List Info

Thread: RE: TLS issues during screen lock
RE: TLS issues during screen lock
country flaguser name
United States		 2007-04-08 00:07:50 
Rich,
       No, I'm not using client based auth with this setup. 
I am sharing out the server certificate to the network
client. 

Date: Tue, 10 Apr 2007 08:35:00 -0700
From: Rich Megginson <rmegginsredhat.com>
Subject: Re: [Fedora-directory-users] TLS issues during
screen lock
To: "General discussion list for the Fedora Directory
server project."
	<fedora-directory-usersredhat.com>
Message-ID: <461BAEA4.5080708redhat.com>
Content-Type: text/plain; charset="iso-8859-1"

Brian Zuromski wrote:

> > Hello,
> >          I'm having an issue with TLS
certificates.  On the client 
> > side, it seems that when I have TLS enabled it
works fine.  When I 
> > screen lock the computer, I have to disable TLS to
get back in.  Has 
> > anyone else experienced this before?
>   
Are you using client cert based auth?

> >
> > Thanks,
> >
>   

-- 
--
Brian R. Z

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
Re: TLS issues during screen lock
user name
 2007-04-11 11:18:43 
Brian Zuromski wrote:
> Rich,
>       No, I'm not using client based auth with this
setup.  I am 
> sharing out the server certificate to the network
client.
How does this relate to LDAP or the directory server?
> Date: Tue, 10 Apr 2007 08:35:00 -0700
> From: Rich Megginson <rmegginsredhat.com>
> Subject: Re: [Fedora-directory-users] TLS issues during
screen lock
> To: "General discussion list for the Fedora
Directory server project."
>     <fedora-directory-usersredhat.com>
> Message-ID: <461BAEA4.5080708redhat.com>
> Content-Type: text/plain;
charset="iso-8859-1"
>
> Brian Zuromski wrote:
>
>> > Hello,
>> >          I'm having an issue with TLS
certificates.  On the client 
>> > side, it seems that when I have TLS enabled it
works fine.  When I 
>> > screen lock the computer, I have to disable
TLS to get back in.  
>> Has > anyone else experienced this before?
>>   
> Are you using client cert based auth?
>
>> >
>> > Thanks,
>> >
>>   
>


--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
Re: TLS issues during screen lock
country flaguser name
Australia		 2007-04-11 20:19:34 
Yes I've had that problem before but I fixed it before.

I think its a permission problem of user accesing the
certificate. When 
you logged onto the system the auth process is done by root
but when you 
lock it with a screen saver its locked by the user. So to
unlock it the 
auth process is done by the user.

But if your user has no access to the certificate he can't
authenticate 
against the ldap.

You can verify this by (Test this by)

chmod -R 755  /etc/openldap/certs

(Or where everever your certs are on the client system)

Log in as a normal user, lock it with xscreen saver, try
unlocking it.

If it works you have a access permission  problems with your
certs.



On Wed, 11 Apr 2007, Rich Megginson wrote:

> Brian Zuromski wrote:
>> Rich,
>>       No, I'm not using client based auth with this
setup.  I am sharing 
>> out the server certificate to the network client.
> How does this relate to LDAP or the directory server?
>> Date: Tue, 10 Apr 2007 08:35:00 -0700
>> From: Rich Megginson <rmegginsredhat.com>
>> Subject: Re: [Fedora-directory-users] TLS issues
during screen lock
>> To: "General discussion list for the Fedora
Directory server project."
>>     <fedora-directory-usersredhat.com>
>> Message-ID: <461BAEA4.5080708redhat.com>
>> Content-Type: text/plain;
charset="iso-8859-1"
>> 
>> Brian Zuromski wrote:
>> 
>>> > Hello,
>>> >          I'm having an issue with TLS
certificates.  On the client > 
>>> side, it seems that when I have TLS enabled it
works fine.  When I > 
>>> screen lock the computer, I have to disable TLS
to get back in.  Has > 
>>> anyone else experienced this before?
>>> 
>> Are you using client cert based auth?
>> 
>>> >
>>> > Thanks,
>>> >
>>> 
>> 
>
>
>
> !DSPAM:272,461d0aeb65221969219952!
>

-- 
Ashley Chew - Systems Administrator
School of Computer Science and Software Engineering
University of Western Australia
Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089
Ashley[]csse.uwa.edu.au - http://www.csse.uw
a.edu.au/~ashley

"There is no such thing as Fate, Fate is what you make
of it!"

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
Re: TLS issues during screen lock
country flaguser name
United States		 2007-04-09 09:17:37 
Ashley,
     Thanks for the reply.  I figured it out  by doing a
`ldapsearch -ZZ 
-d 1 -b "" -s base -x` and saw that the TLS trace
didn't have read 
access when using a non-privileged user. 
ashley wrote:
>
> Yes I've had that problem before but I fixed it
before.
>
> I think its a permission problem of user accesing the
certificate. 
> When you logged onto the system the auth process is
done by root but 
> when you lock it with a screen saver its locked by the
user. So to 
> unlock it the auth process is done by the user.
>
> But if your user has no access to the certificate he
can't 
> authenticate against the ldap.
>
> You can verify this by (Test this by)
>
> chmod -R 755  /etc/openldap/certs
>
> (Or where everever your certs are on the client
system)
>
> Log in as a normal user, lock it with xscreen saver,
try unlocking it.
>
> If it works you have a access permission  problems with
your certs.
>
>
>
> On Wed, 11 Apr 2007, Rich Megginson wrote:
>
>> Brian Zuromski wrote:
>>> Rich,
>>>       No, I'm not using client based auth with
this setup.  I am 
>>> sharing out the server certificate to the
network client.
>> How does this relate to LDAP or the directory
server?
>>> Date: Tue, 10 Apr 2007 08:35:00 -0700
>>> From: Rich Megginson <rmegginsredhat.com>
>>> Subject: Re: [Fedora-directory-users] TLS
issues during screen lock
>>> To: "General discussion list for the
Fedora Directory server project."
>>>     <fedora-directory-usersredhat.com>
>>> Message-ID: <461BAEA4.5080708redhat.com>
>>> Content-Type: text/plain;
charset="iso-8859-1"
>>>
>>> Brian Zuromski wrote:
>>>
>>>> > Hello,
>>>> >          I'm having an issue with TLS
certificates.  On the 
>>>> client > side, it seems that when I have
TLS enabled it works 
>>>> fine.  When I > screen lock the
computer, I have to disable TLS to 
>>>> get back in.  Has > anyone else
experienced this before?
>>>>
>>> Are you using client cert based auth?
>>>
>>>> >
>>>> > Thanks,
>>>> >
>>>>
>>>
>>
>>
>>
>> !DSPAM:272,461d0aeb65221969219952!
>>
>


-- 
--
Brian R. Zuromski
National Information Assurance Research Laboratory
Office of Defensive Computing Research (R23)
Contractor :: Pangia Technologies
443-479-5946

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )