Large browser vendors have quite some time ago established model of "trusted" web sites based on SSL certificates signed by "trusted" CAs. This trend increasingly spreads to other applications and protocols. This article gives exact steps needed for obtaining Let's Encrypt's wildcard certificates from FreeBSD host, using DNS validation through dynamic updates of a BIND server's zones, using EFF's ACME client, certbot.
Most of the OpenBSD systems I am in charge of are deployed in data centres, powered by UPSs which provide them with electrical power during periods of public grid power outages. But there is also a number of OpenBSD systems I administer, which are deployed in much less favourable conditions; where frequent power outages last longer than UPS batteries do, or where there are no UPSs at all (such as branch office routers in godforsaken places where having electricity and Internet access at all is considered a lucky circumstance). These latter systems are likely to have high rate of unclean shutdowns caused by prolonged or unexpected power outages, which in turn increase the probability of their inability to boot without human intervention. This article describes steps to make OpenBSD system more resilient to unexpected power outages by minimising the possibility of inconsistent file systems after unclean shutdowns, which is achieved by mounting all disk partitions in read-only mode. Filesystems which have to be writable - /var /dev and /tmp - are mounted as writable memory file systems.
For quite some time I have been using openntpd instead of FreeBSD's base ntpd(8), exclusively because of the latter's tendency to bind to all available interfaces and addresses, and its former inability to be configured in a way that it binds to specific IP address. Hhowever, it appears that from FreeBSD 11.1 onwards we can specify ntpd's listen IP address(es). The following article explains how to bind FreeBSD's base ntpd to single IPv4 address, and IPv4 loopback address.
The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. It has many well known security issues, and nowadays shouldn't be used at all. However, all Microsoft Windows versions from last two decades ship with PPTP client included which makes it very convenient. As of OpenBSD 5.3, npppd – New Point to Point Protocol Daemon – became a part of OpenBSD base system. The following article describes how to configure it as a PPTP server which authenticates users from RADIUS.
Desktop environments on FreeBSD are usually started by some kind of display manager, such as GDM or KDM. This is specially true for "heavy" desktops such as GNOME or KDE, which are almost impossible to run without one. On the other side, "lighter" desktops such as Xfce run just fine without a display manager. Steps to start Xfce without login manager are described in FreeBSD Handbook, but they require user to log in and start X server manually. The following article describes how to start Xfce automatically immediately after user logs onto local console.
Default FreeBSD installation will boot into command line login prompt, requiring users to log into the system before gaining access to the programs, which is usually done by typing username and password interactively. In some cases, however, we want to login certain user automatically on boot. Steps to accomplish this task are described in the following article.
