[Fedora-directory-users] TLS issues during screen lock
Brian Zuromski
brzurom at tycho.ncsc.mil
Mon Apr 9 14:17:37 UTC 2007
Ashley,
Thanks for the reply. I figured it out by doing a `ldapsearch -ZZ
-d 1 -b "" -s base -x` and saw that the TLS trace didn't have read
access when using a non-privileged user.
ashley wrote:
>
> Yes I've had that problem before but I fixed it before.
>
> I think its a permission problem of user accesing the certificate.
> When you logged onto the system the auth process is done by root but
> when you lock it with a screen saver its locked by the user. So to
> unlock it the auth process is done by the user.
>
> But if your user has no access to the certificate he can't
> authenticate against the ldap.
>
> You can verify this by (Test this by)
>
> chmod -R 755 /etc/openldap/certs
>
> (Or where everever your certs are on the client system)
>
> Log in as a normal user, lock it with xscreen saver, try unlocking it.
>
> If it works you have a access permission problems with your certs.
>
>
>
> On Wed, 11 Apr 2007, Rich Megginson wrote:
>
>> Brian Zuromski wrote:
>>> Rich,
>>> No, I'm not using client based auth with this setup. I am
>>> sharing out the server certificate to the network client.
>> How does this relate to LDAP or the directory server?
>>> Date: Tue, 10 Apr 2007 08:35:00 -0700
>>> From: Rich Megginson <rmeggins at redhat.com>
>>> Subject: Re: [Fedora-directory-users] TLS issues during screen lock
>>> To: "General discussion list for the Fedora Directory server project."
>>> <fedora-directory-users at redhat.com>
>>> Message-ID: <461BAEA4.5080708 at redhat.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Brian Zuromski wrote:
>>>
>>>> > Hello,
>>>> > I'm having an issue with TLS certificates. On the
>>>> client > side, it seems that when I have TLS enabled it works
>>>> fine. When I > screen lock the computer, I have to disable TLS to
>>>> get back in. Has > anyone else experienced this before?
>>>>
>>> Are you using client cert based auth?
>>>
>>>> >
>>>> > Thanks,
>>>> >
>>>>
>>>
>>
>>
>>
>> !DSPAM:272,461d0aeb65221969219952!
>>
>
--
--
Brian R. Zuromski
National Information Assurance Research Laboratory
Office of Defensive Computing Research (R23)
Contractor :: Pangia Technologies
443-479-5946
More information about the Fedora-directory-users
mailing list