if we'd like to use nss_ldap with tls certificzte files than we have to use a least 644 permission even on the key file. it's not a good security concern. it's better than without tls, but local user still too powerful in this case:-( is there any way to prevent this? i mean to be able to change the file permission to root:root 640 and use nss_ldap too? usualy in this case a small portion of the progam run as setuid root, but of course in this case it can't help since it's a library and the whole nss philosophy are different from this. what can i do? or currently there is no solution for this?
thanks in advance.
yours.
-- Levente "Si vis pacem para bellum!"
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
