I am setting up FreeRADIUS on my "network server" at home, which also runs FreeIPA. Naturally, I would like to use certmonger to issue, track, and renew the certificate(s) used by FreeRADIUS.
Unfortunately, ipa-getcert only works when run as root, and it writes the certificate and key files as root/0600, leaving them unreadable by radiusd. I can obviously change the permissions of the files, but certmonger will presumably reset them when it renews the certificate. I feel like I must be missing something obvious. certmonger must be usable with services that run as a non-root user, right? -- ======================================================================== Ian Pilcher arequip...@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
