Re: LDAP authentication with PAM

To: debian-devel@lists.debian.org
Cc: bj@zuto.de
Subject: Re: LDAP authentication with PAM
From: Wichert Akkerman <wichert@valinux.com>
Date: Fri, 13 Apr 2001 15:14:53 +0200
Message-id: <[🔎] 20010413151453.B12158@cistron.nl>
Mail-followup-to: debian-devel@lists.debian.org, bj@zuto.de
In-reply-to: <[🔎] 20010413151156.E21660@zuto.de>; from bj@zuto.de on Fri, Apr 13, 2001 at 03:11:56PM +0200
References: <[🔎] 84r8yyv1ob.fsf@snoopy.apana.org.au> <[🔎] 20010412132456.B32403@cistron.nl> <[🔎] 84bsq1v7ey.fsf@snoopy.apana.org.au> <[🔎] 847l0pv48s.fsf@snoopy.apana.org.au> <[🔎] 20010413101701.C14500@cistron.nl> <[🔎] 20010413151156.E21660@zuto.de>

Previously Rainer Clasen wrote:
> uhhm, is it?

Hmm, lets try again.

Wichert.

-- 
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

#! /bin/sh

# Trivial script to generate a CA key and a server key
# Uses 1024 bit RSA keys

set -e

##############################################################################
# Start by making the Certification Authority key
mkdir CA
cd CA

# First we make the key
openssl genrsa -out ca.key 1024

# Now we make the X.509 certificate signing request. User input is used here.
echo "*** Enter the data for the Certification Authority key"
openssl req -new -key ca.key -out ca.csr

# Generate the X.509 certificate, signed by itself. We are using a
# version 3 certificate here that will be valid for 14 days.
tf=`tempfile`
cat > $tf <<EOF
extensions = x509v3
[ x509v3 ]
subjectAltName  = email:copy
basicConstraints = CA:true,pathlen:0
nsComment       = "Dummy CA certificate"
nsCertType      = sslCA
EOF
openssl x509 -extfile $tf -days 14 \
	-signkey ca.key -in ca.csr -req -out ca.crt

cd ..

##############################################################################
# Now we make the server keys
mkdir -p server
cd server

# Create a certifiacte serial# file
[ -f .serial ] || echo 01 > .serial

# Create the private key
openssl genrsa -out server.key 1024

# Create the X.509 certificate signing request
echo "*** Enter the data for the server key"
openssl req -new -key server.key -out server.csr

# Generate the X.509 certificate, signed by itself. We are using a
# version 3 certificate here that will be valid for 14 days.
cat > $tf <<EOF
extensions = x509v3
[ x509v3 ]
subjectAltName = email:copy
nsComment      = "Dummy server certificate"
nsCertType     = server
EOF
openssl x509 -extfile $tf -days 14 \
	-CAserial .serial -CA ../CA/ca.crt -CAkey ../CA/ca.key \
	-in server.csr -req -out server.crt

# Clean up
rm -f $tf

Reply to:

References:
- LDAP authentication with PAM
  - From: Brian May <bam@debian.org>
- Re: LDAP authentication with PAM
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: LDAP authentication with PAM
  - From: Brian May <bam@debian.org>
- Re: LDAP authentication with PAM
  - From: Brian May <bam@debian.org>
- Re: LDAP authentication with PAM
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: LDAP authentication with PAM
  - From: Rainer Clasen <bj@zuto.de>

Prev by Date: Re: LDAP authentication with PAM
Next by Date: kernel-image-harden
Previous by thread: Re: LDAP authentication with PAM
Next by thread: Re: LDAP authentication with PAM
Index(es):
- Date
- Thread