-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Ronny,
On Sun, Apr 19, 2009 at 09:31:26PM +0200, Ronny Aasen wrote:
Andreas Schockenhoff wrote:
Hi,
I have used successfully install powerdns with cd-lenny-dvd.
I use this howto:
http://wiki.debian.org/DebianEdu/LdapifyServices
Unfortunately ldap is broken in cd-lenny-test-dvd because the
ssl certificate of the ldapserver seams lost.
danielsan told me the reason may be that the ssl directory may not be
accessible to others. something like chmod o+x /etc/ldap/ssl might
help on that.
Perhaps it is inaccessible for a good reason, and your proposed change
creates a locally exploitable security hole:
If the file contains only a public certificate there should be no
security issue in making it world readable. But if the file contains
the private key then it should *not* be revealed to others.
It does not matter for security (only for trust) if the certificate is
self-signed or not: SSL in essentially insecure if private key is not
kept private!