-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ronny,
On Sun, Apr 19, 2009 at 09:31:26PM +0200, Ronny Aasen wrote: > Andreas Schockenhoff wrote: >> Hi, >> >> I have used successfully install powerdns with cd-lenny-dvd. >> I use this howto: >> http://wiki.debian.org/DebianEdu/LdapifyServices >> >> Unfortunately ldap is broken in cd-lenny-test-dvd because the >> ssl certificate of the ldapserver seams lost. > danielsan told me the reason may be that the ssl directory may not be > accessible to others. something like chmod o+x /etc/ldap/ssl might > help on that. Perhaps it is inaccessible for a good reason, and your proposed change creates a locally exploitable security hole: If the file contains only a public certificate there should be no security issue in making it world readable. But if the file contains the private key then it should *not* be revealed to others. It does not matter for security (only for trust) if the certificate is self-signed or not: SSL in essentially insecure if private key is not kept private! - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAknrh3EACgkQn7DbMsAkQLiEiwCfbJnH+XaIZWNeyo7eVKWvPJqi wCQAnjWB6J+WWHTLesbKCa0mEHroSNR/ =Y7jt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
