Re: TLS server side auth problem

[peter pan <lanwanhr@yahoo.com>]

--- Liviu Daia <Liviu.Daia@imar.ro> wrote:
> On 2 September 2003, peter pan <lanwanhr@yahoo.com>
> wrote:
> [...]
> 
>     According to "man 5 ldap.conf":
> 
> :       Some options are user-only.  Such options
> are  ignored  if
> :       present  in the ldap.conf (or file specified
> by LDAPCONF).
> [...]
> :       TLS_CERT <filename>
> :              Specifies the file that contains  the
>  client  cer­
> :              tificate. This is a user-only option.
>                          ^^^^^^^^^^^^^^^^^^^^^^^^^^
> :       TLS_KEY <filename>
> :              Specifies  the  file  that contains
> the private key
> :              that matches the certificate stored
> in the TLS_CERT
> :              file.  Currently,  the private key
> must not be pro­
> :              tected with a password, so it is of
> critical impor­
> :              tance  that  the  key  file is
> protected carefully.
> :              This is a user-only option.
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
>     Regards,
> 
>     Liviu Daia
> 

Thanks for the reply Liviu.

I understand that .ldaprc is used to specify client
certs, and that this is user specific.

However, my understanding of all this says I don't
have to use client certificates at all to encrypt
reads/writes with TLS.  I need server cert, key and
cacert - but not client certs (it works with client
certs as a test but not without).

If I have misunderstood the implementation concepts 
or your reply please let me know as I still think what
I am trying to do is valid.

Pete.


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com