Hi Wolfgang, sorry for not having replied earlier to this. On Mo 22 Jul 2019 18:08:49 CEST, Wolfgang Schweer wrote:
Moin Mike, On Thu, Jul 11, 2019 at 08:14:20PM +0200, Wolfgang Schweer wrote:On Thu, Jul 11, 2019 at 10:14:01AM +0000, Mike Gabriel wrote:> I don't see a reason for updating the LDAP cert in the chroot on every boot> of the ltspserver, either. Correct, it should only be fetched once. Thanks to Petter for explaining how the LDAP server certificate prevents potential credential exposure and that the 'fetch only once' is important for both host and chroot location.Please test the attached version of the fetch-ldap-cert init script against both buster and older main servers. (I've dropped the '-f' option to curl that you added in commit 0b71277 because we want to detect if the bundle certificate is provided.) Wolfgang
The school I can test this on is currently powered down due to maintenance work on the electric wiring in the building that hosts the server chamber.
It's on the list... Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpDRQHHejSUu.pgp
Description: Digitale PGP-Signatur