Question on enabling ssl passync between windows and fds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bliss, Aaron wrote:
>
> Hi everyone,
> I'm attempting to get password synchronization to work between fds and 
> active directory; per the following document 
> _http://directory.fedora.redhat.com/wiki/Howto:WindowsSync#Test_to_make_sure_you_can_talk_SSL_from_Fedora_Directory_to_AD_ 
> , I now have my AD box listening on port 636 as outlined in the 
> section "With TinyCA2"; I have also installed a certificate for the 
> fds box as prescribed here 
> _http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1085091_ 
> including the section marked "Trust the Cerficate Authority"; my 
> question is, since both the AD box and FDS box trust my certificate 
> authority setup with tinyCA, I believe then each box would inherently 
> trust each other's certificates?  If so, have I already achieved the 
> steps listed below the section marked "Enabling SSl for PASSSync" in 
> the first document above, or do I still need to proceed with that 
> section even though the AD box and FDS box have certificates signed 
> from the same root CA?  Thanks very much for your help with this.
>
You still need to enable SSL for the PassSync service.  PassSync uses 
it's own certificate database, which is not the one that AD uses.  This 
is why you need to set up SSL for PassSync separately from setting SSL 
up for AD.

-NGK
>
> Aaron
>
> Confidentiality Notice:
> The information contained in this electronic message is intended for 
> the exclusive use of the individual or entity named above and may 
> contain privileged or confidential information.  If the reader of this 
> message is not the intended recipient or the employee or agent 
> responsible to deliver it to the intended recipient, you are hereby 
> notified that dissemination, distribution or copying of this 
> information is prohibited.  If you have received this communication in 
> error, please notify the sender immediately by telephone and destroy 
> the copies you received.
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061030/fe450c33/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux