I am setting up FreeRADIUS on my "network server" at home, which also
runs FreeIPA. Naturally, I would like to use certmonger to issue,
track, and renew the certificate(s) used by FreeRADIUS.
Unfortunately, ipa-getcert only works when run as root, and it writes
the certificate and key files as root/0600, leaving them unreadable by
radiusd. I can obviously change the permissions of the files, but
certmonger will presumably reset them when it renews the certificate.
I feel like I must be missing something obvious. certmonger must be
usable with services that run as a non-root user, right?
--
========================================================================
Ian Pilcher arequipeno(a)gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================