Re: powerdns check with debian edu.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Ronny,
On Sun, Apr 19, 2009 at 09:31:26PM +0200, Ronny Aasen wrote:
> Andreas Schockenhoff wrote:
>> Hi,
>>
>> I have used successfully install powerdns with cd-lenny-dvd.
>> I use this howto:
>> http://wiki.debian.org/DebianEdu/LdapifyServices
>>
>> Unfortunately ldap is broken in cd-lenny-test-dvd because the
>> ssl certificate of the ldapserver seams lost.
> danielsan told me the reason may be that the ssl directory may not be
> accessible to others. something like chmod o+x /etc/ldap/ssl might
> help on that.
Perhaps it is inaccessible for a good reason, and your proposed change
creates a locally exploitable security hole:
If the file contains only a public certificate there should be no
security issue in making it world readable. But if the file contains
the private key then it should *not* be revealed to others.
It does not matter for security (only for trust) if the certificate is
self-signed or not: SSL in essentially insecure if private key is not
kept private!
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknrh3EACgkQn7DbMsAkQLiEiwCfbJnH+XaIZWNeyo7eVKWvPJqi
wCQAnjWB6J+WWHTLesbKCa0mEHroSNR/
=Y7jt
-----END PGP SIGNATURE-----
Reply to: