[Fedora-directory-users] TLS issues during screen lock

Brian Zuromski brzurom at tycho.ncsc.mil
Mon Apr 9 14:17:37 UTC 2007 

Ashley,
     Thanks for the reply.  I figured it out  by doing a `ldapsearch -ZZ 
-d 1 -b "" -s base -x` and saw that the TLS trace didn't have read 
access when using a non-privileged user. 
ashley wrote:
>
> Yes I've had that problem before but I fixed it before.
>
> I think its a permission problem of user accesing the certificate. 
> When you logged onto the system the auth process is done by root but 
> when you lock it with a screen saver its locked by the user. So to 
> unlock it the auth process is done by the user.
>
> But if your user has no access to the certificate he can't 
> authenticate against the ldap.
>
> You can verify this by (Test this by)
>
> chmod -R 755  /etc/openldap/certs
>
> (Or where everever your certs are on the client system)
>
> Log in as a normal user, lock it with xscreen saver, try unlocking it.
>
> If it works you have a access permission  problems with your certs.
>
>
>
> On Wed, 11 Apr 2007, Rich Megginson wrote:
>
>> Brian Zuromski wrote:
>>> Rich,
>>>       No, I'm not using client based auth with this setup.  I am 
>>> sharing out the server certificate to the network client.
>> How does this relate to LDAP or the directory server?
>>> Date: Tue, 10 Apr 2007 08:35:00 -0700
>>> From: Rich Megginson <rmeggins at redhat.com>
>>> Subject: Re: [Fedora-directory-users] TLS issues during screen lock
>>> To: "General discussion list for the Fedora Directory server project."
>>>     <fedora-directory-users at redhat.com>
>>> Message-ID: <461BAEA4.5080708 at redhat.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Brian Zuromski wrote:
>>>
>>>> > Hello,
>>>> >          I'm having an issue with TLS certificates.  On the 
>>>> client > side, it seems that when I have TLS enabled it works 
>>>> fine.  When I > screen lock the computer, I have to disable TLS to 
>>>> get back in.  Has > anyone else experienced this before?
>>>>
>>> Are you using client cert based auth?
>>>
>>>> >
>>>> > Thanks,
>>>> >
>>>>
>>>
>>
>>
>>
>> !DSPAM:272,461d0aeb65221969219952!
>>
>


-- 
--
Brian R. Zuromski
National Information Assurance Research Laboratory
Office of Defensive Computing Research (R23)
Contractor :: Pangia Technologies
443-479-5946

More information about the 389-users mailing list