similar
things with other file formats and conversion programs.But these methods suffer from the fact that the printer may not
actually print all those pages. For example, it could jam, run out
of toner, or explode—and the user would still get
charged.So, what can you do?There is only one sure way to do
accurate accounting. Get a printer that can
tell you how much paper it uses, and attach it via a serial line or
a network connection. Nearly all PostScript printers support this
notion. Other makes and models do as well (networked Imagen laser
printers, for example). Modify the filters for these printers to
get the page usage after they print each job and have them log
accounting information based on that value
only. There is no line counting nor
error-prone file examination required.Of course, you can always be generous and make all printouts
free.Using PrintersprinterusageThis section tells you how to use printers you have setup with
FreeBSD. Here is an overview of the user-level commands:&man.lpr.1;Print jobs&man.lpq.1;Check printer queues&man.lprm.1;Remove jobs from a printer's queueThere is also an administrative command, &man.lpc.8;, described in
the section Administrating the LPD
Spooler, used to control printers and their queues.All three of the commands &man.lpr.1;, &man.lprm.1;, and &man.lpq.1;
accept an option to specify on which
printer/queue to operate, as listed in the
/etc/printcap file. This enables you to submit,
remove, and check on jobs for various printers. If you do not use the
option, then these commands use the printer
specified in the PRINTER environment variable. Finally,
if you do not have a PRINTER environment variable, these
commands default to the printer named lp.Hereafter, the terminology default printer
means the printer named in the PRINTER environment
variable, or the printer named lp when there is no
PRINTER environment variable.Printing JobsTo print files, type:&prompt.user; lpr filename...printingThis prints each of the listed files to the default printer. If
you list no files, &man.lpr.1; reads data to
print from standard input. For example, this command prints some
important system files:&prompt.user; lpr /etc/host.conf /etc/hosts.equivTo select a specific printer, type:&prompt.user; lpr -P printer-namefilename...This example prints a long listing of the current directory to the
printer named rattan:&prompt.user; ls -l | lpr -P rattanBecause no files were listed for the
&man.lpr.1; command, lpr read the data to print
from standard input, which was the output of the ls
-l command.The &man.lpr.1; command can also accept a wide variety of options
to control formatting, apply file conversions, generate multiple
copies, and so forth. For more information, see the section Printing Options.Checking Jobsprint jobsWhen you print with &man.lpr.1;, the data you wish to print is put
together in a package called a print job, which is sent
to the LPD spooling system. Each printer has a queue of jobs, and
your job waits in that queue along with other jobs from yourself and
from other users. The printer prints those jobs in a first-come,
first-served order.To display the queue for the default printer, type &man.lpq.1;.
For a specific printer, use the option. For
example, the command
&prompt.user; lpq -P bamboo
shows the queue for the printer named bamboo. Here
is an example of the output of the lpq
command:bamboo is ready and printing
Rank Owner Job Files Total Size
active kelly 9 /etc/host.conf, /etc/hosts.equiv 88 bytes
2nd kelly 10 (standard input) 1635 bytes
3rd mary 11 ... 78519 bytesThis shows three jobs in the queue for bamboo.
The first job, submitted by user kelly, got assigned job
number 9. Every job for a printer gets a unique job number.
Most of the time you can ignore the job number, but you will need it
if you want to cancel the job; see section Removing Jobs for details.Job number nine consists of two files; multiple files given on the
&man.lpr.1; command line are treated as part of a single job. It
is the currently active job (note the word active
under the Rank column), which means the printer should
be currently printing that job. The second job consists of data
passed as the standard input to the &man.lpr.1; command. The third
job came from user mary; it is a much larger
job. The pathname of the files she's trying to print is too long to
fit, so the &man.lpq.1; command just shows three dots.The very first line of the output from &man.lpq.1; is also useful:
it tells what the printer is currently doing (or at least what LPD
thinks the printer is doing).The &man.lpq.1; command also support a option
to generate a detailed long listing. Here is an example of
lpq -l:waiting for bamboo to become ready (offline ?)
kelly: 1st [job 009rose]
/etc/host.conf 73 bytes
/etc/hosts.equiv 15 bytes
kelly: 2nd [job 010rose]
(standard input) 1635 bytes
mary: 3rd [job 011rose]
/home/orchid/mary/research/venus/alpha-regio/mapping 78519 bytesRemoving JobsIf you change your mind about printing a job, you can remove the
job from the queue with the &man.lprm.1; command. Often, you can
even use &man.lprm.1; to remove an active job, but some or all of the
job might still get printed.To remove a job from the default printer, first use
&man.lpq.1; to find the job number. Then type:&prompt.user; lprm job-numberTo remove the job from a specific printer, add the
option. The following command removes job number
10 from the queue for the printer bamboo:&prompt.user; lprm -P bamboo 10The &man.lprm.1; command has a few shortcuts:lprm -Removes all jobs (for the default printer) belonging to
you.lprm userRemoves all jobs (for the default printer) belonging to
user. The superuser can remove other
users' jobs; you can remove only your own jobs.lprmWith no job number, user name, or
appearing on the command line,
&man.lprm.1; removes the currently active job on the
default printer, if it belongs to you. The superuser can remove
any active job.Just use the option with the above shortcuts
to operate on a specific printer instead of the default. For example,
the following command removes all jobs for the current user in the
queue for the printer named rattan:&prompt.user; lprm -P rattan -If you are working in a networked environment, &man.lprm.1; will
let you remove jobs only from the
host from which the jobs were submitted, even if the same printer is
available from other hosts. The following command sequence
demonstrates this:&prompt.user; lpr -P rattan myfile
&prompt.user; rlogin orchid
&prompt.user; lpq -P rattan
Rank Owner Job Files Total Size
active seeyan 12 ... 49123 bytes
2nd kelly 13 myfile 12 bytes
&prompt.user; lprm -P rattan 13
rose: Permission denied
&prompt.user; logout
&prompt.user; lprm -P rattan 13
dfA013rose dequeued
cfA013rose dequeued
Beyond Plain Text: Printing OptionsThe &man.lpr.1; command supports a number of options that control
formatting text, converting graphic and other file formats, producing
multiple copies, handling of the job, and more. This section
describes the options.Formatting and Conversion OptionsThe following &man.lpr.1; options control formatting of the
files in the job. Use these options if the job does not contain
plain text or if you want plain text formatted through the
&man.pr.1; utility.TeXFor example, the following command prints a DVI file (from the
TeX typesetting system) named fish-report.dvi
to the printer named bamboo:&prompt.user; lpr -P bamboo -d fish-report.dviThese options apply to every file in the job, so you cannot mix
(say) DVI and ditroff files together in a job. Instead, submit the
files as separate jobs, using a different conversion option for each
job.All of these options except and
require conversion filters installed for the
destination printer. For example, the option
requires the DVI conversion filter. Section Conversion
Filters gives details.Print cifplot files.Print DVI files.Print FORTRAN text files.Print plot data.Indent the output by number
columns; if you omit number, indent
by 8 columns. This option works only with certain conversion
filters.Do not put any space between the and
the number.Print literal text data, including control
characters.Print ditroff (device independent troff) data.-pFormat plain text with &man.pr.1; before printing. See
&man.pr.1; for more information.Use title on the
&man.pr.1; header instead of the file name. This option has
effect only when used with the
option.Print troff data.Print raster data.Here is an example: this command prints a nicely formatted
version of the &man.ls.1; manual page on the default printer:&prompt.user; zcat /usr/share/man/man1/ls.1.gz | troff -t -man | lpr -tThe &man.zcat.1; command uncompresses the source of the
&man.ls.1; manual page and passes it to the &man.troff.1;
command, which formats that source and makes GNU troff
output and passes it to &man.lpr.1;, which submits the job
to the LPD spooler. Because we used the
option to &man.lpr.1;, the spooler will convert the GNU
troff output into a format the default printer can
understand when it prints the job.Job Handling OptionsThe following options to &man.lpr.1; tell LPD to handle the job
specially:-# copiesProduce a number of copies of
each file in the job instead of just one copy. An
administrator may disable this option to reduce printer
wear-and-tear and encourage photocopier usage. See section
Restricting
Multiple Copies.This example prints three copies of
parser.c followed by three copies of
parser.h to the default printer:&prompt.user; lpr -#3 parser.c parser.h-mSend mail after completing the print job. With this
option, the LPD system will send mail to your account when it
finishes handling your job. In its message, it will tell you
if the job completed successfully or if there was an error,
and (often) what the error was.-sDo not copy the files to the spooling directory, but make
symbolic links to them instead.If you are printing a large job, you probably want to use
this option. It saves space in the spooling directory (your
job might overflow the free space on the filesystem where the
spooling directory resides). It saves time as well since LPD
will not have to copy each and every byte of your job to the
spooling directory.There is a drawback, though: since LPD will refer to the
original files directly, you cannot modify or remove them
until they have been printed.If you are printing to a remote printer, LPD will
eventually have to copy files from the local host to the
remote host, so the option will save
space only on the local spooling directory, not the remote.
It is still useful, though.-rRemove the files in the job after copying them to the
spooling directory, or after printing them with the
option. Be careful with this
option!Header Page OptionsThese options to &man.lpr.1; adjust the text that normally
appears on a job's header page. If header pages are suppressed for
the destination printer, these options have no effect. See section
Header Pages
for information about setting up header pages.-C textReplace the hostname on the header page with
text. The hostname is normally the
name of the host from which the job was submitted.-J textReplace the job name on the header page with
text. The job name is normally the
name of the first file of the job, or
stdin if you are printing standard
input.-hDo not print any header page.At some sites, this option may have no effect due to the
way header pages are generated. See Header
Pages for details.Administrating PrintersAs an administrator for your printers, you have had to install,
set up, and test them. Using the &man.lpc.8; command, you
can interact with your printers in yet more ways. With &man.lpc.8;,
you canStart and stop the printersEnable and disable their queuesRearrange the order of the jobs in each queue.First, a note about terminology: if a printer is
stopped, it will not print anything in its queue.
Users can still submit jobs, which will wait in the queue until the
printer is started or the queue is
cleared.If a queue is disabled, no user (except root)
can submit jobs for the printer. An enabled
queue allows jobs to be submitted. A printer can be
started for a disabled queue, in which case it
will continue to print jobs in the queue until the queue is
empty.In general, you have to have root privileges to use the
&man.lpc.8; command. Ordinary users can use the &man.lpc.8; command
to get printer status and to restart a hung printer only.Here is a summary of the &man.lpc.8; commands. Most of the
commands takes a printer-name argument to
tell on which printer to operate. You can use all
for the printer-name to mean all printers
listed in /etc/printcap.abort
printer-nameCancel the current job and stop the printer. Users can
still submit jobs if the queue's enabled.clean
printer-nameRemove old files from the printer's spooling directory.
Occasionally, the files that make up a job are not properly
removed by LPD, particularly if there have been errors during
printing or a lot of administrative activity. This command
finds files that do not belong in the spooling directory and
removes them.disable
printer-nameDisable queuing of new jobs. If the printer's started, it
will continue to print any jobs remaining in the queue. The
superuser (root) can always submit jobs, even to a disabled
queue.This command is useful while you are testing a new printer
or filter installation: disable the queue and submit jobs as
root. Other users will not be able to submit jobs until you
complete your testing and re-enable the queue with the
enable command.down printer-namemessageTake a printer down. Equivalent to
disable followed by stop.
The message appears as the printer's
status whenever a user checks the printer's queue with
&man.lpq.1; or status with lpc
status.enable
printer-nameEnable the queue for a printer. Users can submit jobs but
the printer will not print anything until it is started.help
command-namePrint help on the command
command-name. With no
command-name, print a summary of the
commands available.restart
printer-nameStart the printer. Ordinary users can use this command if
some extraordinary circumstance hangs LPD, but they cannot start
a printer stopped with either the stop or
down commands. The
restart command is equivalent to
abort followed by
start.start
printer-nameStart the printer. The printer will print jobs in its
queue.stop
printer-nameStop the printer. The printer will finish the current job
and will not print anything else in its queue. Even though the
printer is stopped, users can still submit jobs to an enabled
queue.topq printer-namejob-or-usernameRearrange the queue for
printer-name by placing the jobs with
the listed job numbers or the jobs
belonging to username at the top of
the queue. For this command, you cannot use
all as the
printer-name.up
printer-nameBring a printer up; the opposite of the
down command. Equivalent to
start followed by
enable.&man.lpc.8; accepts the above commands on the command line. If
you do not enter any commands, &man.lpc.8; enters an interactive mode,
where you can enter commands until you type exit,
quit, or end-of-file.Alternatives to the Standard SpoolerIf you have been reading straight through this manual, by now you
have learned just about everything there is to know about the LPD
spooling system that comes with FreeBSD. You can probably appreciate
many of its shortcomings, which naturally leads to the question:
What other spooling systems are out there (and work with
FreeBSD)?LPRngLPRngLPRng, which purportedly means LPR: the Next
Generation is a complete rewrite of PLP. Patrick Powell
and Justin Mason (the principal maintainer of PLP) collaborated to
make LPRng. The main site for LPRng is http://www.astart.com/lprng/LPRng.html.TroubleshootingAfter performing the simple test with &man.lptest.1;, you might
have gotten one of the following results instead of the correct
printout:It worked, after awhile; or, it did not eject a full
sheet.The printer printed the above, but it sat for awhile and
did nothing. In fact, you might have needed to press a
PRINT REMAINING or FORM FEED button on the printer to get any
results to appear.If this is the case, the printer was probably waiting to
see if there was any more data for your job before it printed
anything. To fix this problem, you can have the text filter
send a FORM FEED character (or whatever is necessary) to the
printer. This is usually sufficient to have the printer
immediately print any text remaining in its internal buffer.
It is also useful to make sure each print job ends on a full
sheet, so the next job does not start somewhere on the middle
of the last page of the previous job.The following replacement for the shell script
/usr/local/libexec/if-simple prints a
form feed after it sends the job to the printer:#!/bin/sh
#
# if-simple - Simple text input filter for lpd
# Installed in /usr/local/libexec/if-simple
#
# Simply copies stdin to stdout. Ignores all filter arguments.
# Writes a form feed character (\f) after printing job.
/bin/cat && printf "\f" && exit 0
exit 2It produced the staircase effect.You got the following on paper:!"#$%&'()*+,-./01234
"#$%&'()*+,-./012345
#$%&'()*+,-./0123456MS-DOSOS/2ASCIIYou have become another victim of the staircase
effect, caused by conflicting interpretations of
what characters should indicate a new line. Unix-style
operating systems use a single character: ASCII code 10, the
line feed (LF). MS-DOS, OS/2, and others uses a pair of
characters, ASCII code 10 and ASCII code
13 (the carriage return or CR). Many printers use the MS-DOS
convention for representing new-lines.When you print with FreeBSD, your text used just the line
feed character. The printer, upon seeing a line feed
character, advanced the paper one line, but maintained the
same horizontal position on the page for the next character
to print. That is what the carriage return is for: to move
the location of the next character to print to the left edge
of the paper.Here is what FreeBSD wants your printer to do:Printer received CRPrinter prints CRPrinter received LFPrinter prints CR + LFHere are some ways to achieve this:Use the printer's configuration switches or control
panel to alter its interpretation of these characters.
Check your printer's manual to find out how to do
this.If you boot your system into other operating systems
besides FreeBSD, you may have to
reconfigure the printer to use a an
interpretation for CR and LF characters that those other
operating systems use. You might prefer one of the other
solutions, below.Have FreeBSD's serial line driver automatically
convert LF to CR+LF. Of course, this works with printers
on serial ports only. To enable this
feature, set the CRMOD bit in fs
capability in the /etc/printcap file
for the printer.Send an escape code to the
printer to have it temporarily treat LF characters
differently. Consult your printer's manual for escape
codes that your printer might support. When you find the
proper escape code, modify the text filter to send the
code first, then send the print job.PCLHere is an example text filter for printers that
understand the Hewlett-Packard PCL escape codes. This
filter makes the printer treat LF characters as a LF and
CR; then it sends the job; then it sends a form feed to
eject the last page of the job. It should work with
nearly all Hewlett Packard printers.#!/bin/sh
#
# hpif - Simple text input filter for lpd for HP-PCL based printers
# Installed in /usr/local/libexec/hpif
#
# Simply copies stdin to stdout. Ignores all filter arguments.
# Tells printer to treat LF as CR+LF. Ejects the page when done.
printf "\033&k2G" && cat && printf "\033&l0H" && exit 0
exit 2Here is an example /etc/printcap
from a host called orchid. It has a single printer
attached to its first parallel port, a Hewlett Packard
LaserJet 3Si named teak. It is using the
above script as its text filter:#
# /etc/printcap for host orchid
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/hpif:It overprinted each line.The printer never advanced a line. All of the lines of
text were printed on top of each other on one line.This problem is the opposite of the
staircase effect, described above, and is much rarer.
Somewhere, the LF characters that FreeBSD uses to end a line
are being treated as CR characters to return the print
location to the left edge of the paper, but not also down a
line.Use the printer's configuration switches or control panel
to enforce the following interpretation of LF and CR
characters:Printer receivesPrinter printsCRCRLFCR + LFThe printer lost characters.While printing, the printer did not print a few characters
in each line. The problem might have gotten worse as the
printer ran, losing more and more characters.The problem is that the printer cannot keep up with the
speed at which the computer sends data over a serial line
(this problem should not occur with printers on parallel
ports). There are two ways to overcome the problem:If the printer supports XON/XOFF flow control, have
FreeBSD use it by specifying the TANDEM bit in the
fs capability.If the printer supports carrier flow control, specify
the MDMBUF bit in the fs capability.
Make sure the cable connecting the printer to the computer
is correctly wired for carrier flow control.If the printer does not support any flow control, use
some combination of the NLDELAY, TBDELAY, CRDELAY, VTDELAY,
and BSDELAY bits in the fs capability
to add appropriate delays to the stream of data sent to
the printer.It printed garbage.The printer printed what appeared to be random garbage,
but not the desired text.This is usually another symptom of incorrect
communications parameters with a serial printer. Double-check
the bps rate in the br capability, and the
parity bits in the fs and
fc capabilities; make sure the printer is
using the same settings as specified in the
/etc/printcap file.Nothing happened.If nothing happened, the problem is probably within
FreeBSD and not the hardware. Add the log file
(lf) capability to the entry for the
printer you are debugging in the
/etc/printcap file. For example, here is
the entry for rattan, with the
lf capability:rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:\
:lf=/var/log/rattan.logThen, try printing again. Check the log file (in our
example, /var/log/rattan.log) to see any
error messages that might appear. Based on the messages you
see, try to correct the problem.If you do not specify a lf capability,
LPD uses /dev/console as a
default.
diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index 47243a85c5..e5fba74e14 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -1,3037 +1,3039 @@
SecuritysecurityMuch of this chapter has been taken from the
&man.security.7; man page, originally written by
&a.dillon;.SynopsisThe following chapter will provide a basic introduction to
system security concepts, some general good rules of thumb, and some
advanced topics such as S/Key, OpenSSL, Kerberos, and others.IntroductionSecurity is a function that begins and ends with the system
administrator. While all BSD Unix multi-user systems have some
inherent security, the job of building and maintaining additional
security mechanisms to keep those users honest is
probably one of the single largest undertakings of the sysadmin.
Machines are only as secure as you make them, and security concerns
are ever competing with the human necessity for convenience. Unix
systems, in general, are capable of running a huge number of
simultaneous processes and many of these processes operate as
servers – meaning that external entities can connect and talk
to them. As yesterday's mini-computers and mainframes become
today's desktops, and as computers become networked and
internetworked, security becomes an ever bigger issue.Security is best implemented through a layered
onion approach. In a nutshell, what you want to do is
to create as many layers of security as are convenient and then
carefully monitor the system for intrusions. You do not want to
overbuild your security or you will interfere with the detection
side, and detection is one of the single most important aspects of
any security mechanism. For example, it makes little sense to set
the schg flags (see &man.chflags.1;) on every system binary because
while this may temporarily protect the binaries, it prevents an
attacker who has broken in from making an easily detectable change
that may result in your security mechanisms not detecting the attacker
at all.System security also pertains to dealing with various forms of
attack, including attacks that attempt to crash or otherwise make a
system unusable but do not attempt to break root. Security concerns
can be split up into several categories:Denial of service attacks.User account compromises.Root compromise through accessible servers.Root compromise via user accounts.Backdoor creation.DOS attackssecurityDOS attacksDenial of ServiceA denial of service attack is an action that deprives the
machine of needed resources. Typically, D.O.S. attacks are
brute-force mechanisms that attempt to crash or otherwise make a
machine unusable by overwhelming its servers or network stack. Some
D.O.S. attacks try to take advantages of bugs in the networking
stack to crash a machine with a single packet. The latter can only
be fixed by applying a bug fix to the kernel. Attacks on servers
can often be fixed by properly specifying options to limit the load
the servers incur on the system under adverse conditions.
Brute-force network attacks are harder to deal with. A
spoofed-packet attack, for example, is nearly impossible to stop
short of cutting your system off from the Internet. It may not be
able to take your machine down, but it can saturate your
Internet connection.securityaccount compromisesA user account compromise is even more common than a D.O.S.
attack. Many sysadmins still run standard telnetd, rlogind, rshd,
and ftpd servers on their machines. These servers, by default, do
not operate over encrypted connections. The result is that if you
have any moderate-sized user base, one or more of your users logging
into your system from a remote location (which is the most common
and convenient way to login to a system) will have his or her
password sniffed. The attentive system admin will analyze his
remote access logs looking for suspicious source addresses even for
successful logins.One must always assume that once an attacker has access to a
user account, the attacker can break root. However, the reality is
that in a well secured and maintained system, access to a user
account does not necessarily give the attacker access to root. The
distinction is important because without access to root the attacker
cannot generally hide his tracks and may, at best, be able to do
nothing more than mess with the user's files or crash the machine.
User account compromises are very common because users tend not to
take the precautions that sysadmins take.securitybackdoorsSystem administrators must keep in mind that there are
potentially many ways to break root on a machine. The attacker
may know the root password, the attacker may find a bug in a
root-run server and be able to break root over a network
connection to that server, or the attacker may know of a bug in
an suid-root program that allows the attacker to break root once
he has broken into a user's account. If an attacker has found
a way to break root on a machine, the attacker may not have a need
to install a backdoor. Many of the root holes
found and closed to date involve a considerable amount of work
by the attacker to cleanup after himself, so most attackers install
backdoors. Backdoors provide the attacker with a way to easily
regain root access to the system, but it also gives the smart
system administrator a convenient way to detect the intrusion.
Making it impossible for an attacker to install a backdoor may
actually be detrimental to your security because it will not
close off the hole the attacker found to break in the first
place.Security remedies should always be implemented with a
multi-layered onion peel approach and can be
categorized as follows:Securing root and staff accounts.Securing root – root-run servers and suid/sgid
binaries.Securing user accounts.Securing the password file.Securing the kernel core, raw devices, and
filesystems.Quick detection of inappropriate changes made to the
system.Paranoia.The next section of this chapter will cover the above bullet
items in greater depth.securitysecuringSecuring FreeBSDThe sections that follow will cover the methods of securing your
FreeBSD system that were mentioned in the last section of this chapter.Securing the root account and staff accounts
- su
+
+ su
+ First off, do not bother securing staff accounts if you have
not secured the root account. Most systems have a password
assigned to the root account. The first thing you do is assume
that the password is always compromised.
This does not mean that you should remove the password. The
password is almost always necessary for console access to the
machine. What it does mean is that you should not make it
possible to use the password outside of the console or possibly
even with the &man.su.1; command. For example, make sure that
your pty's are specified as being unsecure in the
/etc/ttys file so that direct root logins
via telnet or rlogin are
disallowed. If using other login services such as
sshd, make sure that direct root logins
are disabled there as well. Consider every access method –
services such as FTP often fall through the cracks. Direct root
logins should only be allowed via the system console.wheelOf course, as a sysadmin you have to be able to get to root,
so we open up a few holes. But we make sure these holes require
additional password verification to operate. One way to make root
accessible is to add appropriate staff accounts to the
wheel group (in
/etc/group). The staff members placed in the
wheel group are allowed to
su to root. You should never give staff
members native wheel access by putting them in the
wheel group in their password entry. Staff
accounts should be placed in a staff group, and
then added to the wheel group via the
/etc/group file. Only those staff members
who actually need to have root access should be placed in the
wheel group. It is also possible, when using
an authentication method such as kerberos, to use kerberos'
.k5login file in the root account to allow a
&man.ksu.1; to root without having to place anyone at all in the
wheel group. This may be the better solution
since the wheel mechanism still allows an
intruder to break root if the intruder has gotten hold of your
password file and can break into a staff account. While having
the wheel mechanism is better than having
nothing at all, it is not necessarily the safest option.An indirect way to secure staff accounts, and ultimately
root access is to use an alternative login access method and
do what is known as *'ing out the crypted
password for the staff accounts. Using the &man.vipw.8;
command, one can replace each instance of a crypted password
with a single * character. This command
will update the /etc/master.passwd file
and user/password database to disable password-authenticated
logins.A staff account entry such as:foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcshShould be changed to this :foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcshThis change will prevent normal logins from occurring,
since the encrypted password will never match
*. With this done, staff members must use
another mechanism to authenticate themselves such as
&man.kerberos.1; or &man.ssh.1; using a public/private key
pair. When using something like kerberos, one generally must
secure the machines which run the kerberos servers and your
desktop workstation. When using a public/private key pair
with ssh, one must generally secure
the machine used to login from (typically
one's workstation). An additional layer of protection can be
added to the key pair by password protecting the key pair when
creating it with &man.ssh-keygen.1;. Being able to
* out the passwords for staff accounts also
guarantees that staff members can only login through secure
access methods that you have setup. This forces all staff
members to use secure, encrypted connections for all of their
sessions which closes an important hole used by many
intruders: That of sniffing the network from an unrelated,
less secure machine.The more indirect security mechanisms also assume that you are
logging in from a more restrictive server to a less restrictive
server. For example, if your main box is running all sorts of
servers, your workstation should not be running any. In order for
your workstation to be reasonably secure you should run as few
servers as possible, up to and including no servers at all, and
you should run a password-protected screen blanker. Of course,
given physical access to a workstation an attacker can break any
sort of security you put on it. This is definitely a problem that
you should consider but you should also consider the fact that the
vast majority of break-ins occur remotely, over a network, from
people who do not have physical access to your workstation or
servers.KerberosUsing something like kerberos also gives you the ability to
disable or change the password for a staff account in one place
and have it immediately effect all the machine the staff member
may have an account on. If a staff member's account gets
compromised, the ability to instantly change his password on all
machines should not be underrated. With discrete passwords,
changing a password on N machines can be a mess. You can also
impose re-passwording restrictions with kerberos: not only can a
kerberos ticket be made to timeout after a while, but the kerberos
system can require that the user choose a new password after a
certain period of time (say, once a month).Securing Root-run Servers and SUID/SGID BinariesntalkcomsatfingersandboxessshdtelnetdrshdrlogindThe prudent sysadmin only runs the servers he needs to, no
more, no less. Be aware that third party servers are often the
most bug-prone. For example, running an old version of imapd or
popper is like giving a universal root ticket out to the entire
world. Never run a server that you have not checked out
carefully. Many servers do not need to be run as root. For
example, the ntalk,
comsat, and
finger daemons can be run in special
user sandboxes. A sandbox isn't perfect unless
you go to a large amount of trouble, but the onion approach to
security still stands: If someone is able to break in through
a server running in a sandbox, they still have to break out of the
sandbox. The more layers the attacker must break through, the
lower the likelihood of his success. Root holes have historically
been found in virtually every server ever run as root, including
basic system servers. If you are running a machine through which
people only login via sshd and never
login via telnetd or
rshd or
rlogind, then turn off those
services!FreeBSD now defaults to running
ntalkd,
comsat, and
finger in a sandbox. Another program
which may be a candidate for running in a sandbox is &man.named.8;.
/etc/defaults/rc.conf includes the arguments
necessary to run named in a sandbox in a
commented-out form. Depending on whether you are installing a new
system or upgrading an existing system, the special user accounts
used by these sandboxes may not be installed. The prudent
sysadmin would research and implement sandboxes for servers
whenever possible.sendmailThere are a number of other servers that typically do not run
in sandboxes: sendmail,
popper,
imapd, ftpd,
and others. There are alternatives to some of these, but
installing them may require more work than you are willing to
perform (the convenience factor strikes again). You may have to
run these servers as root and rely on other mechanisms to detect
break-ins that might occur through them.The other big potential root hole in a system are the
suid-root and sgid binaries installed on the system. Most of
these binaries, such as rlogin, reside
in /bin, /sbin,
/usr/bin, or /usr/sbin.
While nothing is 100% safe, the system-default suid and sgid
binaries can be considered reasonably safe. Still, root holes are
occasionally found in these binaries. A root hole was found in
Xlib in 1998 that made
xterm (which is typically suid)
vulnerable. It is better to be safe than sorry and the prudent
sysadmin will restrict suid binaries that only staff should run to
a special group that only staff can access, and get rid of
(chmod 000) any suid binaries that nobody uses.
A server with no display generally does not need an
xterm binary. Sgid binaries can be
almost as dangerous. If an intruder can break an sgid-kmem binary
the intruder might be able to read /dev/kmem
and thus read the crypted password file, potentially compromising
any passworded account. Alternatively an intruder who breaks
group kmem can monitor keystrokes sent through
pty's, including pty's used by users who login through secure
methods. An intruder that breaks the tty group can write to
almost any user's tty. If a user is running a terminal program or
emulator with a keyboard-simulation feature, the intruder can
potentially generate a data stream that causes the user's terminal
to echo a command, which is then run as that user.Securing User AccountsUser accounts are usually the most difficult to secure. While
you can impose Draconian access restrictions on your staff and
* out their passwords, you may not be able to
do so with any general user accounts you might have. If you do
have sufficient control then you may win out and be able to secure
the user accounts properly. If not, you simply have to be more
vigilant in your monitoring of those accounts. Use of
ssh and kerberos for user accounts is
more problematic due to the extra administration and technical
support required, but still a very good solution compared to a
crypted password file.Securing the Password FileThe only sure fire way is to * out as many
passwords as you can and use ssh or
kerberos for access to those accounts. Even though the crypted
password file (/etc/spwd.db) can only be read
by root, it may be possible for an intruder to obtain read access
to that file even if the attacker cannot obtain root-write
access.Your security scripts should always check for and report
changes to the password file (see Checking file integrity
below).Securing the Kernel Core, Raw Devices, and
FilesystemsIf an attacker breaks root he can do just about anything, but
there are certain conveniences. For example, most modern kernels
have a packet sniffing device driver built in. Under FreeBSD it
is called the bpf device. An intruder
will commonly attempt to run a packet sniffer on a compromised
machine. You do not need to give the intruder the capability and
most systems should not have the bpf device compiled in.sysctlBut even if you turn off the bpf device, you still have
/dev/mem and /dev/kmem
to worry about. For that matter, the intruder can still write to
raw disk devices. Also, there is another kernel feature called
the module loader, &man.kldload.8;. An enterprising intruder can
use a KLD module to install his own bpf device or other sniffing
device on a running kernel. To avoid these problems you have to
run the kernel at a higher secure level, at least securelevel 1.
The securelevel can be set with a sysctl on
the kern.securelevel variable. Once you have
set the securelevel to 1, write access to raw devices will be
denied and special chflags flags, such as schg,
will be enforced. You must also ensure that the
schg flag is set on critical startup binaries,
directories, and script files – everything that gets run up
to the point where the securelevel is set. This might be overdoing
it, and upgrading the system is much more difficult when you
operate at a higher secure level. You may compromise and run the
system at a higher secure level but not set the
schg flag for every system file and directory
under the sun. Another possibility is to simply mount
/ and /usr read-only.
It should be noted that being too draconian in what you attempt to
protect may prevent the all-important detection of an
intrusion.Checking File Integrity: Binaries, Configuration Files,
Etc.When it comes right down to it, you can only protect your core
system configuration and control files so much before the
convenience factor rears its ugly head. For example, using
chflags to set the schg bit
on most of the files in / and
/usr is probably counterproductive because
while it may protect the files, it also closes a detection window.
The last layer of your security onion is perhaps the most
important – detection. The rest of your security is pretty
much useless (or, worse, presents you with a false sense of
safety) if you cannot detect potential incursions. Half the job
of the onion is to slow down the attacker rather than stop him in
order to give the detection side of the equation a chance to catch
him in the act.The best way to detect an incursion is to look for modified,
missing, or unexpected files. The best way to look for modified
files is from another (often centralized) limited-access system.
Writing your security scripts on the extra-secure limited-access
system makes them mostly invisible to potential attackers, and this
is important. In order to take maximum advantage you generally
have to give the limited-access box significant access to the
other machines in the business, usually either by doing a
read-only NFS export of the other machines to the limited-access
box, or by setting up ssh key-pairs to
allow the limit-access box to ssh to
the other machines. Except for its network traffic, NFS is the
least visible method – allowing you to monitor the
filesystems on each client box virtually undetected. If your
limited-access server is connected to the client boxes through a
switch, the NFS method is often the better choice. If your
limited-access server is connected to the client boxes through a
hub or through several layers of routing, the NFS method may be
too insecure (network-wise) and using
ssh may be the better choice even with
the audit-trail tracks that ssh
lays.Once you give a limit-access box at least read access to the
client systems it is supposed to monitor, you must write scripts
to do the actual monitoring. Given an NFS mount, you can write
scripts out of simple system utilities such as &man.find.1; and
&man.md5.1;. It is best to physically md5 the client-box files
boxes at least once a day, and to test control files such as those
found in /etc and
/usr/local/etc even more often. When
mismatches are found relative to the base md5 information the
limited-access machine knows is valid, it should scream at a
sysadmin to go check it out. A good security script will also
check for inappropriate suid binaries and for new or deleted files
on system partitions such as / and
/usr.When using ssh rather than NFS,
writing the security script is much more difficult. You
essentially have to scp the scripts to the client box in order to
run them, making them visible, and for safety you also need to
scp the binaries (such as find) that those
scripts use. The ssh daemon on the
client box may already be compromised. All in all, using
ssh may be necessary when running over
unsecure links, but it's also a lot harder to deal with.A good security script will also check for changes to user and
staff members access configuration files:
.rhosts, .shosts,
.ssh/authorized_keys and so forth…
files that might fall outside the purview of the
MD5 check.If you have a huge amount of user disk space it may take too
long to run through every file on those partitions. In this case,
setting mount flags to disallow suid binaries and devices on those
partitions is a good idea. The nodev and
nosuid options (see &man.mount.8;) are what you
want to look into. You should probably scan them anyway at least
once a week, since the object of this layer is to detect a break-in
whether or not the break-in is effective.Process accounting (see &man.accton.8;) is a relatively
low-overhead feature of the operating system which might help
as a post-break-in evaluation mechanism. It is especially
useful in tracking down how an intruder has actually broken into
a system, assuming the file is still intact after the break-in
occurs.Finally, security scripts should process the log files and the
logs themselves should be generated in as secure a manner as
possible – remote syslog can be very useful. An intruder
tries to cover his tracks, and log files are critical to the
sysadmin trying to track down the time and method of the initial
break-in. One way to keep a permanent record of the log files is
to run the system console to a serial port and collect the
information on a continuing basis through a secure machine
monitoring the consoles.ParanoiaA little paranoia never hurts. As a rule, a sysadmin can add
any number of security features as long as they do not effect
convenience, and can add security features that do effect
convenience with some added thought. Even more importantly, a
security administrator should mix it up a bit – if you use
recommendations such as those given by this document verbatim, you
give away your methodologies to the prospective attacker who also
has access to this document.Denial of Service AttacksDOS attacksThis section covers Denial of Service attacks. A DOS attack
is typically a packet attack. While there is not much you can do
about modern spoofed packet attacks that saturate your network,
you can generally limit the damage by ensuring that the attacks
cannot take down your servers.Limiting server forks.Limiting springboard attacks (ICMP response attacks, ping
broadcast, etc.).Kernel Route Cache.A common DOS attack is against a forking server that attempts
to cause the server to eat processes, file descriptors, and memory
until the machine dies. Inetd (see &man.inetd.8;) has several
options to limit this sort of attack. It should be noted that
while it is possible to prevent a machine from going down it is
not generally possible to prevent a service from being disrupted
by the attack. Read the inetd manual page carefully and pay
specific attention to the , ,
and options. Note that spoofed-IP attacks
will circumvent the option to inetd, so
typically a combination of options must be used. Some standalone
servers have self-fork-limitation parameters.Sendmail has its
option which tends to work
much better than trying to use sendmail's load limiting options
due to the load lag. You should specify a
MaxDaemonChildren parameter when you start
sendmail high enough to handle your
expected load but no so high that the computer cannot handle that
number of sendmails without falling on
its face. It is also prudent to run sendmail in queued mode
() and to run the daemon
(sendmail -bd) separate from the queue-runs
(sendmail -q15m). If you still want real-time
delivery you can run the queue at a much lower interval, such as
, but be sure to specify a reasonable
MaxDaemonChildren option for that sendmail to
prevent cascade failures.Syslogd can be attacked directly
and it is strongly recommended that you use the
option whenever possible, and the option
otherwise.You should also be fairly careful with connect-back services
such as tcpwrapper's reverse-identd,
which can be attacked directly. You generally do not want to use
the reverse-ident feature of
tcpwrappers for this reason.It is a very good idea to protect internal services from
external access by firewalling them off at your border routers.
The idea here is to prevent saturation attacks from outside your
LAN, not so much to protect internal services from network-based
root compromise. Always configure an exclusive firewall, i.e.,
firewall everything except ports A, B,
C, D, and M-Z. This way you can firewall off all of your
low ports except for certain specific services such as
named (if you are primary for a zone),
ntalkd,
sendmail, and other Internet-accessible
services. If you try to configure the firewall the other way
– as an inclusive or permissive firewall, there is a good
chance that you will forget to close a couple of
services or that you will add a new internal service and forget
to update the firewall. You can still open up the high-numbered
port range on the firewall to allow permissive-like operation
without compromising your low ports. Also take note that FreeBSD
allows you to control the range of port numbers used for dynamic
binding via the various net.inet.ip.portrangesysctl's (sysctl -a | fgrep
portrange), which can also ease the complexity of your
firewall's configuration. For example, you might use a normal
first/last range of 4000 to 5000, and a hiport range of 49152 to
65535, then block everything under 4000 off in your firewall
(except for certain specific Internet-accessible ports, of
course).ICMP_BANDLIMAnother common DOS attack is called a springboard attack
– to attack a server in a manner that causes the server to
generate responses which then overload the server, the local
network, or some other machine. The most common attack of this
nature is the ICMP ping broadcast attack.
The attacker spoofs ping packets sent to your LAN's broadcast
address with the source IP address set to the actual machine they
wish to attack. If your border routers are not configured to
stomp on ping's to broadcast addresses, your LAN winds up
generating sufficient responses to the spoofed source address to
saturate the victim, especially when the attacker uses the same
trick on several dozen broadcast addresses over several dozen
different networks at once. Broadcast attacks of over a hundred
and twenty megabits have been measured. A second common
springboard attack is against the ICMP error reporting system.
By constructing packets that generate ICMP error responses, an
attacker can saturate a server's incoming network and cause the
server to saturate its outgoing network with ICMP responses. This
type of attack can also crash the server by running it out of
mbuf's, especially if the server cannot drain the ICMP responses
it generates fast enough. The FreeBSD kernel has a new kernel
compile option called ICMP_BANDLIM which limits the effectiveness
of these sorts of attacks. The last major class of springboard
attacks is related to certain internal inetd services such as the
udp echo service. An attacker simply spoofs a UDP packet with the
source address being server A's echo port, and the destination
address being server B's echo port, where server A and B are both
on your LAN. The two servers then bounce this one packet back and
forth between each other. The attacker can overload both servers
and their LANs simply by injecting a few packets in this manner.
Similar problems exist with the internal chargen port. A
competent sysadmin will turn off all of these inetd-internal test
services.Spoofed packet attacks may also be used to overload the kernel
route cache. Refer to the net.inet.ip.rtexpire,
rtminexpire, and rtmaxcachesysctl parameters. A spoofed packet attack
that uses a random source IP will cause the kernel to generate a
temporary cached route in the route table, viewable with
netstat -rna | fgrep W3. These routes
typically timeout in 1600 seconds or so. If the kernel detects
that the cached route table has gotten too big it will dynamically
reduce the rtexpire but will never decrease it to less than
rtminexpire. There are two problems:The kernel does not react quickly enough when a lightly
loaded server is suddenly attacked.The rtminexpire is not low enough for
the kernel to survive a sustained attack.If your servers are connected to the Internet via a T3 or
better it may be prudent to manually override both
rtexpire and rtminexpire
via &man.sysctl.8;. Never set either parameter to zero (unless
you want to crash the machine :-). Setting both
parameters to 2 seconds should be sufficient to protect the route
table from attack.Access Issues with Kerberos and SSHsshKerberosThere are a few issues with both kerberos and
ssh that need to be addressed if
you intend to use them. Kerberos V is an excellent
authentication protocol but there are bugs in the kerberized
telnet and
rlogin applications that make them
unsuitable for dealing with binary streams. Also, by default
kerberos does not encrypt a session unless you use the
option. ssh
encrypts everything by default.ssh works quite well in every
respect except that it forwards encryption keys by default. What
this means is that if you have a secure workstation holding keys
that give you access to the rest of the system, and you
ssh to an unsecure machine, your keys
becomes exposed. The actual keys themselves are not exposed, but
ssh installs a forwarding port for the
duration of your login and if a attacker has broken root on the
unsecure machine he can utilize that port to use your keys to gain
access to any other machine that your keys unlock.We recommend that you use ssh in
combination with kerberos whenever possible for staff logins.
ssh can be compiled with kerberos
support. This reduces your reliance on potentially exposable
ssh keys while at the same time
protecting passwords via kerberos. ssh
keys should only be used for automated tasks from secure machines
(something that kerberos is unsuited to). We also recommend that
you either turn off key-forwarding in the
ssh configuration, or that you make use
of the from=IP/DOMAIN option that
ssh allows in its
authorized_keys file to make the key only
usable to entities logging in from specific machines.DES, MD5, and CryptsecuritycryptcryptDESMD5Parts rewritten and updated by &a.unfurl;, 21 March
2000.Every user on a Unix system has a password associated with
their account. It seems obvious that these passwords need to be
known only to the user and the actual operating system. In
order to keep these passwords secret, they are encrypted with
what is known as a one-way hash, that is, they can
only be easily encrypted but not decrypted. In other words, what
we told you a moment ago was obvious is not even true: the
operating system itself does not really know
the password. It only knows the encrypted
form of the password. The only way to get the
plain-text password is by a brute force search of the
space of possible passwords.Unfortunately the only secure way to encrypt passwords when
Unix came into being was based on DES, the Data Encryption
Standard. This is not such a problem for users that live in
the US, but since the source code for DES could not be exported
outside the US, FreeBSD had to find a way to both comply with
US law and retain compatibility with all the other Unix
variants that still use DES.The solution was to divide up the encryption libraries
so that US users could install the DES libraries and use
DES but international users still had an encryption method
that could be exported abroad. This is how FreeBSD came to
use MD5 as its default encryption method. MD5 is believed to
be more secure than DES, so installing DES is offered primarily
for compatibility reasons.Recognizing your crypt mechanismIt is pretty easy to identify which encryption method
FreeBSD is set up to use. Examining the encrypted passwords in
the /etc/master.passwd file is one way.
Passwords encrypted with the MD5 hash are longer than those with
encrypted with the DES hash and also begin with the characters
$1$. DES password strings do not
have any particular identifying characteristics, but they are
shorter than MD5 passwords, and are coded in a 64-character
alphabet which does not include the $
character, so a relatively short string which does not begin with
a dollar sign is very likely a DES password.The libraries can identify the passwords this way as well.
As a result, the DES libraries are able to identify MD5
passwords, and use MD5 to check passwords that were encrypted
that way, and DES for the rest. They are able to do this
because the DES libraries also contain MD5. Unfortunately, the
reverse is not true, so the MD5 libraries cannot authenticate
passwords that were encrypted with DES.Identifying which library is being used by the programs on
your system is easy as well. Any program that uses crypt is linked
against libcrypt which for each type of library is a symbolic link
to the appropriate implementation. For example, on a system using
the DES versions:&prompt.user; ls -l /usr/lib/libcrypt*
lrwxr-xr-x 1 root wheel 13 Mar 19 06:56 libcrypt.a -> libdescrypt.a
lrwxr-xr-x 1 root wheel 18 Mar 19 06:56 libcrypt.so.2.0 -> libdescrypt.so.2.0
lrwxr-xr-x 1 root wheel 15 Mar 19 06:56 libcrypt_p.a -> libdescrypt_p.aOn a system using the MD5-based libraries, the same links will
be present, but the target will be libscrypt
rather than libdescrypt.If you have installed the DES-capable crypt library
libdescrypt (e.g. by installing the
"crypto" distribution), then which password format will be used
for new passwords is controlled by the
passwd_format login capability in
/etc/login.conf, which takes values of
either des or md5. See the
&man.login.conf.5; manpage for more information about login
capabilities.S/KeyS/KeysecurityS/KeyS/Key is a one-time password scheme based on a one-way hash
function. FreeBSD uses the MD4 hash for compatibility but other
systems have used MD5 and DES-MAC. S/Key has been part of the
FreeBSD base system since version 1.1.5 and is also used on a
growing number of other operating systems. S/Key is a registered
trademark of Bell Communications Research, Inc.There are three different sorts of passwords which we will talk
about in the discussion below. The first is your usual Unix-style or
Kerberos password; we will call this a Unix password.
The second sort is the one-time password which is generated by the
S/Key key program and accepted by the
keyinit program and the login prompt; we will
call this a one-time password. The final sort of
password is the secret password which you give to the
key program (and sometimes the
keyinit program) which it uses to generate
one-time passwords; we will call it a secret password
or just unqualified password.The secret password does not have anything to do with your Unix
password; they can be the same but this is not recommended. S/Key
secret passwords are not limited to 8 characters like Unix passwords,
they can be as long as you like. Passwords of six or seven word
long phrases are fairly common. For the most part, the S/Key system
operates completely independently of the Unix password
system.Besides the password, there are two other pieces of data that
are important to S/Key. One is what is known as the
seed or key and consists of two letters
and five digits. The other is what is called the iteration
count and is a number between 1 and 100. S/Key creates the
one-time password by concatenating the seed and the secret password,
then applying the MD4 hash as many times as specified by the
iteration count and turning the result into six short English words.
These six English words are your one-time password. The
login and su programs keep
track of the last one-time password used, and the user is
authenticated if the hash of the user-provided password is equal to
the previous password. Because a one-way hash is used it is
impossible to generate future one-time passwords if a successfully
used password is captured; the iteration count is decremented after
each successful login to keep the user and the login program in
sync. When the iteration count gets down to 1 S/Key must be
reinitialized.There are four programs involved in the S/Key system which we
will discuss below. The key program accepts an
iteration count, a seed, and a secret password, and generates a
one-time password. The keyinit program is used
to initialized S/Key, and to change passwords, iteration counts, or
seeds; it takes either a secret password, or an iteration count,
seed, and one-time password. The keyinfo program
examines the /etc/skeykeys file and prints out
the invoking user's current iteration count and seed. Finally, the
login and su programs contain
the necessary logic to accept S/Key one-time passwords for
authentication. The login program is also
capable of disallowing the use of Unix passwords on connections
coming from specified addresses.There are four different sorts of operations we will cover. The
first is using the keyinit program over a secure
connection to set up S/Key for the first time, or to change your
password or seed. The second operation is using the
keyinit program over an insecure connection, in
conjunction with the key program over a secure
connection, to do the same. The third is using the
key program to log in over an insecure
connection. The fourth is using the key program
to generate a number of keys which can be written down or printed
out to carry with you when going to some location without secure
connections to anywhere.Secure connection initializationTo initialize S/Key for the first time, change your password,
or change your seed while logged in over a secure connection
(e.g., on the console of a machine or via ssh), use the
keyinit command without any parameters while
logged in as yourself:&prompt.user; keyinit
Adding unfurl:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password:
Again secret password:
ID unfurl s/key is 99 to17757
DEFY CLUB PRO NASH LACE SOFTAt the Enter secret password: prompt you
should enter a password or phrase. Remember, this is not the
password that you will use to login with, this is used to generate
your one-time login keys. The ID line gives the
parameters of your particular S/Key instance; your login name, the
iteration count, and seed. When logging in with S/Key, the system
will remember these parameters and present them back to you so you
do not have to remember them. The last line gives the particular
one-time password which corresponds to those parameters and your
secret password; if you were to re-login immediately, this
one-time password is the one you would use.Insecure connection initializationTo initialize S/Key or change your secret password over an
insecure connection, you will need to already have a secure
connection to some place where you can run the
key program; this might be in the form of a
desk accessory on a Macintosh, or a shell prompt on a machine you
trust. You will also need to make up an iteration count (100 is
probably a good value), and you may make up your own seed or use a
randomly-generated one. Over on the insecure connection (to the
machine you are initializing), use the keyinit
-s command:&prompt.user; keyinit -s
Updating unfurl:
Old key: to17758
Reminder you need the 6 English words from the key command.
Enter sequence count from 1 to 9999: 100
Enter new key [default to17759]:
s/key 100 to 17759
s/key access password:To accept the default seed (which the
keyinit program confusingly calls a
key), press return. Then before entering an
access password, move over to your secure connection or S/Key desk
accessory, and give it the same parameters:&prompt.user; key 100 to17759
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: <secret password>
CURE MIKE BANE HIM RACY GORENow switch back over to the insecure connection, and copy the
one-time password generated by key over to the
keyinit program:s/key access password:CURE MIKE BANE HIM RACY GORE
ID unfurl s/key is 100 to17759
CURE MIKE BANE HIM RACY GOREThe rest of the description from the previous section applies
here as well.Generating a single one-time passwordOnce you've initialized S/Key, when you login you will be
presented with a prompt like this:&prompt.user; telnet example.com
Trying 10.0.0.1...
Connected to example.com
Escape character is '^]'.
FreeBSD/i386 (example.com) (ttypa)
login: <username>
s/key 97 fw13894
Password: As a side note, the S/Key prompt has a useful feature
(not shown here): if you press return at the password prompt, the
login program will turn echo on, so you can see what you are
typing. This can be extremely useful if you are attempting to
type in an S/Key by hand, such as from a printout. Also, if this
machine were configured to disallow Unix passwords over a
connection from the source machine, the prompt would have also included
the annotation (s/key required), indicating
that only S/Key one-time passwords will be accepted.MS-DOSWindowsMacOSAt this point you need to generate your one-time password to
answer this login prompt. This must be done on a trusted system
that you can run the key command on. (There
are versions of the key program for MS-DOS,
Windows and MacOS as well.) The key program
needs both the iteration count and the seed as command line
options. You can cut-and-paste these right from the login prompt
on the machine that you are logging in to.On the trusted system:&prompt.user; key 97 fw13894
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password:
WELD LIP ACTS ENDS ME HAAGNow that you have your one-time password you can continue
logging in:login: <username>
s/key 97 fw13894
Password: <return to enable echo>
s/key 97 fw13894
Password [echo on]: WELD LIP ACTS ENDS ME HAAG
Last login: Tue Mar 21 11:56:41 from 10.0.0.2 ... This is the easiest mechanism if you have
a trusted machine. There is a Java S/Key key
applet, The Java OTP
Calculator, that you can download and run locally on any
Java supporting browser.Generating multiple one-time passwordsSometimes you have to go places where you do not have
access to a trusted machine or secure connection. In this case,
it is possible to use the key command to
generate a number of one-time passwords before hand to be printed
out and taken with you. For example:&prompt.user; key -n 5 30 zz99999
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: <secret password>
26: SODA RUDE LEA LIND BUDD SILT
27: JILT SPY DUTY GLOW COWL ROT
28: THEM OW COLA RUNT BONG SCOT
29: COT MASH BARR BRIM NAN FLAG
30: CAN KNEE CAST NAME FOLK BILKThe requests five keys in sequence, the
specifies what the last iteration number
should be. Note that these are printed out in
reverse order of eventual use. If you are
really paranoid, you might want to write the results down by hand;
otherwise you can cut-and-paste into lpr. Note
that each line shows both the iteration count and the one-time
password; you may still find it handy to scratch off passwords as
you use them.Restricting use of Unix passwordsRestrictions can be placed on the use of Unix passwords based
on the host name, user name, terminal port, or IP address of a
login session. These restrictions can be found in the
configuration file /etc/skey.access. The
&man.skey.access.5; manual page has more info on the complete
format of the file and also details some security cautions to be
aware of before depending on this file for security.If there is no /etc/skey.access file
(this is the FreeBSD default), then all users will be allowed to
use Unix passwords. If the file exists, however, then all users
will be required to use S/Key unless explicitly permitted to do
otherwise by configuration statements in the
skey.access file. In all cases, Unix
passwords are permitted on the console.Here is a sample configuration file which illustrates the
three most common sorts of configuration statements:permit internet 192.168.0.0 255.255.0.0
permit user fnord
permit port ttyd0The first line (permit internet) allows
users whose IP source address (which is vulnerable to spoofing)
matches the specified value and mask, to use Unix passwords. This
should not be considered a security mechanism, but rather, a means
to remind authorized users that they are using an insecure network
and need to use S/Key for authentication.The second line (permit user) allows the
specified username, in this case fnord, to use
Unix passwords at any time. Generally speaking, this should only
be used for people who are either unable to use the
key program, like those with dumb terminals, or
those who are uneducable.The third line (permit port) allows all
users logging in on the specified terminal line to use Unix
passwords; this would be used for dial-ups.KerberosKerberosContributed by &a.markm; (based on contribution by
&a.md;).Kerberos is a network add-on system/protocol that allows users to
authenticate themselves through the services of a secure server.
Services such as remote login, remote copy, secure inter-system file
copying and other high-risk tasks are made considerably safer and more
controllable.The following instructions can be used as a guide on how to set up
Kerberos as distributed for FreeBSD. However, you should refer to the
relevant manual pages for a complete description.4.4BSD-LiteIn FreeBSD, the Kerberos is not that from the original 4.4BSD-Lite,
distribution, but eBones, which had been previously ported to FreeBSD
1.1.5.1, and was sourced from outside the USA/Canada, and was thus
available to system owners outside those countries during the era
of restrictive export controls on cryptographic code from the USA.Creating the initial databaseThis is done on the Kerberos server only. First make sure that
you do not have any old Kerberos databases around. You should change
to the directory /etc/kerberosIV and check that
only the following files are present:&prompt.root; cd /etc/kerberosIV
&prompt.root; ls
README krb.conf krb.realmsIf any additional files (such as principal.*
or master_key) exist, then use the
kdb_destroy command to destroy the old Kerberos
database, of if Kerberos is not running, simply delete the extra
files.You should now edit the krb.conf and
krb.realms files to define your Kerberos realm.
In this case the realm will be GRONDAR.ZA and the
server is grunt.grondar.za. We edit or create
the krb.conf file:&prompt.root; cat krb.conf
GRONDAR.ZA
GRONDAR.ZA grunt.grondar.za admin server
CS.BERKELEY.EDU okeeffe.berkeley.edu
ATHENA.MIT.EDU kerberos.mit.edu
ATHENA.MIT.EDU kerberos-1.mit.edu
ATHENA.MIT.EDU kerberos-2.mit.edu
ATHENA.MIT.EDU kerberos-3.mit.edu
LCS.MIT.EDU kerberos.lcs.mit.edu
TELECOM.MIT.EDU bitsy.mit.edu
ARC.NASA.GOV trident.arc.nasa.govIn this case, the other realms do not need to be there. They are
here as an example of how a machine may be made aware of multiple
realms. You may wish to not include them for simplicity.The first line names the realm in which this system works. The
other lines contain realm/host entries. The first item on a line is a
realm, and the second is a host in that realm that is acting as a
key distribution center. The words admin
server following a hosts name means that host also
provides an administrative database server. For further explanation
of these terms, please consult the Kerberos man pages.Now we have to add grunt.grondar.za
to the GRONDAR.ZA realm and also add an entry to
put all hosts in the .grondar.za
domain in the GRONDAR.ZA realm. The
krb.realms file would be updated as
follows:&prompt.root; cat krb.realms
grunt.grondar.za GRONDAR.ZA
.grondar.za GRONDAR.ZA
.berkeley.edu CS.BERKELEY.EDU
.MIT.EDU ATHENA.MIT.EDU
.mit.edu ATHENA.MIT.EDUAgain, the other realms do not need to be there. They are here as
an example of how a machine may be made aware of multiple realms. You
may wish to remove them to simplify things.The first line puts the specific system into
the named realm. The rest of the lines show how to default systems of
a particular subdomain to a named realm.Now we are ready to create the database. This only needs to run
on the Kerberos server (or Key Distribution Center). Issue the
kdb_init command to do this:&prompt.root; kdb_initRealm name [default ATHENA.MIT.EDU ]:GRONDAR.ZA
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter Kerberos master key:Now we have to save the key so that servers on the local machine
can pick it up. Use the kstash command to do
this.&prompt.root; kstashEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!This saves the encrypted master password in
/etc/kerberosIV/master_key.Making it all runTwo principals need to be added to the database for
each system that will be secured with Kerberos.
Their names are kpasswd and rcmd
These two principals are made for each system, with the instance being
the name of the individual system.These daemons, kpasswd and
rcmd allow other systems to change Kerberos
passwords and run commands like rcp,
rlogin and rsh.Now let's add these entries:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:passwdInstance:grunt
<Not found>, Create [y] ?y
Principal: passwd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?y
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name:rcmdInstance:grunt
<Not found>, Create [y] ?
Principal: rcmd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitCreating the server fileWe now have to extract all the instances which define the services
on each machine. For this we use the ext_srvtab
command. This will create a file which must be copied or moved
by secure means to each Kerberos client's
/etc/kerberosIV directory. This file must be present on each server
and client, and is crucial to the operation of Kerberos.&prompt.root; ext_srvtab gruntEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Generating 'grunt-new-srvtab'....Now, this command only generates a temporary file which must be
renamed to srvtab so that all the server can pick
it up. Use the mv command to move it into place on
the original system:&prompt.root; mv grunt-new-srvtab srvtabIf the file is for a client system, and the network is not deemed
safe, then copy the
client-new-srvtab to
removable media and transport it by secure physical means. Be sure to
rename it to srvtab in the client's
/etc/kerberosIV directory, and make sure it is
mode 600:&prompt.root; mv grumble-new-srvtab srvtab
&prompt.root; chmod 600 srvtabPopulating the databaseWe now have to add some user entries into the database. First
let's create an entry for the user jane. Use the
kdb_edit command to do this:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:
<Not found>, Create [y] ?y
Principal: jane, Instance: , kdc_key_ver: 1
New Password: <---- enter a secure password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitTesting it all outFirst we have to start the Kerberos daemons. NOTE that if you
have correctly edited your /etc/rc.conf then this
will happen automatically when you reboot. This is only necessary on
the Kerberos server. Kerberos clients will automagically get what
they need from the /etc/kerberosIV
directory.&prompt.root; kerberos &
Kerberos server starting
Sleep forever on error
Log file is /var/log/kerberos.log
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Current Kerberos master key version is 1
Local realm: GRONDAR.ZA
&prompt.root; kadmind -n &
KADM Server KADM0.0A initializing
Please do not use 'kill -9' to kill this job, use a
regular kill instead
Current Kerberos master key version is 1.
Master key entered. BEWARE!Now we can try using the kinit command to get a
ticket for the id jane that we created
above:&prompt.user; kinit jane
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane"
Password:Try listing the tokens using klist to see if we
really have them:&prompt.user; klist
Ticket file: /tmp/tkt245
Principal: jane@GRONDAR.ZA
Issued Expires Principal
Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.GRONDAR.ZA@GRONDAR.ZANow try changing the password using passwd to
check if the kpasswd daemon can get authorization to the Kerberos
database:&prompt.user; passwd
realm GRONDAR.ZA
Old password for jane:New Password for jane:
Verifying password
New Password for jane:
Password changed.Adding su privilegesKerberos allows us to give each user who
needs root privileges their own separatesupassword. We could now add an id which is
authorized to su to root.
This is controlled by having an instance of root
associated with a principal. Using kdb_edit we can
create the entry jane.root in the Kerberos
database:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:root
<Not found>, Create [y] ? y
Principal: jane, Instance: root, kdc_key_ver: 1
New Password: <---- enter a SECURE password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?12 <--- Keep this short!
Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitNow try getting tokens for it to make sure it works:&prompt.root; kinit jane.root
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane.root"
Password:Now we need to add the user to root's .klogin
file:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZANow try doing the su:&prompt.user; suPassword:and take a look at what tokens we have:&prompt.root; klist
Ticket file: /tmp/tkt_root_245
Principal: jane.root@GRONDAR.ZA
Issued Expires Principal
May 2 20:43:12 May 3 04:43:12 krbtgt.GRONDAR.ZA@GRONDAR.ZAUsing other commandsIn an earlier example, we created a principal called
jane with an instance root.
This was based on a user with the same name as the principal, and this
is a Kerberos default; that a
<principal>.<instance> of the form
<username>.root will allow
that <username> to su to
root if the necessary entries are in the .klogin
file in root's home directory:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZALikewise, if a user has in their own home directory lines of the
form:&prompt.user; cat ~/.klogin
jane@GRONDAR.ZA
jack@GRONDAR.ZAThis allows anyone in the GRONDAR.ZA realm
who has authenticated themselves to jane or
jack (via kinit, see above)
access to rlogin to jane's
account or files on this system (grunt) via
rlogin, rsh or
rcp.For example, Jane now logs into another system, using
Kerberos:&prompt.user; kinit
MIT Project Athena (grunt.grondar.za)
Password:
&prompt.user; rlogin grunt
Last login: Mon May 1 21:14:47 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995Or Jack logs into Jane's account on the same machine (Jane having
set up the .klogin file as above, and the person
in charge of Kerberos having set up principal
jack with a null instance:&prompt.user; kinit
&prompt.user; rlogin grunt -l jane
MIT Project Athena (grunt.grondar.za)
Password:
Last login: Mon May 1 21:16:55 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995FirewallsfirewallssecurityfirewallsContributed by &a.gpalmer; and Alex Nash.Firewalls are an area of increasing interest for people who are
connected to the Internet, and are even finding applications on private
networks to provide enhanced security. This section will hopefully
explain what firewalls are, how to use them, and how to use the
facilities provided in the FreeBSD kernel to implement them.People often think that having a firewall between your
internal network and the Big Bad Internet will solve all
your security problems. It may help, but a poorly setup firewall
system is more of a security risk than not having one at all. A
firewall can add another layer of security to your systems, but it
cannot stop a really determined cracker from penetrating your internal
network. If you let internal security lapse because you believe your
firewall to be impenetrable, you have just made the crackers job that
much easier.What is a firewall?There are currently two distinct types of firewalls in common use
on the Internet today. The first type is more properly called a
packet filtering router, where the kernel on a
multi-homed machine chooses whether to forward or block packets based
on a set of rules. The second type, known as a proxy
server, relies on daemons to provide authentication and to
forward packets, possibly on a multi-homed machine which has kernel
packet forwarding disabled.Sometimes sites combine the two types of firewalls, so that only a
certain machine (known as a bastion host) is
allowed to send packets through a packet filtering router onto an
internal network. Proxy services are run on the bastion host, which
are generally more secure than normal authentication
mechanisms.FreeBSD comes with a kernel packet filter (known as
IPFW), which is what the rest of this
section will concentrate on. Proxy servers can be built on FreeBSD
from third party software, but there is such a variety of proxy
servers available that it would be impossible to cover them in this
document.Packet filtering routersA router is a machine which forwards packets between two or more
networks. A packet filtering router has an extra piece of code in
its kernel which compares each packet to a list of rules before
deciding if it should be forwarded or not. Most modern IP routing
software has packet filtering code within it that defaults to
forwarding all packets. To enable the filters, you need to define a
set of rules for the filtering code so it can decide if the
packet should be allowed to pass or not.To decide whether a packet should be passed on, the code looks
through its set of rules for a rule which matches the contents of
this packets headers. Once a match is found, the rule action is
obeyed. The rule action could be to drop the packet, to forward the
packet, or even to send an ICMP message back to the originator.
Only the first match counts, as the rules are searched in order.
Hence, the list of rules can be referred to as a rule
chain.The packet matching criteria varies depending on the software
used, but typically you can specify rules which depend on the source
IP address of the packet, the destination IP address, the source
port number, the destination port number (for protocols which
support ports), or even the packet type (UDP, TCP, ICMP,
etc).Proxy serversProxy servers are machines which have had the normal system
daemons (telnetd, ftpd, etc) replaced with special servers. These
servers are called proxy servers as they
normally only allow onward connections to be made. This enables you
to run (for example) a proxy telnet server on your firewall host,
and people can telnet in to your firewall from the outside, go
through some authentication mechanism, and then gain access to the
internal network (alternatively, proxy servers can be used for
signals coming from the internal network and heading out).Proxy servers are normally more secure than normal servers, and
often have a wider variety of authentication mechanisms available,
including one-shot password systems so that even if
someone manages to discover what password you used, they will not be
able to use it to gain access to your systems as the password
instantly expires. As they do not actually give users access to the
host machine, it becomes a lot more difficult for someone to install
backdoors around your security system.Proxy servers often have ways of restricting access further, so
that only certain hosts can gain access to the servers, and often
they can be set up so that you can limit which users can talk to
which destination machine. Again, what facilities are available
depends largely on what proxy software you choose.What does IPFW allow me to do?ipfwIPFW, the software supplied with
FreeBSD, is a packet filtering and accounting system which resides in
the kernel, and has a user-land control utility,
&man.ipfw.8;. Together, they allow you to define and query the
rules currently used by the kernel in its routing decisions.There are two related parts to IPFW.
The firewall section allows you to perform packet filtering. There is
also an IP accounting section which allows you to track usage of your
router, based on similar rules to the firewall section. This allows
you to see (for example) how much traffic your router is getting from
a certain machine, or how much WWW (World Wide Web) traffic it is
forwarding.As a result of the way that IPFW is
designed, you can use IPFW on non-router
machines to perform packet filtering on incoming and outgoing
connections. This is a special case of the more general use of
IPFW, and the same commands and techniques
should be used in this situation.Enabling IPFW on FreeBSDipfwenablingAs the main part of the IPFW system
lives in the kernel, you will need to add one or more options to your
kernel configuration file, depending on what facilities you want, and
recompile your kernel. See reconfiguring
the kernel for more details on how to recompile your
kernel.There are currently three kernel configuration options relevant to
IPFW:options IPFIREWALLCompiles into the kernel the code for packet
filtering.options IPFIREWALL_VERBOSEEnables code to allow logging of packets through
&man.syslogd.8;. Without this option, even if you specify
that packets should be logged in the filter rules, nothing will
happen.options IPFIREWALL_VERBOSE_LIMIT=10Limits the number of packets logged through
&man.syslogd.8; on a per entry basis. You may wish to use
this option in hostile environments in which you want to log
firewall activity, but do not want to be open to a denial of
service attack via syslog flooding.When a chain entry reaches the packet limit specified,
logging is turned off for that particular entry. To resume
logging, you will need to reset the associated counter using the
&man.ipfw.8; utility:&prompt.root; ipfw zero 4500Where 4500 is the chain entry you wish to continue
logging.Previous versions of FreeBSD contained an
IPFIREWALL_ACCT option. This is now obsolete as
the firewall code automatically includes accounting
facilities.Configuring IPFWipfwconfiguringThe configuration of the IPFW software
is done through the &man.ipfw.8; utility. The syntax for this
command looks quite complicated, but it is relatively simple once you
understand its structure.There are currently four different command categories used by the
utility: addition/deletion, listing, flushing, and clearing.
Addition/deletion is used to build the rules that control how packets
are accepted, rejected, and logged. Listing is used to examine the
contents of your rule set (otherwise known as the chain) and packet
counters (accounting). Flushing is used to remove all entries from
the chain. Clearing is used to zero out one or more accounting
entries.Altering the IPFW rulesThe syntax for this form of the command is:
ipfw-NcommandindexactionlogprotocoladdressesoptionsThere is one valid flag when using this form of the
command:-NResolve addresses and service names in output.The command given can be shortened to the
shortest unique form. The valid commands
are:addAdd an entry to the firewall/accounting rule listdeleteDelete an entry from the firewall/accounting rule
listPrevious versions of IPFW used
separate firewall and accounting entries. The present version
provides packet accounting with each firewall entry.If an index value is supplied, it used to
place the entry at a specific point in the chain. Otherwise, the
entry is placed at the end of the chain at an index 100 greater than
the last chain entry (this does not include the default policy, rule
65535, deny).The log option causes matching rules to be
output to the system console if the kernel was compiled with
IPFIREWALL_VERBOSE.Valid actions are:rejectDrop the packet, and send an ICMP host or port unreachable
(as appropriate) packet to the source.allowPass the packet on as normal. (aliases:
pass and
accept)denyDrop the packet. The source is not notified via an
ICMP message (thus it appears that the packet never
arrived at the destination).countUpdate packet counters but do not allow/deny the packet
based on this rule. The search continues with the next chain
entry.Each action will be recognized by the
shortest unambiguous prefix.The protocols which can be specified
are:allMatches any IP packeticmpMatches ICMP packetstcpMatches TCP packetsudpMatches UDP packetsThe address specification is:fromaddress/maskporttoaddress/maskportvia interfaceYou can only specify port in
conjunction with protocols which support ports
(UDP and TCP).The is optional and may specify the IP
address or domain name of a local IP interface, or an interface name
(e.g. ed0) to match only packets coming
through this interface. Interface unit numbers can be specified
with an optional wildcard. For example, ppp*
would match all kernel PPP interfaces.The syntax used to specify an
address/mask is:
address
or
address/mask-bits
or
address:mask-patternA valid hostname may be specified in place of the IP address.
is a decimal
number representing how many bits in the address mask should be set.
e.g. specifying 192.216.222.1/24 will create a
mask which will allow any address in a class C subnet (in this case,
192.216.222) to be matched.
is an IP
address which will be logically AND'ed with the address given. The
keyword any may be used to specify any IP
address.The port numbers to be blocked are specified as:
port,port,port…
to specify either a single port or a list of ports, or
port-port
to specify a range of ports. You may also combine a single range
with a list, but the range must always be specified first.The options available are:fragMatches if the packet is not the first fragment of the
datagram.inMatches if the packet is on the way in.outMatches if the packet is on the way out.ipoptions specMatches if the IP header contains the comma separated list
of options specified in spec. The
supported list of IP options are: ssrr
(strict source route), lsrr (loose source
route), rr (record packet route), and
ts (time stamp). The absence of a
particular option may be denoted with a leading
!.establishedMatches if the packet is part of an already established
TCP connection (i.e. it has the RST or ACK bits set). You can
optimize the performance of the firewall by placing
established rules early in the
chain.setupMatches if the packet is an attempt to establish a TCP
connection (the SYN bit set is set but the ACK bit is
not).tcpflags flagsMatches if the TCP header contains the comma separated
list of flags. The supported flags
are fin, syn,
rst, psh,
ack, and urg. The
absence of a particular flag may be indicated by a leading
!.icmptypes typesMatches if the ICMP type is present in the list
types. The list may be specified
as any combination of ranges and/or individual types separated
by commas. Commonly used ICMP types are: 0
echo reply (ping reply), 3 destination
unreachable, 5 redirect,
8 echo request (ping request), and
11 time exceeded (used to indicate TTL
expiration as with &man.traceroute.8;).Listing the IPFW rulesThe syntax for this form of the command is:
ipfw-a-t-NlThere are three valid flags when using this form of the
command:-aWhile listing, show counter values. This option is the
only way to see accounting counters.-tDisplay the last match times for each chain entry. The
time listing is incompatible with the input syntax used by the
&man.ipfw.8; utility.-NAttempt to resolve given addresses and service
names.Flushing the IPFW rulesThe syntax for flushing the chain is:
ipfwflushThis causes all entries in the firewall chain to be removed
except the fixed default policy enforced by the kernel (index
65535). Use caution when flushing rules, the default deny policy
will leave your system cut off from the network until allow entries
are added to the chain.Clearing the IPFW packet countersThe syntax for clearing one or more packet counters is:
ipfwzeroindexWhen used without an index argument,
all packet counters are cleared. If an
index is supplied, the clearing operation
only affects a specific chain entry.Example commands for ipfwThis command will deny all packets from the host evil.crackers.org to the telnet port of the
host nice.people.org:&prompt.root ipfw add deny tcp from evil.crackers.org to nice.people.org 23The next example denies and logs any TCP traffic from the entire
crackers.org network (a class C) to
the nice.people.org machine (any
port).&prompt.root; ipfw add deny log tcp from evil.crackers.org/24 to nice.people.orgIf you do not want people sending X sessions to your internal
network (a subnet of a class C), the following command will do the
necessary filtering:&prompt.root; ipfw add deny tcp from any to my.org/28 6000 setupTo see the accounting records:
&prompt.root; ipfw -a list
or in the short form
&prompt.root; ipfw -a lYou can also see the last time a chain entry was matched
with:&prompt.root; ipfw -at lBuilding a packet filtering firewallThe following suggestions are just that: suggestions. The
requirements of each firewall are different and we cannot tell you
how to build a firewall to meet your particular requirements.When initially setting up your firewall, unless you have a test
bench setup where you can configure your firewall host in a controlled
environment, it is strongly recommend you use the logging version of the
commands and enable logging in the kernel. This will allow you to
quickly identify problem areas and cure them without too much
disruption. Even after the initial setup phase is complete, I
recommend using the logging for `deny' as it allows tracing of
possible attacks and also modification of the firewall rules if your
requirements alter.If you use the logging versions of the accept
command, it can generate large amounts of log
data as one log line will be generated for every packet that passes
through the firewall, so large FTP/http transfers, etc, will really
slow the system down. It also increases the latencies on those
packets as it requires more work to be done by the kernel before the
packet can be passed on. syslogd with also start using up a lot
more processor time as it logs all the extra data to disk, and it
could quite easily fill the partition /var/log
is located on.You should enable your firewall from
/etc/rc.conf.local or
/etc/rc.conf. The associated man page explains
which knobs to fiddle and lists some preset firewall configurations.
If you do not use a preset configuration, ipfw list
will output the current ruleset into a file that you can
pass to rc.conf. If you do not use
/etc/rc.conf.local or
/etc/rc.conf to enable your firewall,
it is important to make sure your firewall is enabled before
any IP interfaces are configured.
The next problem is what your firewall should actually
do! This is largely dependent on what access to
your network you want to allow from the outside, and how much access
to the outside world you want to allow from the inside. Some general
rules are:Block all incoming access to ports below 1024 for TCP. This is
where most of the security sensitive services are, like finger,
SMTP (mail) and telnet.Block all incoming UDP traffic. There
are very few useful services that travel over UDP, and what useful
traffic there is normally a security threat (e.g. Suns RPC and
NFS protocols). This has its disadvantages also, since UDP is a
connectionless protocol, denying incoming UDP traffic also blocks
the replies to outgoing UDP traffic. This can cause a problem for
people (on the inside) using external archie (prospero) servers.
If you want to allow access to archie, you'll have to allow
packets coming from ports 191 and 1525 to any internal UDP port
through the firewall. ntp is another service you may consider
allowing through, which comes from port 123.Block traffic to port 6000 from the outside. Port 6000 is the
port used for access to X11 servers, and can be a security threat
(especially if people are in the habit of doing xhost
+ on their workstations). X11 can actually use a
range of ports starting at 6000, the upper limit being how many X
displays you can run on the machine. The upper limit as defined
by RFC 1700 (Assigned Numbers) is 6063.Check what ports any internal servers use (e.g. SQL servers,
etc). It is probably a good idea to block those as well, as they
normally fall outside the 1-1024 range specified above.Another checklist for firewall configuration is available from
CERT at http://www.cert.org/tech_tips/packet_filtering.htmlAs stated above, these are only guidelines.
You will have to decide what filter rules you want to use on your
firewall yourself. We cannot accept ANY responsibility if someone
breaks into your network, even if you follow the advice given
above.OpenSSLsecurityOpenSSLOpenSSLAs of FreeBSD 4.0, the OpenSSL toolkit is a part of the base
system. OpenSSL
provides a general-purpose cryptography library, as well as the
Secure Sockets Layer v2/v3 (SSLv2/SSLv3) and Transport Layer
Security v1 (TLSv1) network security protocols.However, one of the algorithms (specifically IDEA)
included in OpenSSL is protected by patents in the USA and
elsewhere, and is not available for unrestricted use.
IDEA is included in the OpenSSL sources in FreeBSD, but it is not
built by default. If you wish to use it, and you comply with the
license terms, enable the MAKE_IDEA switch in /etc/make.conf and
rebuild your sources using 'make world'.Today, the RSA algorithm is free for use in USA and other
countries. In the past it was protected by a patent.OpenSSLinstallSource Code InstallationsOpenSSL is part of the src-crypto and
src-secure cvsup collections. See the Obtaining FreeBSD section for more
information about obtaining and updating FreeBSD source
code.IPsecIPsecsecurityIPsecContributed by &a.shin;, 5 March
2000.The IPsec mechanism provides secure communication either for IP
layer and socket layer communication. This section should
explain how to use them. For implementation details, please
refer to The
Developers' Handbook.The current IPsec implementation supports both transport mode
and tunnel mode. However, tunnel mode comes with some restrictions.
http://www.kame.net/newsletter/
has more comprehensive examples.Please be aware that in order to use this functionality, you
must have the following options compiled into your kernel:options IPSEC #IP security
options IPSEC_ESP #IP security (crypto; define w/IPSEC)Transport mode example with IPv4Let's setup security association to deploy a secure channel
between HOST A (10.2.3.4) and HOST B (10.6.7.8). Here we show a little
complicated example. From HOST A to HOST B, only old AH is used.
From HOST B to HOST A, new AH and new ESP are combined.Now we should choose algorithm to be used corresponding to
"AH"/"new AH"/"ESP"/"new ESP". Please refer to the &man.setkey.8; man
page to know algorithm names. Our choice is MD5 for AH, new-HMAC-SHA1
for new AH, and new-DES-expIV with 8 byte IV for new ESP.Key length highly depends on each algorithm. For example, key
length must be equal to 16 bytes for MD5, 20 for new-HMAC-SHA1,
and 8 for new-DES-expIV. Now we choose "MYSECRETMYSECRET",
"KAMEKAMEKAMEKAMEKAME", "PASSWORD", respectively.OK, let's assign SPI (Security Parameter Index) for each protocol.
Please note that we need 3 SPIs for this secure channel since three
security headers are produced (one for from HOST A to HOST B, two for
from HOST B to HOST A). Please also note that SPI MUST be greater
than or equal to 256. We choose, 1000, 2000, and 3000, respectively.
(1)
HOST A ------> HOST B
(1)PROTO=AH
ALG=MD5(RFC1826)
KEY=MYSECRETMYSECRET
SPI=1000
(2.1)
HOST A <------ HOST B
<------
(2.2)
(2.1)
PROTO=AH
ALG=new-HMAC-SHA1(new AH)
KEY=KAMEKAMEKAMEKAMEKAME
SPI=2000
(2.2)
PROTO=ESP
ALG=new-DES-expIV(new ESP)
IV length = 8
KEY=PASSWORD
SPI=3000
Now, let's setup security association. Execute &man.setkey.8;
on both HOST A and B:
&prompt.root; setkey -c
add 10.2.3.4 10.6.7.8 ah-old 1000 -m transport -A keyed-md5 "MYSECRETMYSECRET" ;
add 10.6.7.8 10.2.3.4 ah 2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEKAME" ;
add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
^D
Actually, IPsec communication doesn't process until security policy
entries will be defined. In this case, you must setup each host.
At A:
&prompt.root; setkey -c
spdadd 10.2.3.4 10.6.7.8 any -P out ipsec
ah/transport/10.2.3.4-10.6.7.8/require ;
^D
At B:
&prompt.root; setkey -c
spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
esp/transport/10.6.7.8-10.2.3.4/require ;
spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
ah/transport/10.6.7.8-10.2.3.4/require ;
^D
HOST A --------------------------------------> HOST E
10.2.3.4 10.6.7.8
| |
========== old AH keyed-md5 ==========>
<========= new AH hmac-sha1 ===========
<========= new ESP des-cbc ============
Transport mode example with IPv6Another example using IPv6.ESP transport mode is recommended for TCP port number 110 between
Host-A and Host-B.
============ ESP ============
| |
Host-A Host-B
fec0::10 -------------------- fec0::11
Encryption algorithm is blowfish-cbc whose key is "kamekame", and
authentication algorithm is hmac-sha1 whose key is "this is the test
key". Configuration at Host-A:
&prompt.root; setkey -c <<EOF
spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
esp/transport/fec0::10-fec0::11/use ;
spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
esp/transport/fec0::11-fec0::10/use ;
add fec0::10 fec0::11 esp 0x10001
-m transport
-E blowfish-cbc "kamekame"
-A hmac-sha1 "this is the test key" ;
add fec0::11 fec0::10 esp 0x10002
-m transport
-E blowfish-cbc "kamekame"
-A hmac-sha1 "this is the test key" ;
EOF
and at Host-B:&prompt.root; setkey -c <<EOF
spdadd fec0::11[110] fec0::10[any] tcp -P out ipsec
esp/transport/fec0::11-fec0::10/use ;
spdadd fec0::10[any] fec0::11[110] tcp -P in ipsec
esp/transport/fec0::10-fec0::11/use ;
add fec0::10 fec0::11 esp 0x10001 -m transport
-E blowfish-cbc "kamekame"
-A hmac-sha1 "this is the test key" ;
add fec0::11 fec0::10 esp 0x10002 -m transport
-E blowfish-cbc "kamekame"
-A hmac-sha1 "this is the test key" ;
EOF
Note the direction of SP.Tunnel mode example with IPv4Tunnel mode between two security gatewaysSecurity protocol is old AH tunnel mode, i.e. specified by
RFC1826, with keyed-md5 whose key is "this is the test" as
authentication algorithm.
======= AH =======
| |
Network-A Gateway-A Gateway-B Network-B
10.0.1.0/24 ---- 172.16.0.1 ----- 172.16.0.2 ---- 10.0.2.0/24
Configuration at Gateway-A:
&prompt.root; setkey -c <<EOF
spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
ah/tunnel/172.16.0.1-172.16.0.2/require ;
spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
ah/tunnel/172.16.0.2-172.16.0.1/require ;
add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
-A keyed-md5 "this is the test" ;
add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
-A keyed-md5 "this is the test" ;
EOF
If port number field is omitted such above then "[any]" is
employed. `-m' specifies the mode of SA to be used. "-m any" means
wild-card of mode of security protocol. You can use this SA for both
tunnel and transport mode.and at Gateway-B:
&prompt.root; setkey -c <<EOF
spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
ah/tunnel/172.16.0.2-172.16.0.1/require ;
spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
ah/tunnel/172.16.0.1-172.16.0.2/require ;
add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
-A keyed-md5 "this is the test" ;
add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
-A keyed-md5 "this is the test" ;
EOF
Making SA bundle between two security gatewaysAH transport mode and ESP tunnel mode is required between
Gateway-A and Gateway-B. In this case, ESP tunnel mode is applied first,
and AH transport mode is next.
========== AH =========
| ======= ESP ===== |
| | | |
Network-A Gateway-A Gateway-B Network-B
fec0:0:0:1::/64 --- fec0:0:0:1::1 ---- fec0:0:0:2::1 --- fec0:0:0:2::/64
Tunnel mode example with IPv6Encryption algorithm is 3des-cbc, and authentication algorithm
for ESP is hmac-sha1. Authentication algorithm for AH is hmac-md5.
Configuration at Gateway-A:
&prompt.root; setkey -c <<EOF
spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
ah/transport/fec0:0:0:1::1-fec0:0:0:2::1/require ;
spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
ah/transport/fec0:0:0:2::1-fec0:0:0:1::1/require ;
add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001 -m tunnel
-E 3des-cbc "kamekame12341234kame1234"
-A hmac-sha1 "this is the test key" ;
add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001 -m transport
-A hmac-md5 "this is the test" ;
add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001 -m tunnel
-E 3des-cbc "kamekame12341234kame1234"
-A hmac-sha1 "this is the test key" ;
add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001 -m transport
-A hmac-md5 "this is the test" ;
EOF
Making SAs with the different endESP tunnel mode is required between Host-A and Gateway-A. Encryption
algorithm is cast128-cbc, and authentication algorithm for ESP is
hmac-sha1. ESP transport mode is recommended between Host-A and Host-B.
Encryption algorithm is rc5-cbc, and authentication algorithm for ESP is
hmac-md5.
================== ESP =================
| ======= ESP ======= |
| | | |
Host-A Gateway-A Host-B
fec0:0:0:1::1 ---- fec0:0:0:2::1 ---- fec0:0:0:2::2
Configuration at Host-A:
&prompt.root; setkey -c <<EOF
spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
esp/transport/fec0:0:0:1::1-fec0:0:0:2::2/use
esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
esp/transport/fec0:0:0:2::2-fec0:0:0:l::1/use
esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
-m transport
-E cast128-cbc "12341234"
-A hmac-sha1 "this is the test key" ;
add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002
-E rc5-cbc "kamekame"
-A hmac-md5 "this is the test" ;
add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003
-m transport
-E cast128-cbc "12341234"
-A hmac-sha1 "this is the test key" ;
add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
-E rc5-cbc "kamekame"
-A hmac-md5 "this is the test" ;
EOF
OpenSSHOpenSSHsecurityOpenSSHContributed by &a.chern;, April 21,
2001.Secure shell is a set of network connectivity tools used to
access remote machines securely. It can be used as a direct
replacement for rlogin,
rsh, rcp, and
telnet. Additionally, any other TCP/IP
connections can be tunneled/forwarded securely through ssh.
ssh encrypts all traffic to effectively eliminate eavesdropping,
connection hijacking, and other network-level attacks.OpenSSH is maintained by the OpenBSD project, and is based
upon SSH v1.2.12 with all the recent bug fixes and updates. It
is compatible with both SSH protocols 1 and 2. OpenSSH has been
in the base system since FreeBSD 4.0.Advantages of using OpenSSHNormally, when using &man.telnet.1; or &man.rlogin.1;,
data is sent over the network in an clear, un-encrypted form.
Network sniffers anywhere in between the client and server can
steal your user/password information or data transferred in
your session. OpenSSH offers a variety of authentication and
encryption methods to prevent this from happening.Enabling sshdOpenSSHenablingBe sure to make the following additions to your
rc.conf file:
sshd_enable="YES"This will load the ssh daemon the next time your system
initializes. Alternatively, you can simply run the
sshd daemon.SSH clientOpenSSHclientThe &man.ssh.1; utility works similarly to
&man.rlogin.1;.
&prompt.root ssh user@foobardomain.com
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)? yes
Host 'foobardomain.com' added to the list of known hosts.
user@foobardomain.com's password: *******The login will continue just as it would have if a session was
created using rlogin or telnet. SSH utilizes a key fingerprint
system for verifying the authenticity of the server when the
client connects. The user is prompted to enter 'yes' only during
the first time connecting. Future attempts to login are all
verified against the saved fingerprint key. The SSH client
will alert you if the saved fingerprint differs from the
received fingerprint on future login attempts. The fingerprints
are saved in ~/.ssh/known_hostsSecure copyOpenSSHsecure copyscpThe scp command works similarly to rcp;
it copies a file to or from a remote machine, except in a
secure fashion.&prompt.root scp user@foobardomain.com:/COPYRIGHT COPYRIGHT
user@foobardomain.com's password:
COPYRIGHT 100% |*****************************| 4735
00:00
&prompt.rootSince the fingerprint was already saved for this host in the
previous example, it is verified when using scp
here.
ConfigurationOpenSSHconfigurationThe system-wide configuration files for both the OpenSSH
daemon and client reside within the /etc/ssh
directory.
ssh_config configures the client
settings, while sshd_config configures the
daemon.
ssh-keygenInstead of using passwords, &man.ssh-keygen.1; can
be used to generate RSA keys to authenticate a user.
&prompt.user ssh-keygen
Initializing random number generator...
Generating p: .++ (distance 66)
Generating q: ..............................++ (distance 498)
Computing the keys...
Key generation complete.
Enter file in which to save the key (/home/user/.ssh/identity):
Enter passphrase:
Enter the same passphrase again:
Your identification has been saved in /home/user/.ssh/identity.
...&man.ssh-keygen.1; will create a public and private
key pair for use in authentication. The private key is stored in
~/.ssh/identity, whereas the public key is
stored in ~/.ssh/identity.pub. The public
key must be placed in ~/.ssh/authorized_keys
of the remote machine in order for the setup to work.
This will allow connection to the remote machine based upon
RSA authentication instead of passwords.If a passphrase is used in &man.ssh-keygen.1;, the user
will be prompted for a password each time in order to use the private
key.&man.ssh-agent.1; and &man.ssh-add.1; are
utilities used in managing multiple passworded private keys.
SSH TunnelingOpenSSHtunnelingOpenSSH has the ability to create a tunnel to encapsulate
another protocol in an encrypted session.The following command tells &man.ssh.1; to create a tunnel
for telnet.&prompt.user; ssh -2 -N -f -L 5023:localhost:23 user@foo.bar.com
&prompt.user;-2 this forces &man.ssh.1 to use version
2 of the protocol. (Do not use if you are working with older ssh
servers)-N indicates no command, or tunnel only.
If omitted, &man.ssh.1; would initiate a normal session.-f forces &man.ssh.1; to run
in the background.-L indicates a local tunnel in
localport:localhost:remoteport fashion.
foo.bar.com is the remote/target
SSH server.
An SSH tunnel works by creating a listen socket on the specified
local host and port. It then forwards any connection to the local
host/port via the SSH connection to the remote machine on the
specified remote port.
In the example, port 5023 on localhost
is being forwarded to port 23 on the remote
machine. Since 23 is telnet, this would
create a secure telnet session through an SSH tunnel.
This can be used to wrap any number of insecure TCP protocols
such as smtp, pop3, ftp, etc.
A typical SSH Tunnel&prompt.user; ssh -2 -N -f -L 5025:localhost:25 user@mailserver.foobar.com
user@mailserver.foobar.com's password: *****
&prompt.user; telnet localhost 5025
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailserver.foobar.com ESMTPThis can be used in conjunction with an &man.ssh-keygen.1;
and additional user accounts to create a more seamless/hassle-free
SSH tunneling environment. Keys can be used in place of typing
a password, and the tunnels can be run as a separate user.
Further ReadingOpenSSH&man.ssh.1; &man.scp.1; &man.ssh-keygen.1;
&man.ssh-agent.1; &man.ssh-add.1;&man.sshd.8; &man.sftp-server.8;
diff --git a/en_US.ISO8859-1/books/handbook/sound/chapter.sgml b/en_US.ISO8859-1/books/handbook/sound/chapter.sgml
index 8cfc1df408..c6456fe25a 100644
--- a/en_US.ISO8859-1/books/handbook/sound/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/sound/chapter.sgml
@@ -1,333 +1,336 @@
SoundContributed by Moses Moore
jm-moses@home.com, 20 November 2000.SynopsisThis chapter of the handbook deals with setting up sound on a
FreeBSD system.Locating the Correct DevicePCIISAsound cardsBefore you begin, you should know the model of the card you
have, the chip it uses, and whether it is a PCI or ISA card.
FreeBSD supports a wide variety of both PCI and ISA cards. If you
do not see your card in the following list, check the &man.pcm.4;
manual page. This is not a complete list; however, it does list
some of the most common cards.Crystal 4237, 4236, 4232, 4231Yamaha OPL-SAxOPTi931Ensoniq AudioPCI 1370/1371ESS Solo-1/1ENeoMagic 256AV/ZXSound Blaster Pro, 16, 32, AWE64, AWE128, LiveCreative ViBRA16Advanced Asound 100, 110, and Logic ALS120ES 1868, 1869, 1879, 1888Gravis UltraSoundAureal Vortex 1 or 2
- kernelconfiguration
+
+ kernel
+ configuration
+ The driver you use in your kernel depends on the kind of card
you have. The sections below provide more information and what
you will need to add to your kernel
configuration.Creative, Advance, and ESS Sound CardsIf you have one of the above cards, you will need to
adddevice pcmto your kernel. If you have a PnP ISA card, you will also
need to adddevice sbcto your kernel. For a non-PnP ISA card, adddevice pcmanddevice sbc0 at isa? port0x220 irq 5 drq 1 flags 0x15to your kernel. Those are the default settings. You may
need to change the IRQ, etc. See the &man.sbc.4; man page for
more information.The Sound Blaster Live is not supported under FreeBSD 4.0
without a patch, which this document will not cover. It is
recommended that you update to the latest -STABLE before
trying to use this card.Gravis UltraSound CardsFor a PnP ISA card, you will need to adddevice pcmanddevice guscto your kernel. If you have a non-PnP ISA card, you will
need to adddevice pcmanddevice gus0 at isa? port 0x220 irq 5 drq 1 flags 0x13to your kernel. You may need to change the IRQ, etc. See
the &man.gusc.4; man page for more information.Crystal Sound CardsFor Crystal cards, you will need bothdevice pcmanddevice csain your kernel.Generic SupportFor PnP ISA or PCI cards, you will need to adddevice pcmto your kernel configuration. If you have a non-PnP ISA
sound card that does not have a bridge driver, you will need
to adddevice pcm0 at isa? irq 10 drq 1 flags 0x0to your kernel configuration. You may need to change the
IRQ, etc., to match your hardware configuration.Recompiling the KernelAfter adding the driver(s) you need to your kernel
configuration, you will need to recompile your kernel. Please see
of the handbook for
more information.Creating and Testing the Device Nodesdevice nodesAfter you reboot, log in and run cat
/dev/sndstat. You should see output similar to the
following:FreeBSD Audio Driver (newpcm) Sep 21 2000 18:29:53
Installed devices:
pcm0: <Aureal Vortex 8830> at memory 0xfeb40000 irq 5 (4p/1r +channels duplex)If you see an error message, something went wrong earlier. If
that happens, go through your kernel configuration file again and
make sure you chose the correct device.If it reported no errors and returned
pcm0, su to
root and do the following:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV snd0If it reported no errors and returned
pcm1, su to
root and do the following:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV snd1Please note that either of the above commands will
not create a
/dev/snd device! Instead it creates a
group of device nodes including:DeviceDescription/dev/audioSPARC-compatible audio device/dev/dspDigitized voice device/dev/dspWLike /dev/dsp, but 16 bits
per sample/dev/midiRaw midi access device/dev/mixerControl port mixer device/dev/musicLevel 2 sequencer interface/dev/sequencerSequencer device/dev/pssProgrammable device interfaceIf all goes well, you should now have a functioning sound
card. If you do not, see the next section.Common Problemsdevice nodeI get an unsupported subdevice XX error!One or more of the device nodes wasn't created
correctly. Repeat the steps above.I/O portI get a sb_dspwr(XX) timed out error!The I/O port is not set correctly.IRQI get a bad irq XX error!The IRQ is set incorrectly. Make sure that the set IRQ
and the sound IRQ are the same.I get a xxx: gus pcm not attached, out of
memory
error. What causes that?If this happens, it is because there is not enough
available memory to use the device.
diff --git a/en_US.ISO8859-1/books/handbook/users/chapter.sgml b/en_US.ISO8859-1/books/handbook/users/chapter.sgml
index 5d6814100c..ba5e97f082 100644
--- a/en_US.ISO8859-1/books/handbook/users/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/users/chapter.sgml
@@ -1,850 +1,850 @@
NeilsBlakey-MilnerContributedUsers and Basic Account ManagementSynopsisAll access to the system is achieved via accounts, and all
processes are run by users, so user and account management are
of integral importance on FreeBSD systems.There are three main types of accounts; the Superuser, system users, and user accounts. The Superuser
account, usually called root, is used to
manage the system with no limitations on privileges. System
users run services. Finally, user accounts are used by real
people, who log on, read mail, and so forth.The Superuser Accountaccountssuperuser (root)The superuser account, usually called
root, comes preconfigured to facilitate
system administration, and should not be used for day-to-day
tasks like sending and receiving mail, general exploration of
the system, or programming.This is because the superuser, unlike normal user accounts,
can operate without limits, and misuse of the superuser account
may result in spectacular disasters. User accounts are unable
to destroy the system by mistake, so it is generally best to use
normal user accounts whenever possible, unless you especially
need the extra privilege.You should always double and triple-check commands you issue
as the superuser, since an extra space or missing character can
mean irreparable data loss.So, the first thing you should do after reading this
chapter, is to create an unprivileged user account for yourself
for general usage, if you haven't already. This applies equally
whether you're running a multi-user or single-user machine.
Later in this chapter, we discuss how to create additional
accounts, and how to change between the normal user and
superuser.System AccountsaccountssystemSystem users are those used to run services such as DNS,
mail, web servers, and so forth. The reason for this is
security; if all services ran as the superuser, they could
act without restriction.accountsdaemonaccounts
- operator
+ operatorExamples of system users are daemon,
operator, bind (for
the Domain Name Service), and news. Often
sysadmins create httpd to run web servers
they install.accounts
- nobody
+ nobodynobody is the generic unprivileged
system user. However, it's important to keep in mind that the
more services that use nobody, the more
files and processes that user will become associated with, and
hence the more privileged that user becomes.User AccountsaccountsuserUser accounts are the primary means of access for real
people to the system, and these accounts insulate the user and
the environment, preventing the users from damaging the system
or other users, and allowing users to customize their
environment without affecting others.Every person accessing your system should have a unique user
account. This allows you to find out who is doing what, prevent
people from clobbering each others' settings or reading each
others' mail, and so forth.Each user can set up their own environment to accommodate
their use of the system, by using alternate shells, editors, key
bindings, and language.Modifying Accountsaccountsmodifyingpw is a powerful and flexible
tool to modify all aspects of user accounts. For most tasks
however, adduser and
rmuser are recommended to add and
remove accounts respectively.chpass allows both the system
administrator and normal users to adjust passwords, shells, and
personal information. If you are only interested in changing a
password then the passwd command is
usually quicker.adduseraccountsaddingadduser/usr/share/skelskeleton directoryadduser is a simple program for
adding new users. It creates entries in the system
passwd and group
files. It will also create a home directory for the new user,
copy in the default configuration files ("dotfiles") from
/usr/share/skel, and can optionally mail
the new user a welcome message.To create the initial configuration file, use
adduser -s -config_create.
The makes adduser
default to
quiet. We use later when we want to
change defaults.
Next, we configure adduser
defaults, and create our first user account, since using
root for normal usage is evil and
nasty.Configuring adduser&prompt.root; adduser -v
Use option ``-silent'' if you don't want to see all warnings and questions.
Check /etc/shells
Check /etc/master.passwd
Check /etc/group
Enter your default shell: csh date no sh tcsh [sh]: zsh
Your default shell is: tcsh -> /usr/local/bin/zsh
Enter your default HOME partition: [/home]:
Copy dotfiles from: /usr/share/skel no [/usr/share/skel]:
Send message from file: /etc/adduser.message no
[/etc/adduser.message]: no
Do not send message
Use passwords (y/n) [y]: y
Write your changes to /etc/adduser.conf? (y/n) [n]: y
Ok, let's go.
Don't worry about mistakes. I will give you the chance later to correct any input.
Enter username [a-z0-9_-]: jru
Enter full name []: J. Random User
Enter shell csh date no sh tcsh zsh [zsh]:
Enter home directory (full path) [/home/jru]:
Uid [1001]:
Enter login class: default []:
Login group jru [jru]:
Login group is ``jru''. Invite jru into other groups: guest no
[no]: wheel
Enter password []:
Enter password again []:
Name: jru
Password: ****
Fullname: J. Random User
Uid: 1007
Gid: 1007 (jru)
Class:
Groups: jru wheel
HOME: /home/jru
Shell: /usr/local/bin/zsh
OK? (y/n) [y]: y
Added user ``jru''
Copy files from /usr/share/skel to /home/jru
Add another user? (y/n) [y]: n
Goodbye!
&prompt.root;In summary, we changed the default shell to
zsh (an additional shell found in
packages), and turned off the sending of a welcome mail to
added users. We then saved the configuration, and then
created an account for jru, and we made
sure jru is in wheel
group (which we'll see is important later).The password you type in isn't echoed, nor are asterisks
displayed. Make sure you don't mistype the password twice
:-)Just use adduser without arguments
from now on, and you won't have to go through changing the
defaults. If the program asks you to change the defaults,
exit the program, and try the
option.rmuserrmuseraccountsremovingYou can use rmuser to
completely remove a user from the system.
rmuser performs the following
steps:Removes the user's &man.crontab.1; entry (if
any).Removes any &man.at.1; jobs belonging to the
user.Kills all processes owned by the user.Removes the user from the system's local password
file.Removes the user's home directory (if it is owned by
the user).Removes the incoming mail files belonging to the user
from /var/mail.Removes all files owned by the user from temporary
file storage areas such as /tmp.Finally, removes the username from all groups to which
it belongs in /etc/group.
If a group becomes empty and the group name is the
same as the username, the group is removed; this
complements the per-user unique groups created by
&man.adduser.8;.rmuser can't be used to remove
superuser accounts, since that is almost always an indication
of massive destruction.By default, an interactive mode is used, which attempts to
make sure you know what you're doing.rmuser interactive account removal&prompt.root; rmuser jru
Matching password entry:
jru:*:1000:1000::0:0:J. Random User:/home/jru:/usr/local/bin/tcsh
Is this the entry you wish to remove? y
Remove user's home directory (/home/jru)? y
Updating password file, updating databases, done.
Updating group file: trusted (removing group jru -- personal group is empty) done.
Removing user's incoming mail file /var/mail/jru: done.
Removing files belonging to jru from /tmp: done.
Removing files belonging to jru from /var/tmp: done.
Removing files belonging to jru from /var/tmp/vi.recover: done.
&prompt.root;pwpwpw is a command line utility to
create, remove, modify, and display users and groups, and functions
as an editor of the system user and group files. This section
describes its use for users; the Groups section below describes its
use for groups.It is designed to be useful both as a directly executed
command and for use from shell scripts.For detailed information, please see &man.pw.8;.chpasschpasschpass changes user database
information such as passwords, shells, and personal
information.Only system administrators, as the superuser, may change
other users' information and passwords with
chpass.When passed no options, aside from an optional username,
chpass displays an editor
containing user information. When the user exists from the
editor, the user database is updated with the new
information.Interactive chpass by Superuser#Changing user database information for jru.
Login: jru
Password: *
Uid [#]: 1000
Gid [# or name]: 1000
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /home/jru
Shell: /usr/local/bin/tcsh
Full Name: J. Random User
Office Location:
Office Phone:
Home Phone:
Other information:The normal user can change only a small subsection of this
information, and only for themselves.Interactive chpass by Normal User#Changing user database information for jru.
Shell: /usr/local/bin/tcsh
Full Name: J. Random User
Office Location:
Office Phone:
Home Phone:
Other information:chfn and chsh are
just links to chpass, as
are ypchpass,
ypchfn, and
ypchsh. NIS support is automatic, so
specifying the yp before the command is
not necessary.passwdpasswdaccountschanging passwordpasswd is the usual way to
change your own password as a user, or another user's password
as the superuser.Users must type in their original password before
changing their password, to prevent an unauthorized person
from changing their password when the user is away from
their console.Changing your password&prompt.user; passwd
Changing local password for jru.
Old password:
New password:
Retype new password:
passwd: updating the database...
passwd: doneChanging another user's password as the superuser&prompt.root; passwd jru
Changing local password for jru.
New password:
Retype new password:
passwd: updating the database...
passwd: doneyppasswd is just a link to
passwd. NIS support is automatic, so
specifying the yp before the command is
not necessary.Limiting Userslimiting usersuserslimiting (see limiting users)If you run a multi-user system, chances are that you do not trust
all of your users not to damage your system. FreeBSD provides a
number of ways a system administrator can limit the amount of system
resources an individual user can use. These limits are generally
divided into two sections: disk quotas, and other resources
limits.quotaslimiting usersquotasdisk quotasDisk quotas are a way for the system administrator to tell the
filesystem the amount of disk space a user may use; moreover, they
provide a way to quickly check on the disk usage of a user without
having to calculate it every time. Quotas are discussed in .The other resource limits include ways to limit the amount of
CPU, memory, and other resources a user may consume. These are
defined using login classes and are discussed here./etc/login.confLogin classes are defined in
/etc/login.conf. The precise semantics are
beyond the scope of this section, but are described in detail in the
&man.login.conf.5; manual page. It is sufficient to say that each
user is assigned to a login class (default by
default), and that each login class has a set of login capabilities
associated with it. A login capability is a
name=value
pair, where name is a well-known
identifier and value is an arbitrary
string processed accordingly depending on the name. Setting up login
classes and capabilities is rather straight-forward, and is also
described in &man.login.conf.5;.Resource limits are different from plain vanilla login
capabilities in two ways. First, for every limit, there is a soft
(current) and hard limit. A soft limit may be adjusted by the user
or application, but may be no higher than the hard limit. The latter
may be lowered by the user, but never raised. Second, most resource
limits apply per process to a specific user, not the user as a whole.
Note, however, that these differences are mandated by the specific
handling of the limits, not by the implementation of the login
capability framework (i.e., they are not really
a special case of login capabilities).And so, without further ado, below are the most commonly used
resource limits (the rest, along with all the other login
capabilities, may be found in &man.login.conf.5;).coredumpsizecoredumpsizelimiting userscoredumpsizeThe limit on the size of a core file generated by a program
is, for obvious reasons, subordinate to other limits on disk
usage (e.g., filesize, or disk quotas).
