Re: [nssldap] nss_ldap, tls_key, and nscd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Guillaume Rousse <Guillaume.Rousse [at] inria.fr>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] nss_ldap, tls_key, and nscd
Date: Wed, 19 Aug 2009 21:12:37 +0200

Chris Adams a écrit :

I dug into this some, and it appears that nscd (at least on Linux with
glibc) doesn't handle getXXent calls, so they are handled directly in
the calling process (as if nscd was not running).  Since I set up my TLS
key to be only readable by root and the nscd user, normal users can't
connect to the LDAP server.

It seems a bit overkill for me to also us a certificate on client side.Especially as nss only deals with public informations generally... Doyou really fear someone on your network stealing uid/login mappings ?



--
BOFH excuse #354:

Chewing gum on /dev/sd3c

Re: [nssldap] nss_ldap, tls_key, and nscd, (continued)
- Re: [nssldap] nss_ldap, tls_key, and nscd, Guillaume Rousse
- Re: [nssldap] nss_ldap, tls_key, and nscd, Howard Wilkinson

Prev by Date: Re: [nssldap] nss_ldap, tls_key, and nscd
Next by Date: Re: [nssldap] nss_ldap, tls_key, and nscd
Previous by thread: Re: [nssldap] nss_ldap, tls_key, and nscd
Next by thread: Re: [nssldap] nss_ldap, tls_key, and nscd