Mark McLoughlin wrote:
Hi, A couple of quick questions about things that have been bugging me:- If I import a server certificate and a CA certificate with pk12util and change the trust attributes on the CA cert to "C,," - i.e. that it should be a trusted CA for server certificates - and then start slapd I get:[05/Jan/2006:17:21:57 +0000] conn=0 op=-1 fd=64 closed - No certificate authority is trusted for SSL client authentication.Which seems strange to me - I would have thought the CA certs in nssckbi would be trusted for client auth?
Hmm - not sure.
Yes, and it should be nobody:nobody - the setup script for FDS 1.0.1 should be setting that directory to be owned by nobody:nobody. Did you run setup after installing FDS 1.0.1? We're currently revamping the RPM installation.- Unless /opt/fedora-ds/alias is owned by nobody:nobody you get[05/Jan/2006:17:43:40 +0000] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.): path: /opt/fedora-ds/alias/, certdb prefix: slapd-foo-, keydb prefix: slapd-foo-. [05/Jan/2006:17:43:40 +0000] - ERROR: NSS Initialization Failed.Couldn't we not make the directory owned by nobody:nobody by default in the RPM? root:root doesn't seem like a useful default.
Cheers, Mark. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