Nevertheless, it is often used as a less-severe method of
controlling disk space consumption: since users do not generate
core files themselves, and often do not delete them, setting this
may save them from running out of disk space should a large
program (e.g., emacs) crash.cputimecputimelimiting userscputimeThis is the maximum amount of CPU time a user's process may
consume. Offending processes will be killed by the kernel.
This is a limit on CPU time
consumed, not percentage of the CPU as displayed in some
fields by &man.top.1; and &man.ps.1;. A limit on the
latter is, at the time of this writing, not possible, and
would be rather useless: a compiler—probably a
legitimate task—can easily use almost 100% of a CPU
for some time.filesizefilesizelimiting usersfilesizeThis is the maximum size of a file the user may possess.
Unlike disk quotas, this limit is
enforced on individual files, not the set of all files a user
owns.maxprocmaxproclimiting usersmaxprocThis is the maximum number of processes a user may be
running. This includes foreground and background processes
alike. For obvious reasons, this may not be larger than the
system limit specified by the kern.maxprocsysctl. Also note that setting this
too small may hinder a
user's productivity: it is often useful to be logged in
multiple times or execute pipelines. Some tasks, such as
compiling a large program, also spawn multiple processes (e.g.,
&man.make.1;, &man.cc.1;, and other intermediate
preprocessors).memorylockedmemorylockedlimiting usersmemorylockedThis is the maximum amount a memory a process may have
requested to be locked into main memory (e.g., see
&man.mlock.2;). Some system-critical programs, such as
&man.amd.8;, do this so that their getting swapped out does not
contribute to a system's thrashing in time of trouble.memoryusememoryuselimiting usersmemoryuseThis is the maximum amount of memory a process may consume
at any given time. It includes both core memory and swap
usage. This is not a catch-all limit for restricting memory
consumption, but it is a good start.openfilesopenfileslimiting usersopenfilesThis is the maximum amount of files a process may have
open. In FreeBSD, files are also used to represent sockets and
IPC channels; thus, be careful not to set this too low. The
system-wide limit for this is defined by the
kern.maxfilessysctl.sbsizesbsizelimiting userssbsizeThis is the limit on the amount of network memory, and thus
mbufs, a user may consume. This originated as a response to an
old DoS attack by creating a lot of sockets, but can be
generally used to limit network communications.stacksizestacksizelimiting usersstacksizeThis is the maximum size a process' stack may grow to.
This alone is not sufficient to limit the amount of memory a
program may use; consequently, it should be used in conjunction
with other limits.There are a few other things to remember when setting resource
limits. Following are some general tips, suggestions, and
miscellaneous comments.Processes started at system startup by
/etc/rc are assigned to the
daemon login class.Although the /etc/login.conf that comes
with the system is a good source of reasonable values for most
limits, only you, the administrator, can know what is appropriate
for your system. Setting a limit too high may open your system
up to abuse, while setting it too low may put a strain on
productivity.Users of the X Window System (X11) should probably be granted
more resources than other users. X11 by itself takes a lot of
resources, but it also encourages users to run more programs
simultaneously.Remember that many limits apply to individual processes, not
the user as a whole. For example, setting
openfiles to 50 means
that each process the user runs may open up to 50 files. Thus,
the gross amount of files a user may open is the value of
openfiles multiplied by the value of
maxproc. This also applies to memory
consumption.For further information on resource limits and login classes and
capabilities in general, please consult the relevant manual pages:
&man.cap.mkdb.1;, &man.getrlimit.2;, &man.login.conf.5;.Personalizing UsersLocalization is an environment set up by the system
administrator or user to accommodate different languages,
character sets, date and time standards, and so on. This is
discussed in the localization
chapter.Groupsgroups/etc/groupsaccountsgroupsA group is simply a list of users. Groups are identified by
their group name and gid (group ID). In FreeBSD (and most other Unix
systems), the two factors the kernel uses to decide whether a process
is allowed to do something is its user ID and list of groups it
belongs to. Unlike a user ID, a process has a list of groups
associated with it. You may hear some things refer to the "group ID"
of a user or process; most of the time, this just means the first
group in the list.The group name to group ID map is in
/etc/group. This is a plain text file with four
colon-delimited fields. The first fields is the group name, the
second is the encrypted password, the third the group ID, and the
fourth the comma-delimited list of members. It can safely be edited
by hand (assuming, of course, that you don't make any syntax
errors!). For a more complete description of the syntax, see the
&man.group.5; manual page.If you don't want to edit /etc/group
manually, you can use the &man.pw.8; command to add and edit groups.
For example, to add a group called teamtwo and
then confirm that it exists you can use:Adding a group using &man.pw.8;&prompt.root; pw groupadd teamtwo
&prompt.root; pw groupshow teamtwo
teamtwo:*:1100:The number 1100 above is the group ID of the
group teamtwo. Right now,
teamtwo has no members, and is thus rather
useless. Let's change that by inviting jru to
the teamtwo group.Adding somebody to a group using &man.pw.8;&prompt.root; pw groupmod teamtwojru
&prompt.root; pw groupshow teamtwo
teamtwo:*:1100:jruThe argument to the option is a
comma-delimited list of users who are members of the group. From the
preceding sections, we know that the password file also contains a
group for each user. The latter (the user) is automatically added to
the group list by the system; the user will not show up as a member
when using the groupshow command to &man.pw.8;,
but will show up when the information is queried via &man.id.1; or
similar tool. In other words, &man.pw.8; only manipulates the
/etc/group file; it will never attempt to read
additionally data from /etc/passwd.Using &man.id.1; to determine group membership&prompt.user; idjru
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)As you can see, jru is a member of the
groups jru and
teamtwo.For more information about &man.pw.8;, see its manual page, and
for more information on the format of
/etc/group, consult the &man.group.5; manual
page.
diff --git a/en_US.ISO8859-1/books/handbook/x11/chapter.sgml b/en_US.ISO8859-1/books/handbook/x11/chapter.sgml
index b27000549f..a58e7c77cd 100644
--- a/en_US.ISO8859-1/books/handbook/x11/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/x11/chapter.sgml
@@ -1,2378 +1,2380 @@
The X Window SystemThis chapter has been graciously donated by &a.grog;
from his book, The
Complete FreeBSD, and remains copyright of him.
Modifications for the handbook made by &a.jim;. The section on
fonts in XFree86 was contributed by &a.murray;
and the section on XDM was contributed by &a.sethk;.SynopsisThe following chapter will cover installing and configuring X11
on your system. For more information on X11 and to see whether your
video card is supported, check the XFree86 web site.OverviewFreeBSD comes with XFree86, a
port of X11R6 that supports several versions of Intel-based Unix.
This chapter describes how to set up your
XFree86 server. It is based on
material supplied with the FreeBSD release, specifically the files
README.FreeBSD and
README.Config in the directory
/usr/X11R6/lib/X11/doc. If you find any
discrepancy, the material in those files will be more up-to-date
than this description. In addition, the file
/usr/X11R6/lib/X11/doc/RELNOTES contains
OS-independent information about the current release.X uses a lot of memory. In order to run X, your system should
have an absolute minimum of 8 MB of memory, but performance will be
painful with so little memory. A more practical minimum is 16 MB,
and you can improve performance by adding more memory. If you use
X intensively, you will continue seeing performance improvement by
increasing to as much as 128 MB of RAM.There is lots of useful information in the rest of this chapter,
but maybe you are not interested in information right now. You just
want to get your X server up and running. However, be warned:An incorrect installation can burn out your monitor or your
video board.However, if you know you are in spec, and you have a standard
Super VGA board and a good multi-frequency monitor, then you can
probably get things up and running without reading this
chapter.Installing XFree86The easiest way to install XFree86
is with the &man.sysinstall.8;
program, either when you are installing the system, or later by
starting the program /stand/sysinstall. In the
rest of this chapter, we will look at what makes up the
distribution, and we will also take a look at manually installing
X11.The XFree86 DistributionXFree86 is distributed as a bewildering
number of archives.
In the following section, we will take a look at what you should
install. Do not worry too much, though; if you cannot decide
what to pick and you have 200MB of disk space free, it's safe to
unpack everything.At a minimum you need to unpack the archives in the
following table and at least one server that matches your VGA
board. You will need 10Mb for the minimum required run-time
binaries only, and between 1.7 and 3 MB for the server.Below is a table of the required components.ArchiveDescriptionXbin.tgzAll the executable X client applications and shared
libraries.Xfnts.tgzThe misc and 75 dpi fonts.Xlib.tgzData files and libraries needed at runtime.The X ServerIn addition to the archives above, you need at least one
server, which will take up about 3 MB of disk. The choice
depends primarily on what kind of display board you have. The
default server name is /usr/X11R6/bin/X, and
it is a link to a specific server binary
/usr/X11R6/bin/XF86_xxxx. You will find the
server archives for the standard PC architecture in
/cdrom/XF86336/Servers, and the servers for
the Japanese PC98 architecture in
/cdrom/XF86336/PC98-Servers if you have the
CD set. Alternatively, they are available on our FTP site at
ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/XF86336/Servers/ or ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/XF86336/PC98-Servers/Available X servers for the standard PC architecture:ArchiveDescriptionX8514.tgz8-bit color for IBM 8514 and true
compatibles.XAGX.tgz8 and 16-bit color for AGX and XGA boards.XI128.tgz8 and 16-bit color for I128 boards.XMa32.tgz8 and 16-bit color for ATI Mach32 boards.XMa64.tgz8, 16, and 32-bit color fot ATI Mach64
boards.XMa8.tgz8-bit color for ATI Mach8 boards.XMono.tgz1-bit monochrome for VGA, Super-VGA, Hercules, and
others.XP9K.tgz8, 16, and 32-bit color for Weitek P9000 boards
(Diamond Viper).XS3.tgz8, 16, and 32-bit color for S3 boards.XS3V.tgz8 and 16-bit color for S3 ViRGE boards.XSVGA.tgz>=8-bit color for Super-VGA cards.XVG16.tgz4-bit color for VGA and Super-VGA cards.XW32.tgz8-bit color for ET4000/W32, /W32i, /W32p, and
ET6000 cards.Available X servers for the Japanese PC98 architecture:ArchiveDescriptionX9GAN.tgz8-bit color for PC98 GA-98NB/WAP boards.X9GA9.tgz8, 16, and 32-bit color for PC98 S3 GA-968
boards.X9480.tgz8-bit color for PC98 PEGCX9NKV.tgz8-bit color for PC98 NEC-CIRRUS/EPSON NKV/NKV2
boards.X9WBS.tgz8-bit color for PC98 WAB-S boards.X9WEP.tgz8-bit color for PC98 WAB-EP boards.X9WSN.tgz8-bit color for PC98 WSN-A2F boards.X9EGC.tgz4-bit color for PC98 EGC.X9TGU.tgz8 and 16-bit color for PC98 Trident Cyber9320/9680
boards.X9NS3.tgz8 and 16-bit color for PC98 NEC S3 boards.X9SPW.tgz8 and 16-bit color for PC98 S3 PW/PCSKB
boards.X9LPW.tgz8 and 16-bit color for PC98 S3 PW/LB boards.Each of these servers includes a manual page which contains
details of supported chipsets and server-specific configuration
options.There are also a number of archives are provided for X
programmers:ArchiveDescriptionXprog.tgzConfig, lib*.a, and
*.h files needed for compiling
clients.Xctrb.tgzContributed sources.Xlk98.tgzThe link kit for building servers,
Japanese PC98 version.Xlkit.tgzThe link kit for building servers,
normal PC architecture.Xsrc-1.tgzPart 1 of the complete sources.Xsrc-2.tgzPart 2 of the complete sources.Xsrc-3.tgzPart 3 of the complete sources.You will need Xprog.tgz if you intend
to install ports of X software.XFree86 also includes a number
of optional parts, such as documentation, and setup
programs.ArchiveDescriptionXdoc.tgzREADMEsXjdoc.tgzREADMEs in Japanese.Xps.tgzREADMEs in PostScript.Xhtml.tgzREADMEs in HTML.Xman.tgzManual pages.Xcfg.tgzCustomizable xinit and
xdm runtime configuration
files.Xset.tgzThe X86Setup utility; a
graphical version of the xf86config
utility.Xjset.tgzThe XF86Setup utility,
Japanese version, for the normal PC architecture.XF86Setup is a graphical mode setup
program for XFree86, and you may
prefer it to the standard setup program
xf86config. You do not need any special
archives for xf86config; it is included in
Xbin.tgz.The first time you install, you will need
Xcfg.tgz to create your initial configuration
files. Do not use it when upgrading; it overwrites your
configuration files.There are also additional fonts that are available with
XFree86:ArchiveDescriptionXf100.tgz100 dpi fonts.Xfscl.tgzSpeedo and Type1 fonts.Xfnon.tgzJapanese, Chinese, and other non-english
fonts.Xfcyr.tgzCyrillic fonts.Unlike the X servers described above, the archives for the
following servers are all in the main directory.ArchiveDescriptionXfsrv.tgzThe font server.Xnest.tgzA nested server running as a client window on
another display.Xprt.tgzThe print server.Xvfb.tgzThe Virtual Framebuffer X server, which renders
into memory or an mmapped file.Installing XFree86 ManuallyIf you do not use sysinstall
to install X, you need to perform a number of steps:Create the directories and unpack the required
archives.Choose and install an X server.Set up the environment to be able to access X.Find a virtual terminal in which to run X.Configure X for your hardware.This sounds like a lot of work, but if you approach it
methodically, it is not too bad. In the rest of this section,
we will look at each step in turn.Unpacking the ArchivesYou must unpack the archives as root, since a number of
the executables are set-user-id (they run as root even when
started by other users). If you unpack the server as an
ordinary user, it may abort when you try to run it. You must
also use a umask value of 022 (permissions rwxr-xr-x), because
the X server requires special permissions.&prompt.user; su
Password:
&prompt.root; umask 022If you do not have enough space in the
/usr file system, create a directory on
another partition and symlink it to /usr. For example, if you
have a file system /home with adequate
space, you could do:&prompt.root; cd /home
&prompt.root; mkdir X11R6
&prompt.root; ln -s /home/X11R6 /usr/X11R6Next, decide which archives you want to install. For a
minimal installation, choose Xbin.tgz,
Xfnts.tgz, Xlib.tgz,
and Xcfg.tgz. If you have already
configured X for your hardware, you can omit
Xcfg.tgz.If you are using sh, unpack like this:&prompt.root; mkdir -p /usr/X11R6
&prompt.root; cd /usr/X11R6
&prompt.root; for i in bin fnts lib cfg; do
&prompt.root; tar xzf X$i.tgz
&prompt.root; doneIf you are using csh, enter:&prompt.root; mkdir -p /usr/X11R6
&prompt.root; cd /usr/X11R6
&prompt.root; foreach i (bin fnts lib cfg)? tar xzf X$i.tgz?endInstalling the ServerChoose a server archive corresponding to your VGA board.
If the table in the section above does not give you enough
information, check the server man pages,
/usr/X11R6/man/man1/XF86_*, which list
the VGA chipsets supported by each server. For example, if
you have an ET4000 based board you will use the
XF86_SVGA server. In this case you
would enter:&prompt.root; cd /usr/X11R6
&prompt.root; tar xzf XSVGA.tgz [substitute your server name here]Setting up the environmentNext, you may wish to create a symbolic link
/usr/X11/bin/X that points to the server
that matches your video board. In this example, it is the
XF86_SVGA server:&prompt.root; cd /usr/X11R6/bin
&prompt.root; rm X
&prompt.root; ln -s XF86_SVGA XX needs this symbolic link in order to be able to work
correctly, but you have the option of setting it when you run
xf86config – see below.Next, check that the directory
/usr/X11R6/bin is in the default path for
sh in /etc/profile and for
csh in
/etc/csh.login, and add it if it is not.
It is best to do this with an editor, but if you want to take
a shortcut, you can enter:&prompt.root; echo 'PATH=$PATH:/usr/X11R6/bin' >>/etc/profileor:&prompt.root; echo 'set path = ($path /usr/X11R6/bin)' >>/etc/csh.loginAlternatively, make sure everybody who uses X puts
/usr/X11R6/bin in their shell's
PATH variable.Next, invoke ldconfig to put the
shared libraries in ld.so's cache:&prompt.root; ldconfig -m /usr/X11R6/libYou can omit invoking ldconfig if you
plan to reboot before using X.You do not need to uncompress the font files, but if you
do, you must run mkfontdir in the
corresponding font directory, otherwise your server will abort
with the message could not open default font
`fixed'.Assigning a virtual terminal to XNext, make sure you have a spare virtual console which is
running a &man.getty.8;. First check how many virtual consoles you
have:&prompt.root; dmesg | grep virtual
sc0: VGA color <16 virtual consoles, flags=0x0>Then check /etc/ttys to make sure
there is at least one virtual terminal (ttyvxx device) which
does not have a &man.getty.8; enabled. Look for the keyword
off:&prompt.root; grep ttyv /etc/ttys
ttyv0 "/usr/libexec/getty Pc" cons25 on secure
ttyv1 "/usr/libexec/getty Pc" cons25 on secure
ttyv2 "/usr/libexec/getty Pc" cons25 on secure
ttyv3 "/usr/libexec/getty Pc" cons25 off secureIn this case, /dev/ttyv3 is
available, if your kernel has least 4
vts. If not, either disable a
&man.getty.8; in /etc/ttys by changing on
to off, or build another kernel with more virtual
terminals.Configuring X for Your HardwareAfter installing the X software, you will need to
customize the file XF86Config, which
tells the X server about your hardware and how you want to
run it.In order to set up XF86Config, you
will need the following hardware information:Your mouse type, the bit rate if it is a serial mouse,
and the name of the device to which it is connected. This
will typically be /dev/ttyd0 or
/dev/ttyd1 for a serial mouse,
/dev/psm0 for a PS/2 mouse, or
/dev/mse0 for a bus mouse.The type of the video board and the amount of display
memory. If it is a no-name board, establish what VGA chip
set it uses.The parameters of your monitor; vertical and
horizontal frequency.Identifying the hardwareHow do you decide what your hardware is? The manufacturer
should tell you, but very often the information you get about
your display board and monitor is pitiful; Super VGA
board with 76 Hz refresh rate and 16,777,216 colors.
This tells you the maximum pixel depth (24 bits – - the
number of colors is 2(pixel depth)), but it doesn't tell you
anything else about the display board.As we will see later, the real parameters you need to know
are the maximum horizontal frequency, the dot clock range, the
chipset and the amount of display memory.You could be unlucky trying to get some of this
information, but you can get some with the
SuperProbe program. It should always be
able to tell you the chipset and the amount of memory on
board.Occasionally SuperProbe can crash your
system. Make sure you are not doing anything important when
you run it. Running SuperProbe looks like
this:&prompt.root; SuperProbe
(warnings and acknowledgments omitted)
First video: Super-VGA
Chipset: Tseng ET4000 (Port Probed)
Memory: 1024 Kbytes
RAMDAC: Generic 8-bit pseudo-color DAC
(with 6-bit wide lookup tables (or in 6-bit mode))SuperProbe is very finicky about
running at all, and you will often get messages like:SuperProbe: Cannot be run while an X server is running
SuperProbe: If an X server is not running, unset $DISPLAY and try again
SuperProbe: Cannot open videoIn other words, even if no X server is running,
SuperProbe will not work if you have the
environment variable DISPLAY set. How do you
unset it? With Bourne-style shells, you enter:&prompt.root; unset DISPLAYIn the C shell, you enter:&prompt.root; unsetenv DISPLAYRunning xf86configThe easy way to create your configuration file is with one
of the utilities xf86config (note the lower
case name) or XF86Setup. Both lead you
through the configuration step by step.
xf86config runs in character mode, while
XF86Setup runs in a graphical mode.
XF86Setup can have problems with unusual
hardware, so I personally prefer
xf86config.You can also use sysinstall,
but this does not change
much; sysinstall just starts
xf86config for you, and it is easier to
start it directly. In this section, we will use an example to
illustrate configuration via xf86config.
We are installing X for an ancient Diamond SpeedStar with 1 MB
of display memory, a Logitech MouseMan mouse, and an ADI
MicroScan 5AP monitor. The mouse is connected to the system
via the first serial port,
/dev/ttyd0.To run xf86config, type in the name. If
/usr/X11R6/bin is included in your
PATH environment variable, you just need to type
xf86config. If it is not, you need to type
out the full path to xf86config, like
so:&prompt.root; /usr/X11R6/bin/xf86configThis program will create a basic
XF86Configfile, based on menu selections
you make.The XF86Config file usually resides
in /usr/X11R6/lib/X11 or
/etc. A sample
XF86Config file is supplied with
XFree86;
it is configured for a standard VGA card and monitor with
640x480 resolution. This program will ask for a pathname when
it is ready to write the file.You can either take the sample
XF86Config as a base and edit it for your
configuration, or let this program produce a base
XF86Config file for your configuration
and fine-tune it. Refer to
/usr/X11R6/lib/X11/doc/README.Config for
a detailed overview of the configuration process.For accelerated servers (including accelerated drivers in
the SVGA server), there are many chipset and card-specific
options and settings. This program does not know about these.
On some configurations some of these settings must be
specified. Refer to the server man pages and chipset-specific
READMEs.Before continuing with this program, make sure you know
the chipset and amount of video memory on your video card.
SuperProbe can help with this. It is also
helpful if you know what server you want to run.Press enter to continue, or ctrl-c to abort. ENTER
First specify a mouse protocol type. Choose one from the following list:
1. Microsoft compatible (2-button protocol)
2. Mouse Systems (3-button protocol)
3. Bus Mouse
4. PS/2 Mouse
5. Logitech Mouse (serial, old type, Logitech protocol)
6. Logitech MouseMan (Microsoft compatible)
7. MM Series
8. MM HitTablet
9. Microsoft IntelliMouseIf you have a two-button mouse, it is most likely of type
1, and if you have a three-button mouse, it can probably
support both protocol 1 and 2. There are two main varieties
of the latter type; mice with a switch to select the protocol,
and mice that default to 1 and require a button to be held at
boot-time to select protocol 2. Some mice can be convinced to
do 2 by sending a special sequence to the serial port (see the
ClearDTR/ClearRTS options).Enter a protocol number: 6 Logitech MouseMan
You have selected a Logitech MouseMan type mouse. You might want to enable
ChordMiddle which could cause the third button to work.
Please answer the following question with either 'y' or 'n'.
Do you want to enable ChordMiddle? nYou definitely want to enable the third button on your
mouse, since many X clients use it. With a genuine Logitech
mouse, however, you don't need to enable
ChordMiddle in order to use the button. If
you find that the third button does not work when you start X,
you can enable ChordMiddle by editing the
configuration file – it is much easier and less
error-prone than re-running XF86Setup.Continuing through the setup:If your mouse has only two buttons, it is recommended that you enable Emulate3Buttons.
Please answer the following question with either 'y' or 'n'.
Do you want to enable Emulate3Buttons? n
Now give the full device name that the mouse is connected to, for example
/dev/tty00. Just pressing enter will use the default, /dev/mouse.
Mouse device: /dev/ttyd1Be very careful about this entry. You must specify the
correct name for the device to which the mouse is connected.
xf86config is not specific to FreeBSD, and
the suggested example is just plain wrong for FreeBSD. Use
the names /dev/ttyd0 through
/dev/ttyd3 for serial mice,
/dev/psm0 for PS/2 mice or
/dev/mse0 for a bus mouse.Continuing, we see:Beginning with XFree86 3.1.2D, you can use the new X11R6.1
XKEYBOARD extension to manage the keyboard layout. If you answer 'n' to the
following question, the server will use the old method, and you have to
adjust your keyboard layout with xmodmap.
Please answer the following question with either 'y' or 'n'.
Do you want to use XKB? y
The following dialogue will allow you to select from a list of already
preconfigured keymaps. If you don't find a suitable keymap in the list,
the program will try to combine a keymap from additional information you
are asked then. Such a keymap is by default untested and may require
manual tuning. Please report success or required changes for such a
keymap to XFREE86@XFREE86.ORG for addition to the list of preconfigured
keymaps in the future.
Press enter to continue, or ctrl-c to abort.
List of preconfigured keymaps:
1 Standard 101-key, US encoding
2 Microsoft Natural, US encoding
3 KeyTronic FlexPro, US encoding
4 Standard 101-key, US encoding with ISO9995-3 extensions
5 Standard 101-key, German encoding
6 Standard 101-key, French encoding
7 Standard 101-key, Thai encoding
8 Standard 101-key, Swiss/German encoding
9 Standard 101-key, Swiss/French encoding
10 None of the above
Enter a number to choose the keymap.
1 Choose the standard US keyboardNow we want to set the specifications of the monitor. The
two critical parameters are the vertical refresh rate, which
is the rate at which the whole screen is refreshed, and
most importantly the horizontal sync rate, which is the rate
at which scan-lines are displayed.The valid range for horizontal sync and vertical sync
should be documented in the manual of your monitor. If in
doubt, check the monitor database
/usr/X11R6/lib/X11/doc/Monitors to see if
your monitor is there.Press enter to continue, or ctrl-c to abort. ENTER
You must indicate the horizontal sync range of your monitor. You can either
select one of the predefined ranges below that correspond to industry-
standard monitor types, or give a specific range.
It is VERY IMPORTANT that you do not specify a monitor type with a horizontal
sync range that is beyond the capabilities of your monitor. If in doubt,
choose a conservative setting.
hsync in kHz; monitor type with characteristic modes
1 31.5; Standard VGA, 640x480 @@ 60 Hz
2 31.5 - 35.1; Super VGA, 800x600 @@ 56 Hz
3 31.5, 35.5; 8514 Compatible, 1024x768 @@ 87 Hz interlaced (no 800x600)
4 31.5, 35.15, 35.5; Super VGA, 1024x768 @@ 87 Hz interlaced, 800x600 @@ 56 Hz
5 31.5 - 37.9; Extended Super VGA, 800x600 @@ 60 Hz, 640x480 @@ 72 Hz
6 31.5 - 48.5; Non-Interlaced SVGA, 1024x768 @@ 60 Hz, 800x600 @@ 72 Hz
7 31.5 - 57.0; High Frequency SVGA, 1024x768 @@ 70 Hz
8 31.5 - 64.3; Monitor that can do 1280x1024 @@ 60 Hz
9 31.5 - 79.0; Monitor that can do 1280x1024 @@ 74 Hz
10 31.5 - 82.0; Monitor that can do 1280x1024 @@ 76 Hz
11 Enter your own horizontal sync range
Enter your choice (1-11):Unfortunately, our monitor is not mentioned in the file
/usr/X11R6/lib/X11/doc/Monitors, but by
chance the manual does specify the frequency range in the
Technical Data section. The horizontal frequency range is
from 30 to 64 kHz, and the vertical frequency range is from
50 to 100 Hz. The horizontal frequency range is almost
exactly covered by choice 8, but that setting threatens to go
0.3 kHz higher in frequency than the technical data state. Do
you want to risk it? Doing so will most likely not be a
problem, since it is unlikely that the monitor will die at
such a small deviation from the specs, and it is also unlikely
that your XF86Config will actually
generate a horizontal frequency between 64.0 and 64.3 kHz.
However, there is no need to take even this slight risk. Just
specify the real values:Enter your choice (1-11): 11
Please enter the horizontal sync range of your monitor, in the format used
in the table of monitor types above. You can either specify one or more
continuous ranges (e.g. 15-25, 30-50), or one or more fixed sync
frequencies.
Horizontal sync range: 30-64Next, we select the vertical frequency range:You must indicate the vertical sync range of your monitor.
You can either select one of the predefined ranges below that correspond
to industry-standard monitor types, or give a specific range. For
interlaced modes, the number that counts is the high one (e.g., 87 Hz
rather than 43 Hz).
1 50-70
2 50-90
3 50-100
4 40-150
5 Enter your own vertical sync range
Enter your choice: 3 exactly the range of the monitorThe next step is to specify identification strings. You
can think out names if you want, but unless you are juggling a
lot of different hardware, you can let
xf86config do it for you:You must now enter a few identification/description strings,
namely an identifier, a vendor name, and a model name. Just pressing enter
will fill in default names.
The strings are free-form, spaces are allowed.
Enter an identifier for your monitor definition: ENTER
Enter the vendor name of your monitor: ENTER
Enter the model name of your monitor: ENTERNext comes the choice of the video board. We have an
elderly Diamond SpeedStar Plus with an ET4000 chip, and
unknown Ramdac and Clock Chip. Let's see how we fare:Now we must configure video card specific settings. At
this point you can choose to make a selection out of a database of video
card definitions. Because there can be variation in Ramdacs and clock
generators even between cards of the same model, it is not sensible to
blindly copy the settings (e.g., a Device section). For this reason,
after you make a selection, you will still be asked about the components
of the card, with the settings from the chosen database entry presented as
a strong hint.
The database entries include information about the chipset, what server to
run, the Ramdac and ClockChip, and comments that will be included in the
Device section. However, a lot of definitions only hint about what server
to run (based on the chipset the card uses) and are untested.
If you can't find your card in the database, there's nothing to worry about.
You should only choose a database entry that is exactly the same model as
your card; choosing one that looks similar is just a bad idea (e.g. a
GemStone Snail 64 may be as different from a GemStone Snail 64+ in terms of
hardware as can be).
Do you want to look at the card database? y
0 2 the Max MAXColor S3 Trio64V+ S3 Trio64V+
1 928Movie S3 928
2 AGX (generic) AGX-014/15/16
3 ALG-5434(E) CL-GD5434
4 ASUS 3Dexplorer RIVA128
5 ASUS PCI-AV264CT ATI-Mach64
6 ASUS PCI-V264CT ATI-Mach64
7 ASUS Video Magic PCI V864 S3 864
8 ASUS Video Magic PCI VT64 S3 Trio64
9 AT25 Alliance AT3D
10 AT3D Alliance AT3D
11 ATI 3D Pro Turbo ATI-Mach64
12 ATI 3D Xpression ATI-Mach64
13 ATI 3D Xpression+ PC2TV ATI-Mach64
14 ATI 8514 Ultra (no VGA) ATI-Mach8
15 ATI All-in-Wonder ATI-Mach64
16 ATI Graphics Pro Turbo ATI-Mach64
17 ATI Graphics Pro Turbo 1600 ATI-Mach64
Enter a number to choose the corresponding card definition.
Press enter for the next page, q to continue configuration.
ENTERDozens of board definitions come in alphabetic order.
Finally we see:108 DSV3325 S3 ViRGE
109 DSV3326 S3 Trio64V+
110 DataExpert DSV3325 S3 ViRGE
111 DataExpert DSV3365 S3 Trio64V+
112 Dell S3 805 S3 801/805
113 Dell onboard ET4000 ET4000
114 Diamond Edge 3D nv1
115 Diamond Multimedia Stealth 3D 2000 S3 ViRGE
116 Diamond Multimedia Stealth 3D 2000 PRO S3 ViRGE/DX
117 Diamond SpeedStar (Plus) ET4000
118 Diamond SpeedStar 24 ET4000
119 Diamond SpeedStar 24X (not fully supported) WD90C31
120 Diamond SpeedStar 64 CL-GD5434
121 Diamond SpeedStar HiColor ET4000
122 Diamond SpeedStar Pro (not SE) CL-GD5426/28
123 Diamond SpeedStar Pro 1100 CL-GD5420/2/4/6/8/9
124 Diamond SpeedStar Pro SE (CL-GD5430/5434) CL-GD5430/5434
125 Diamond SpeedStar64 Graphics 2000/2200 CL-GD5434
Enter a number to choose the corresponding card definition.
Press enter for the next page, q to continue configuration.
117
Your selected card definition:
Identifier: Diamond SpeedStar (Plus)
Chipset: ET4000
Server: XF86_SVGA
Press enter to continue, or ctrl-c to abort.ENTER
Now you must determine which server to run. Refer to the man pages and
other documentation. The following servers are available (they may not
all be installed on your system):
1 The XF86_Mono server. This a monochrome server that should work on any
VGA-compatible card, in 640x480 (more on some SVGA chipsets).
2 The XF86_VGA16 server. This is a 16-color VGA server that should work on
any VGA-compatible card.
3 The XF86_SVGA server. This is a 256 color SVGA server that supports
a number of SVGA chipsets. On some chipsets it is accelerated or
supports higher color depths.
4 The accelerated servers. These include XF86_S3, XF86_Mach32, XF86_Mach8,
XF86_8514, XF86_P9000, XF86_AGX, XF86_W32, XF86_Mach64, XF86_I128 and
XF86_S3V.
These four server types correspond to the four different "Screen" sections in
XF86Config (vga2, vga16, svga, accel).
5 Choose the server from the card definition, XF86_SVGA.
Which one of these screen types do you intend to run by default (1-5)?The system already chose XF86_SVGA for us. Do we want to
change? We would need a good reason. In this case, we do not
have a reason, so we will keep the server from the card
definition:Which one of these screen types do you intend to run by default (1-5)? 5
The server to run is selected by changing the symbolic link 'X'. For example,
the SVGA server.
Please answer the following question with either 'y' or 'n'.
Do you want me to set the symbolic link? yAll the programs that start X (xinit,
startx, and xdm)
start a program /usr/X11R6/bin/X. This
symbolic link makes /usr/X11R6/bin/X
point to your X server. If you don't have a link, you will
not be able to start X.Now you must give information about your video card. This
will be used for the "Device" section of your video card in XF86Config.
You must indicate how much video memory you have. It is probably a good
idea to use the same approximate amount as that detected by the server you
intend to use. If you encounter problems that are due to the used server
not supporting the amount memory you have (e.g. ATI Mach64 is limited to
1024K with the SVGA server), specify the maximum amount supported by the
server.
How much video memory do you have on your video card:
1 256K
2 512K
3 1024K
4 2048K
5 4096K
6 Other
Enter your choice: 3
You must now enter a few identification/description strings, namely an
identifier, a vendor name, and a model name. Just pressing enter will fill
in default names (possibly from a card definition).
Your card definition is Diamond SpeedStar (Plus).
The strings are free-form, spaces are allowed.
Enter an identifier for your video card definition: ENTER
You can simply press enter here if you have a generic card, or want to
describe your card with one string.
Enter the vendor name of your video card: ENTER
Enter the model (board) name of your video card: ENTER
Especially for accelerated servers, Ramdac, Dacspeed and ClockChip settings
or special options may be required in the Device section.
The RAMDAC setting only applies to the S3, AGX, W32 servers, and some
drivers in the SVGA servers. Some RAMDAC's are auto-detected by the server.
The detection of a RAMDAC is forced by using a Ramdac "identifier" line in
the Device section. The identifiers are shown at the right of the following
table of RAMDAC types:
1 AT&T 20C490 (S3 and AGX servers, ARK driver) att20c490
2 AT&T 20C498/21C498/22C498 (S3, autodetected) att20c498
3 AT&T 20C409/20C499 (S3, autodetected) att20c409
4 AT&T 20C505 (S3) att20c505
5 BrookTree BT481 (AGX) bt481
6 BrookTree BT482 (AGX) bt482
7 BrookTree BT485/9485 (S3) bt485
8 Sierra SC15025 (S3, AGX) sc15025
9 S3 GenDAC (86C708) (autodetected) s3gendac
10 S3 SDAC (86C716) (autodetected) s3_sdac
11 STG-1700 (S3, autodetected) stg1700
12 STG-1703 (S3, autodetected) stg1703
Enter a number to choose the corresponding RAMDAC.
Press enter for the next page, q to quit without selection of a RAMDAC.
q We don't need this
A Clockchip line in the Device section forces the detection of a
programmable clock device. With a clockchip enabled, any required
clock can be programmed without requiring probing of clocks or a
Clocks line. Most cards don't have a programmable clock chip.
Choose from the following list:
1 Chrontel 8391 ch8391
2 ICD2061A and compatibles (ICS9161A, DCS2824) icd2061a
3 ICS2595 ics2595
4 ICS5342 (similar to SDAC, but not completely compatible) ics5342
5 ICS5341 ics5341
6 S3 GenDAC (86C708) and ICS5300 (autodetected) s3gendac
7 S3 SDAC (86C716) s3_sdac
8 STG 1703 (autodetected) stg1703
9 Sierra SC11412 sc11412
10 TI 3025 (autodetected) ti3025
11 TI 3026 (autodetected) ti3026
12 IBM RGB 51x/52x (autodetected) ibm_rgb5xx
Just press enter if you don't want a Clockchip setting.
What Clockchip setting do you want (1-12)? ENTER
For most configurations, a Clocks line is useful since it prevents the slow
and nasty sounding clock probing at server start-up. Probed clocks are
displayed at server startup, along with other server and hardware
configuration info. You can save this information in a file by running
imprecise; some clocks may be slightly too high (varies per run).
At this point I can run X -probeonly, and try to extract the clock information
from the output. It is recommended that you do this yourself and add a clocks
line (note that the list of clocks may be split over multiple Clocks lines) to
your Device section afterwards. Be aware that a clocks line is not
appropriate for drivers that have a fixed set of clocks and don't probe by
default (e.g. Cirrus). Also, for the P9000 server you must simply specify
clocks line that matches the modes you want to use. For the S3 server with
a programmable clock chip you need a 'ClockChip' line and no Clocks line.
You must be root to be able to run X -probeonly now.
Do you want me to run 'X -probeonly' now?This last question is worth thinking about. You should
run X -probeonly at some point, but it requires some extra
work. We'll take the recommendation and try it later.Do you want me to run 'X -probeonly' now? n
For each depth, a list of modes (resolutions) is defined. The default
resolution that the server will start-up with will be the first listed
mode that can be supported by the monitor and card.
Currently it is set to:
"640x480" "800x600" "1024x768" for 8bpp
"640x480" "800x600" for 16bpp
"640x480" for 24bpp
"640x400" for 32bpp
Note that 16, 24 and 32bpp are only supported on a few configurations.
Modes that cannot be supported due to monitor or clock constraints will
be automatically skipped by the server.
1 Change the modes for 8pp (256 colors)
2 Change the modes for 16bpp (32K/64K colors)
3 Change the modes for 24bpp (24-bit color, packed pixel)
4 Change the modes for 32bpp (24-bit color)
5 The modes are OK, continue.
Enter your choice: 5 accept the defaults
You can have a virtual screen (desktop), which is screen area that is larger
than the physical screen and which is panned by moving the mouse to the edge
of the screen. If you don't want virtual desktop at a certain resolution,
you cannot have modes listed that are larger. Each color depth can have a
differently-sized virtual screen
Please answer the following question with either 'y' or 'n'.
Do you want a virtual screen that is larger than the physical screen? nIt is difficult to decide whether you want a virtual
screen larger than the physical screen. I find it extremely
disturbing, so I suggest you answer n. You might find it
useful, especially if your highest resolution is small.Now the configuration is complete, and
sysinstall just need to write the
configuration file:I am going to write the XF86Config file now. Make sure
you don't accidently overwrite a previously configured one.
Shall I write it to /etc/XF86Config? y
File has been written. Take a look at it before running 'startx'. Note that
the XF86Config file must be in one of the directories searched by the server
(e.g. /usr/X11R6/lib/X11) in order to be used. Within the server press
ctrl, alt and '+' simultaneously to cycle video resolutions. Pressing ctrl,
alt and backspace simultaneously immediately exits the server (use if
the monitor doesn't sync for a particular mode).
For further configuration, refer to /usr/X11R6/lib/X11/doc/README.Config.Once you have completed this configuration, you are ready to
start X.XFree86 4.X ConfigurationContributed by &a.cshumway;, July 2001.IntroductionThis chapter will introduce the steps necessary to install
and configure the XFree86
X Windows System under FreeBSD.
Once the server is installed and configured properly. The user
can read to setup their desktop
environment.XFree86 4.XXFree86Before You StartBefore the user is to start configuration of
XFree86-4, the the following
information will need to be known about the target
system:Monitor specificationsVideo Adapter chipsetVideo Adapter memoryhorizontal scan ratevertical scan rateThe specifications for the target system's monitor are
used by XFree86 to determine the
resolution and refresh rate to run at. These specifications can
usually be obtained from the documentation that came with the
target system's monitor or from the manufacturer's website.
There are two ranges of numbers that are needed, the horizontal
scan rate and the vertical synchronization rate.The video adapter's chipset defines what driver module
XFree86 uses to talk to the graphics
hardware. With most chipsets, this can be automatically
determined, but it is still useful to know in case the automatic
detection doesn't work correctly.Video memory on the graphic adapter determines the
resolution and color depth the target system can run at. This
is important to know so the user knows the limitations of the
target system.Installing XFree86 4.X softwareXFree86 4 can be installed
using the FreeBSD ports system or using &man.pkg.add.1;. If the
user is building XFree86-4 from
source and has USA_RESIDENT set in
/etc/make.conf, the user may first have to
fetch Wraphelp.c if XDM-AUTHORIZATION-1
support is desired. This file is to be placed in the port's
files/ sub-directory before the port is
built.Configuring XFree86 4.XConfiguration of XFree86 4.X is
a several step process. The first step is to build an initial
configuration file with the configure option to
XFree86. As the super user, simply
run:&prompt.root; XFree86 -configureThis will generate a skeleton
XFree86 configuration file in the
current working directory called
XF86Config.new. The
XFree86 program will attempt to probe
the graphics hardware on the system and will write a
configuration file to load the proper drivers for the detected
hardware on the target system.The next step is to test the currently existing
configuration to verify that XFree86
can work with the graphics
hardware on the target system. To preform this task, the user
needs to run:&prompt.root; XFree86 -xf86config XF86Config.newIf the user is presented with a black and grey grid and an
X mouse cursor, then the configuration was successful. To exit
the test, just press ctrl, alt and backspace simultaneously.XFree86 4 TuningNext, the user needs to tune the
XF86Config.new configuration file to their
personal taste. Open up the file in a text editor such as
&man.emacs.1; or &man.ee.1;. The first thing the user will want to
do is add the frequencies for the target system's monitor.
These are usually expressed as a horizontal and vertical
synchronization rate. These values are added to the
XF86Config.new file under the "Monitor"
section as such:Section "Monitor"
Identifier "Monitor0"
VendorName "Monitor Vendor"
ModelName "Monitor Model"
Horizsync 30-107
VertRefresh 48-120
EndSectionThe Horizsync and
VertRefresh keywords may not exist in the
user's configuration file. If they do not, they need to be
added, with the correct horizontal synchronization rate placed
after the Horizsync keyword and the vertical
synchronization rate after the VertRefresh
keyword. In the example above the target monitor's rates where
entered.
- XF86Config
+
+ XF86Config
+ While the XF86Config.new
configuration file is still open in an editor, next the user
needs to select what the default resolution and color depth is
desired. This is defined in the Screen
section.Section "Screen"
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
DefaultColorDepth 24
SubSection "Display"
Depth 24
Modes "1024x768"
EndSubSection
EndSectionThe DefaultColorDepth keyword describes
the color depth the user wishes to run at by default. This can
be overridden with the -bpp command line
switch to XFree861. The Modes keyword describes the
resolution the user wishes to run at for the given color depth.
In the example above, the default color depth is twenty four
bits per pixel. At this color depth, the accepted resolution is
one thousand twenty four pixels by seven hundred and sixty eight
pixels.If a user wants to run at a resolution of one thousand
twenty four pixels by seven hundred sixty eight pixels at twenty
four bits per pixel, then the user needs to add the
DefaultColorDepth keyword with the value of
twenty four, and add to the "Display"
subsection with the desired Depth the Modes keyword with the
resolution the user wishes to run at. Note that only VESA
standard modes are supported as defined by the target system's
graphics hardware.Finally, the user can write out the configuration file and
test it using the test mode given above. If all is well, then
the configuration file needs to be installed in a common
location where XFree861 can source it in the future.
This is typically /etc/X11/XF86Config or
/usr/X11R6/etc/X11/XF86Config.&prompt.root; cp XF86Config.new /etc/X11/XF86ConfigOnce the configuration file has been placed in a common
location, XFree86 can then be used through &man.xdm.1;. In
order to use startx1 the user will have to install
the X11/wrapper port.Advanced Configuration TopicsConfiguration with Intel i810 graphics chipsetsIntel i810 graphic chipsetConfiguration with Intel i810 integrated chipsets
requires the agpgart AGP programming interface for
XFree86 to be able to drive the
card. To enable the agpgart programming
interface, the agp.ko kernel loadable
module needs to be loaded into the kernel with
&man.kldload.8;. This can be done automatically with the
&man.loader.8;. Simply add this line to
/boot/loader.conf to have the loader load
agp.ko at boot time:agp_load="YES"Next, a device node needs to be created for the
programming interface. To create the AGP device node, run
&man.MAKEDEV.8; in the /dev directory as
such:&prompt.root; cd /dev
&prompt.root; sh MAKEDEV agpgartThis will allow the user to configure the graphics
hardware as any other graphics board.Using Fonts in XFree86Type1 FontsThe default fonts that ship with
XFree86 are less than ideal for typical
desktop publishing applications. Large presentation fonts show up
jagged and unprofessional looking and small fonts in Netscape are
almost completely unintelligible. However, there are several
free, high quality Type1 (PostScript) fonts available which
can be readily used
with XFree86, either version 3.X or
version 4.X. For instance, the URW font collection
(/usr/ports/x11-fonts/urwfonts) includes
high quality versions of standard type1 fonts (Times Roman,
Helvetica, Palatino and others). The Freefont collection
(/usr/ports/x11-fonts/freefont) includes
many more fonts, but most of them are intended for use in
graphics software such as the Gimp, and are not complete
enough to serve as screen fonts. In addition,
XFree86 can be configured to use
TrueType fonts with a minimum of effort: see the
section on TrueType fonts later.To install the above Type1 font collections from the ports
collection you can run the following commands.&prompt.root; cd /usr/ports/x11-fonts/urwfonts
&prompt.root; make install cleanAnd likewise with the freefont or other collections. To tell the X server
that these fonts exist, you can add an appropriate line
to your XF86Config file (in
/etc/ for XFree86
version 3, or in /etc/X11/ for version 4),
which reads:FontPath "/usr/X11R6/lib/X11/fonts/URW/"Alternatively, at the command line in your X session you can
write:&prompt.user; xset fp+ /usr/X11R6/lib/X11/fonts/URW
&prompt.user; xset fp rehashThis will work but will be lost when you log out from this
session, unless you add it to your startup file
(~/.xinitrc for a normal
startx session,
or ~/.xsession when logging in through a
graphical login manager like XDM).
A third way is to use the new
XftConfig file: see the
section on anti-aliasing, later.
TrueType FontsXFree86 4.0 has built in support
for rendering TrueType fonts. There are two different modules
that can enable this functionality. The "freetype" module is used
in this example because it is more consistent with the other font
rendering back-ends. To enable the freetype module just add the
following line to the module section of your
/etc/X11/XF86Config file.Load "freetype"For XFree86 3.3.X you will need
to run a separate TrueType font
server. Xfstt is commonly used for
this purpose. To install Xfstt on
your FreeBSD system simply install the port from
/usr/ports/x11-servers/XfsttYou should now make a directory for your TrueType fonts
(e.g. /usr/X11R6/lib/X11/fonts/TrueType)
and copy all of your TrueType fonts into this directory. Keep in
mind that you cannot take TrueType fonts directly from a
Macintosh; they must be in Unix/DOS/Windows format for use by
XFree86. Once you have copied the
files into this directory you need to use
ttmkfdir to create a
fonts.dir file so that the X font renderer
knows that you've installed these new files. There is a FreeBSD
port for ttmkfdir in
/usr/ports/x11-fonts/ttmkfdir.&prompt.root; cd /usr/X11R6/lib/X11/fonts/TrueType
&prompt.root; ttmkfdir > fonts.dirNow you need to add your TrueType directory to your fonts
path. This is just the same as described above for Type1 fonts, that is, use
&prompt.user; xset fp+ /usr/X11R6/lib/X11/fonts/TrueType
&prompt.user; xset fp rehash
or add a line to the
XF86Config file.That's it. Now Netscape,
Gimp,
StarOffice, and all of your other X
applications should now recognize your installed TrueType
fonts. Extremely small fonts (as with text in a high resolution
display on a web page) and extremely large fonts (within
StarOffice) will look much better
now.Anti-Aliasing your fontsStarting with version 4.0.2, XFree86
supports anti-aliased
fonts. Currently, most software has not been updated to take
advantage of this new functionality. However, Qt (the toolkit
for the KDE desktop) does; so if you
are running XFree86 4.0.2
(or higher), Qt 2.3 (or higher) and KDE,
all your KDE/Qt applications can be made to use anti-aliased
fonts.To configure anti-aliasing, you need to create (or edit, if
it already exists) the file
/usr/X11R6/lib/X11/XftConfig. Several
advanced things can be done with this file; this section
describes only the simplest possibilities.First, you need to tell the X server about the fonts which you
want anti-aliased. To do that, for each font directory you have
a line, which looks like this:dir "/usr/X11R6/lib/X11/Type1"And likewise for the other font directories (URW, truetype, etc)
containing fonts you'd like anti-aliased. Anti-aliasing makes
sense only for scalable fonts (basically, Type1 and TrueType) so
don't include bitmap font directories here. The
directories which you included here can now be commented out
of your XF86Config file.Next, you may not want to anti-alias normal-sized text.
(Antialiasing makes borders slightly fuzzy, which makes very
small text more readable and removes "staircases" from large text,
but can cause eyestrain if applied to normal text.) To exclude
point sizes between 9 and 13 from anti-aliasing, include these
lines:match
any size > 8
any size < 14
edit
antialias = false;You may also find that the spacing for some monospaced fonts
gets messed up when you turn on anti-aliasing. This seems to
be an issue with KDE, in particular.
One possible fix for this
is to force the spacing for such fonts to be 100: add the
following lines:match any family == "fixed" edit family =+ "mono";
match any family == "console" edit family =+ "mono";(this aliases the other common names for fixed fonts as "mono"),
and then add:match any family == "mono" edit spacing = 100;Supposing you want to use the
Lucidux fonts whenever
monospaced fonts are required (these look nice, and don't seem
to suffer from the spacing problem), you could replace that last
line with these:match any family == "mono" edit family += "LuciduxMono";
match any family == "Lucidux Mono" edit family += "LuciduxMono";
match any family == "LuciduxMono" edit family =+ "Lucidux Mono";(the last lines alias different equivalent family names).Finally, you want to allow users to add commands to this
file, via their personal .xftconfig
files. To do this, add a last line:includeif "~/.xftconfig"That's all; anti-aliasing should be enabled the next
time you start the X server. However, note that your programs must
know how to take advantage of it. At the present time, the toolkit
Qt does, so the entire KDE environment
can use anti-aliased fonts
(see on
KDE for
details); there are patches for gtk+ to do the same,
so if compiled against such a patched gtk+, the GNOME environment
and Mozilla can also use anti-aliased fonts.Anti-aliasing is still new to FreeBSD and
XFree86;
configuring it should get easier with time, and it will soon be
supported by many more applications.The X Display ManagerOverviewThe X Display Manager (XDM) is
an optional part of the X Window System that is used for login
session management. This is useful for several types of
situations, including minimal X Terminals (see
), desktops, and large network display
servers. Since the X Window System is network and protocol
independent, there are a wide variety of possible configurations
for running X clients and servers on different machines
connected by a network. XDM provides
a graphical interface for choosing which display server to
connect to, and entering authorization information such as a
login and password combination.You may think of XDM as
providing the same functionality to the user as the
&man.getty.8; utility (see for
details). That is, it performs system logins to the display
being connected to and then runs a session manager on behalf of
the user (usually an X window
manager). XDM then waits for this
program to exit, signaling that the user is done and should be
logged out of the display. At this point,
XDM can display the login and display
chooser screens for the next user to login.Using XDMThe XDM daemon program is
located in /usr/X11R6/bin/xdm. You can run
this program at any time as root and it will start managing the
X display on the local machine. If you want
XDM to run in the background every
time the machine boots up, a convenient way to do this is by
adding an entry to /etc/ttys. For more
information about the format and usage of this file, see . There is a line in the default
/etc/ttys file for running the
XDM daemon on a virtual terminal:
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure
By default this entry is disabled, and in order to enable it you
will need to change field 5 from off to
on and then restart &man.init.8; using the
directions in . The first field, the
name of the terminal this program will manage, is
ttyv8. This means that XDM
will start running on the 9th virtual terminal.Configuring XDMThe XDM configuration directory
is located in /usr/X11R6/lib/X11/xdm. In
this directory you will see several files used to change the
behavior and appearance of
XDM. Typically you will find these
files:FileDescriptionXaccessClient authorization ruleset.XresourcesDefault X resource values.XserversList of remote and local displays to manage.XsessionDefault session script for logins.Xsetup_*xdm-configGlobal configuration for all displays running on
this machine.xdm-errorsErrors generated by the server program.xdm-pidThe process ID of the currently running XDM.Also in this directory are a few scripts and programs used
to setup the desktop when XDM is
running. In the next few sections I will briefly describe the
purpose of each of these files. The exact syntax and usage of
all of these files is described in &man.xdm.1;The default configuration is a simple rectangular login
window with the hostname of the machine displayed at the top in
a large font and Login: and
Password: prompts below. This is a good starting
point if you are planning to design your own look and feel for
the XDM screens.XaccessThe protocol for connecting to
XDM controlled displays is called
the X Display Manager Connection Protocol (XDMCP). This file
is basically just a ruleset for controlling XDMCP connections
from remote machines. By default, it allows any client to
connect, but you will see this will not matter because the
default xdm-config file does not listen
for remote connections.XresourcesThis is an application-defaults file for the display
chooser and the login screens. This is where you can customize
the appearance of the login program. The format is identical
to the app-defaults file described in the XFree86
documentation.XserversThis is a list of the remote displays the chooser should
provide as choices.XsessionThis is the default session script for
XDM to run after a user has logged
in. Normally each user will have a customized session script
in ~/.xsessionrc that overrides this
script.Xsetup_*These files contain scripts that will be run automatically
before displaying the chooser or login interfaces. There is a
script for each display being used, named
Xsetup_followed by the local display
number (for instance Xsetup_0). Typically
these scripts will run one or two programs in the background
such as xconsole.xdm-configThis file contains settings in the form of app-defaults
that are applicable to every display that this installation
manages.xdm-errorsThis file contains the output of the X servers that
XDM is trying to run. If a display
that XDM is trying to start hangs
for some reason, this is a good place to look for error
messages. These messages are also written to the user's
~/.xsession-errors file on a per-session
basisRunning A Network Display ServerIn order for other clients to connect to your display
server, you will need to edit the access control rules, and
enable the connection listener. By default these are set to
conservative values, which is a good decision security-wise. To
get XDM to listen for connections
first comment out a line in the xdm-config
file:
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
DisplayManager.requestPort: 0
and then restart XDM. Remember that
comments in app-defaults files begin with a !
character, not a #. After this, you may need to
put more strict access controls in place. Look at the example
entries in Xaccess file, and refer to the
&man.xdm.1; manual page.Replacements for XDMSeveral replacements for the default
XDM program exist. One of them,
KDM (bundled with
KDE) is described in a later section. Apart from various
visual improvements and cosmetic frills, it can be easily
configured to let users choose their window manager of choice
at the time they log in.Desktop EnvironmentsWritten by &a.logo;, June 2001This section describes the different desktop environments
available for X-Windows on FreeBSD. For our purposes a "desktop
environment" will mean anything ranging from a simple window
manager, to a complete suite of desktop applications such as
KDE or GNOME.
GNOMEAbout GNOMEGNOME is a user-friendly
desktop environment that enables users to easily use and
configure their computers. GNOME
includes a panel (for starting applications and displaying
status), a desktop (where data and applications can be
placed), a set of standard desktop tools and applications, and
a set of conventions that make it easy for applications to
cooperate and be consistent with each other. Users of other
operating systems or environments should feel right at home
using the powerful graphics-driven environment that
GNOME provides.Installing GNOMETo install GNOME from the network,
simply type:&prompt.root; pkg_add -r gnomeIf you would rather build
GNOME from source, then use the
ports tree:&prompt.root; cd /usr/ports/x11/gnome
&prompt.root; make install cleanOnce GNOME is installed, we
must have the X server start GNOME
instead of a default window manager. If you have already
customized your .xinitrc file then you
should simply replace the line that starts your current window
manager with one that starts
/usr/X11R6/bin/gnome-wm instead. If you
haven't added anything special to your configuration file,
then it is enough to simply type:&prompt.root; echo "/usr/X11R6/bin/gnome-wm" > ~/.xinitrcThat's it. Type startx and you will be in the
GNOME desktop environment.If you're running a display manager like
XDM, this will not work. Instead,
you should create an executable .xsession
file with the same command in it. To do this, edit your file
(if you already have one) and replace the existing
window manager command with
/usr/X11R6/bin/gnome-wm; or else,&prompt.root; echo "#!/bin/sh" > ~/.xsession
&prompt.root; echo "/usr/X11R6/bin/gnome-wm" >> ~/.xsession
&prompt.root; chmod +x ~/.xsessionAnother option is to configure your display manager to
allow choosing the window manager at login time; the section on
KDE2 details
explains how to do this for kdm, the
display manager of KDE.KDE2About KDE2KDE is an easy to use
contemporary desktop environment. Some of the things that
KDE brings to the user are:A beautiful contemporary desktopA desktop exhibiting complete network transparencyAn integrated help system allowing for convenient,
consistent access to help on the use of the
KDE desktop and its
applicationsConsistent look and feel of all
KDE applicationsStandardized menu and toolbars, keybindings, color-schemes, etc.Internationalization: KDE
is available in more than 40 languagesCentralized consisted dialog driven desktop configurationA great number of useful
KDE applicationsKDE has an office application
suite based on KDE's
KParts technology consisting
of a spread-sheet, a presentation application, an organizer, a
news client and more. KDE is also
comes with a web browser called
Konqeuror, which represents already
a solid competitor to other existing web browsers on Unix
systems. More information on KDE
can be found on the KDE
websiteInstalling KDE2At the time of writing, a package for kde2 doesn't
exist yet. No problem! The ports tree hides all the
complexity of building a package from source. To install
KDE2, do this :&prompt.root; cd /usr/ports/x11/kde2
&prompt.root; make install cleanThis command will fetch all the necessary files from the
Internet, configure and compile KDE2,
install the applications, and then clean up after itself.Now you're going to have to tell the X server to launch
KDE2 instead of a default window manager.
Do this by typing this:&prompt.root; echo "/usr/X11R6/bin/startkde" > ~/.xinitrcNow, whenever you go into X-Windows,
KDE2 will be your
desktop. (Note: this will not work if you're logging in via
a display manager like xdm. In that
case you have two options: create an
.xsession file as described in the
section on GNOME, but
with the /usr/X11R6/bin/startkde
command instead of the gnome-wm
command; or, configure your display manager to allow
choosing a desktop at login time. Below it is explained how
to do this for kdm,
KDE's display manager.)More details on KDE2Now that KDE2 is installed on
your system, you'll find that you can learn a lot from its
help pages, or just by pointing and clicking at various menus.
Windows or Mac users will feel quite at home.The best reference for KDE is
the on-line documentation. KDE
comes with its own web browser,
Konqueror, dozens of useful
applications, and extensive documentation. This section only
discusses somewhat technical things which are difficult to
learn just by random exploration.The KDE display managerIf you're an administrator on a multi-user system, you
may like to have a graphical login screen to welcome users.
You can use xdm, as described
earlier. However, KDE includes an
alternative, KDM, which is designed
to look more attractive and include more login-time options.
In particular, users can easily choose (via a menu) which
desktop environment (KDE2,
GNOME, or something else) to run
after logging on. If you're slightly adventurous and you want
this added flexibility and visual appeal, read on.To begin with, run the KDE2
control panel, kcontrol, as
root. Note: it is generally considered
unsafe to run your entire X environment as
root. Instead, run your window manager
as a normal user, open a terminal window (such as
xterm or KDE's
konsole, become root
with su (you need to be in the
wheel
group in /etc/group for this), and then
type kcontrol. Click on the icon on the left marked "System", then on
"Login manager". On the right you'll see various configurable
options, which the KDE manual will
explain in greater detail. Click on "sessions" on the right.
Depending on what window managers or desktop environments you
have currently installed, you can type their names in "New
type" and add them. (These are just labels so far, not
commands, so you can write KDE and
GNOME rather than
startkde or gnome-wm.)
Include a label failsafe. Play with the other menus as you like (those are mainly
cosmetic and self-explanatory). When you're done, click on
"Apply" at the bottom, and quit the control center. To make sure kdm understands
what your above labels (KDE,
GNOME etc) mean, you need to edit
some more files: the same ones used by xdm. In your terminal window, as root,
edit the file
/usr/X11R6/lib/X11/xdm/Xsession. You
will come across a section in the middle looking like this (by
default):case $# in
1)
case $1 in
failsafe)
exec xterm -geometry 80x24-0-0
;;
esac
esacYou will need to add a few lines to this section.
Assuming the labels you gave earlier were KDE2 and GNOME,
the following will do:case $# in
1)
case $1 in
KDE2)
exec /usr/X11R6/bin/startkde
;;
GNOME)
exec /usr/X11R6/bin/gnome-wm
;;
failsafe)
exec xterm -geometry 80x24-0-0
;;
esac
esacTo make sure your KDE choice
of a login-time desktop background is also honored, you will
need to add the following line to
/usr/X11R6/lib/X11/xdm/Xsetup_0:/usr/X11R6/bin/kdmdesktopNow, you need only to make sure
kdm is started at the next bootup.
To learn how to do this, read the section on xdm, and do the same thing replacing
references to the xdm program by
kdm.That's it. Your next login screen should have a pretty
face and lots of menus.Anti-aliased fontsTired of blocky staircase edges to your fonts under X11?
Tired of unreadable text in web browsers? Well, no
more.Starting with version 4.0.2,
XFree86 supports anti-aliasing via
its "RENDER" extension, and starting with version 2.3, Qt (the
toolkit used by KDE) supports this
extension. Configuring this is described in on antialiasing X11 fonts. So if you're
running up-to-date software, anti-aliasing is possible on your
KDE2 desktop. Just go to your KDE2
menu, go to Preferences -> Look and Feel -> Style, and click
on the checkbox "Use Anti-Aliasing for Fonts and Icons".
That's all. If you're running a Qt application which is not
part of KDE, you may need to set
the environment variable QT_XFT to true before starting your
program.XFCEAbout XFCEXFCE is based on the gtk+
toolkit used by GNOME, but is much
more lightweight and meant for those who want a simple,
efficient desktop which is nevertheless easy to use and
configure. Visually, it looks very much like
CDE, found on commercial Unix
systems. Some of XFCE's features
are:A simple, easy-to-handle desktopFully configurable via mouse, with drag and
drop, etc Main panel similar to CDE, with menus, applets and
app launchersIntegrated window manager, file manager,
sound manager, GNOME compliance module, and other things Themeable (since it uses gtk+) Fast, light and efficient: ideal for
older/slower machines or machines with memory limitations More information on XFCE
can be found on the XFCE
website.Installing XFCEA binary package for xfce
exists (at the time of writing). To install, simply do
this:&prompt.root; pkg_add -r xfce Alternatively, you may prefer to build from source.
The ports tree comes to the rescue again: &prompt.root; cd /usr/ports/x11-wm/xfce
&prompt.root; make install clean All necessary source packages (including dependencies)
will be automagically fetched, built and installed, and
the build areas cleaned up afterwards.Now you want to tell the X server to launch
XFCE the next time you start
X. Simply type this:&prompt.root; echo "/usr/X11R6/bin/startxfce" > ~/.xinitrcThe next time you start X, XFCE will be your
desktop. (Note, as before:
if you're logging in via a display manager like
xdm, you should either create an
.xsession, as described in the
section on GNOME, but
with the /usr/X11R6/bin/startxfce
command; or, configure your display manager to allow
choosing a desktop at login time, as explained in
the section on kdm.)