Hello, all. May I suggest changing the group ownership of the files in
etc/openca/access_control to the web process owner.
We prefer to use LDAP authentication but we do not allow anonymous binds
for security reasons. Thus, we specify the binddn and bindpw in the
access_control files. Consequently, we do not want these to be world
readable. Removing o-r on the files breaks OpenCA because the web
process can no longer read them. We thus do not only "chmod o-r *" but
"chgrp apache *". May I suggest this become the default. Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
