Sorry for the confusion. We need to distinguish three files:
- the CA certificate (world-readable) is used to verify the identity of the
server to the client
- the client certificate (world-readable) is used to verify the identity of
the client to the server
- the private key (readable to root and nslcd only) is also needed to
verify the identity of the client to the server as well as encrypting the
communication
As long as it is just the CA and client certificates that are world-
readable there is no problem at all. I'm just talking about the private
key file. I assumed that you were referring to the private key as well
as I don't see how it could work otherwise without using the nslcd
daemon. If the key is not world-readable, there is no problem at all.
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
