TLS issues during screen lock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ashley,
     Thanks for the reply.  I figured it out  by doing a `ldapsearch -ZZ 
-d 1 -b "" -s base -x` and saw that the TLS trace didn't have read 
access when using a non-privileged user. 
ashley wrote:
>
> Yes I've had that problem before but I fixed it before.
>
> I think its a permission problem of user accesing the certificate. 
> When you logged onto the system the auth process is done by root but 
> when you lock it with a screen saver its locked by the user. So to 
> unlock it the auth process is done by the user.
>
> But if your user has no access to the certificate he can't 
> authenticate against the ldap.
>
> You can verify this by (Test this by)
>
> chmod -R 755  /etc/openldap/certs
>
> (Or where everever your certs are on the client system)
>
> Log in as a normal user, lock it with xscreen saver, try unlocking it.
>
> If it works you have a access permission  problems with your certs.
>
>
>
> On Wed, 11 Apr 2007, Rich Megginson wrote:
>
>> Brian Zuromski wrote:
>>> Rich,
>>>       No, I'm not using client based auth with this setup.  I am 
>>> sharing out the server certificate to the network client.
>> How does this relate to LDAP or the directory server?
>>> Date: Tue, 10 Apr 2007 08:35:00 -0700
>>> From: Rich Megginson <rmeggins at redhat.com>
>>> Subject: Re: TLS issues during screen lock
>>> To: "General discussion list for the Fedora Directory server project."
>>>     <fedora-directory-users at redhat.com>
>>> Message-ID: <461BAEA4.5080708 at redhat.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Brian Zuromski wrote:
>>>
>>>> > Hello,
>>>> >          I'm having an issue with TLS certificates.  On the 
>>>> client > side, it seems that when I have TLS enabled it works 
>>>> fine.  When I > screen lock the computer, I have to disable TLS to 
>>>> get back in.  Has > anyone else experienced this before?
>>>>
>>> Are you using client cert based auth?
>>>
>>>> >
>>>> > Thanks,
>>>> >
>>>>
>>>
>>
>>
>>
>> !DSPAM:272,461d0aeb65221969219952!
>>
>


-- 
--
Brian R. Zuromski
National Information Assurance Research Laboratory
Office of Defensive Computing Research (R23)
Contractor :: Pangia Technologies
443-479-5946
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux