Ako nekoi dokopa filowe na root e.g /etc/passwd i /etc/shadow koeto e nai rezonnoto da se aprawi ako moe - to togawa sertifikata i parolata mu shte sa poslednata mi grija....
I da taka e po-krasiwo.... :-)))) Kostadin Karaivanov Senior System Administrator @ Ministry Of Finace tel: +359 2 98592062 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Boris Jordanov Sent: Monday, September 02, 2002 2:09 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: Apache/mod-ssl On Mon, 2 Sep 2002 11:08:38 +0300 "Kostadin Karaivanov" <[EMAIL PROTECTED]> wrote: > BEZ PAROLA GLUPOSTI !!!!!!!!!!!!!!!!! > > w /etc/apache ili tam kadeto ti e confa slagash > SSLPassPhraseDialog exec:/sbin/mypass > > prawish si /sbin/mypass w coito ima > echo parolata_na_setifikata > > i si w biznesa :-))))) > ops i da ne zabrawish da go chownesh root.root i da go naprawish executable I tova e siguren variant? Moze bi, no pass-a ti ostava v javen vid na mashinata. Owner e root, i kakvo? i v dvata sluchaja za da se komprometira certificata ti trjabva access do nego (files - cert i private key). Naistina tozi variant izglezda po-krasiv, no te ostavja s leko falshivoto spokoistvie, che poneze certificate e s parola e sigurno reshenie. I v dvata sluchaja e nuzen private key na certificata za da moze da bude izpolzvan. Ako njama parola, owner na private key-a e pak root - znachi pak trjabva da se dokopame do file sobstvenost na root. Misulta mi e, che za po-paranoichnia admin i dvata varianta izglezdat ednakvo riskovi. Take care Boris Jordanov (borj) <[EMAIL PROTECTED]> ICQ 10751645 PGP-key-fingerprint:------------------------------ CB23 8B52 5FBC F36A 1B61 F1ED 2831 E52D AAFF 7B08 -------------------------------------------------- Public-key:--------------------------------------- http://borj.freeshell.org/borj.asc -------------------------------------------------- To err is human... to really foul up requires the root password. ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
