[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS+Heimdal+SASL+Openv2 all chrooted...
Hi everybody,
First , scuse for my poor english ..
i experienced to puzzled these all program to work each others..
For many problems and time, it 's work !! But now, i have a few
questions to replace all correctly in my brain :)
So, let's go :
i want to chroot these programs but i don't know if i correctly
understand what it is good for ;(
For example, openldap.. Only daemon slapd have to be chrooted or
ldapsearch and rests of programs too ?
in fact i do this well for slapd but like i've said, i have installed
heimdal and of course, ldap must have access to keytab (and krb5.conf
and tmp cache) through sasl right ?
i only use sasl like third party layer so i don't chrooted sasl but only
incorporated sasl lib into my ldap chroot necessary library .. right
anymore.. ?
My first brain mistake is that i thought that chrooting something is for
not allowed a friendly honest person :) to hack my daemon and trying to
have name and pass of some users but when i search this lists for help
doing that, i found some persons who said that they are putting a copy
of keytab (and rests of heimdal config file) in their chrooted
environment??? I understand that base of chrooting is not to sharing but
if you give yourself information ?? i know it's crypted but users login
are visible.. second , how are they updating informations ?? by copying
all files all times ??
i personnaly using ldapsearch in the chroot directory but not with
chroot command so it seems to retrieving informations from outside jail
(heimdal informations except this keytab and libsasl compiled outside)
it seems to worked.. Slapd is good chrooted but programs are not.
is it good or my brain is really tired of all this compilations ?
I try to symbolinc link from original keytab but logicaly it fails cause
cannot go outside jail..
Second, is anybody done to launch kdc with non-root uid ?
Third, is anybody done to install mod_auth_kerb with apache and heimdal
(it seems to designed for mit..) or have a patch ?
Fourth really escuse for my french english :)
Thanks for all
thierry W