Mark McLoughlin wrote: >Hi, > A couple of quick questions about things that have been bugging me: > > - If I import a server certificate and a CA certificate with pk12util > and change the trust attributes on the CA cert to "C,," - i.e. that > it should be a trusted CA for server certificates - and then start > slapd I get: > >[05/Jan/2006:17:21:57 +0000] conn=0 op=-1 fd=64 closed - No certificate authority is trusted for SSL client authentication. > > Which seems strange to me - I would have thought the CA certs in > nssckbi would be trusted for client auth? > > Hmm - not sure. > > - Unless /opt/fedora-ds/alias is owned by nobody:nobody you get > >[05/Jan/2006:17:43:40 +0000] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.): path: /opt/fedora-ds/alias/, certdb prefix: slapd-foo-, keydb prefix: slapd-foo-. >[05/Jan/2006:17:43:40 +0000] - ERROR: NSS Initialization Failed. > > Couldn't we not make the directory owned by nobody:nobody by > default in the RPM? root:root doesn't seem like a useful default. > > Yes, and it should be nobody:nobody - the setup script for FDS 1.0.1 should be setting that directory to be owned by nobody:nobody. Did you run setup after installing FDS 1.0.1? We're currently revamping the RPM installation. >Cheers, >Mark. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060106/714c3bba/attachment.bin
