[Date Prev][Date Next]
Re: TLS server side auth problem
--- Liviu Daia <Liviu.Daia@imar.ro> wrote:
> On 2 September 2003, peter pan <firstname.lastname@example.org>
> According to "man 5 ldap.conf":
> : Some options are user-only. Such options
> are ignored if
> : present in the ldap.conf (or file specified
> by LDAPCONF).
> : TLS_CERT <filename>
> : Specifies the file that contains the
> client cer
> : tificate. This is a user-only option.
> : TLS_KEY <filename>
> : Specifies the file that contains
> the private key
> : that matches the certificate stored
> in the TLS_CERT
> : file. Currently, the private key
> must not be pro
> : tected with a password, so it is of
> critical impor
> : tance that the key file is
> protected carefully.
> : This is a user-only option.
> Liviu Daia
Thanks for the reply Liviu.
I understand that .ldaprc is used to specify client
certs, and that this is user specific.
However, my understanding of all this says I don't
have to use client certificates at all to encrypt
reads/writes with TLS. I need server cert, key and
cacert - but not client certs (it works with client
certs as a test but not without).
If I have misunderstood the implementation concepts
or your reply please let me know as I still think what
I am trying to do is valid.
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software