[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS server side auth problem
--- Liviu Daia <Liviu.Daia@imar.ro> wrote:
> On 2 September 2003, peter pan <lanwanhr@yahoo.com>
> wrote:
> [...]
>
> According to "man 5 ldap.conf":
>
> : Some options are user-only. Such options
> are ignored if
> : present in the ldap.conf (or file specified
> by LDAPCONF).
> [...]
> : TLS_CERT <filename>
> : Specifies the file that contains the
> client cer
> : tificate. This is a user-only option.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> : TLS_KEY <filename>
> : Specifies the file that contains
> the private key
> : that matches the certificate stored
> in the TLS_CERT
> : file. Currently, the private key
> must not be pro
> : tected with a password, so it is of
> critical impor
> : tance that the key file is
> protected carefully.
> : This is a user-only option.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Regards,
>
> Liviu Daia
>
Thanks for the reply Liviu.
I understand that .ldaprc is used to specify client
certs, and that this is user specific.
However, my understanding of all this says I don't
have to use client certificates at all to encrypt
reads/writes with TLS. I need server cert, key and
cacert - but not client certs (it works with client
certs as a test but not without).
If I have misunderstood the implementation concepts
or your reply please let me know as I still think what
I am trying to do is valid.
Pete.
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com