TLS and rpc.nisd

From: Bob Cregan (bob.cregan_at_maths.bath.ac.uk)
Date: 12/22/04

  • Next message: Ramin Moazeni: "filesystem limits" 
    Date: Wed, 22 Dec 2004 16:18:18 +0000
To: sunmanagers@sunmanagers.org

    Hi
        I'm trying to get a secure connection from rpc.nisd (on a fully
    patched solaris 9 machine) to an openldap server. The server end works
    well with several independent ldap clients, but the sun client does not
    work.
     

    Running
     

    nisldapmaptest -o -t passwd
     

    gives the following error
     

    Failed to initialize SSL client: 'security library: bad database.'
     

     

    the entry in the file /etc/default/rpc.nisd for the TLS stuff is
    ####################################################################
    # Transport layer security for mapping data to/from LDAP.
    #
    nisplusLDAPTLS=ssl
    # Certificate DB for transport layer security
    nisplusLDAPTLSCertificateDBPath=/var/nis/filename-cert.pem
    ####################################################################
     

     

    where the file /var/nis/filename-cert.pem is a self signed certificate
    produced by openssl. The available documentation talks of a "
    certificate DB file" . Is this not a plan text file? Do we have to
    process an openssl certificate somehow to get a "certificate DB" or do
    we have to load the CA certificate somewhere?
     

    Thanks in anticipation
     

    Bob
     

     

    ------------------------------------------------------------
    Bob Cregan
    Unix Systems Administrator
    Department of Mathematical Sciences,
    The University of Bath
    Claverton Down
    Bath BA2 7AY
    phone 01225 386068
    mail bob.cregan@maths.bath.ac.uk
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Ramin Moazeni: "filesystem limits"

    Relevant Pages

    • Re: Cannot request computer certificate.
      ... >problem since you can not request a certificate while logged onto the CA. ... Verify that you can ping it by name and IP address from the client ... >> Kerberos, or dns. ... >> List of NetBt transports currently bound to the Redir ...
      (microsoft.public.windows.server.security)
    • Re: The message must contain a wsa:To header
      ... My client app is not generating a trace file. ... the client is not applying the WSE policy at all because of an ... at ApplicationMessagingWS.Dispatch(String messageType, String ... look for a certificate with this subject name in the certificate store ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: L2TP/IPSec from XP client to Windows 2003 Server
      ... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
      (microsoft.public.security)
    • Re: Cannot request computer certificate.
      ... I would verify that the certificate services service is running and set to ... Verify that you can ping it by name and IP address from the client ... > Kerberos, or dns. ... > List of NetBt transports currently bound to the Redir ...
      (microsoft.public.windows.server.security)
    • SNA 3270 to IP TN3270 Conversion =?ISO-8859-1?Q?=96?= Data Stream Encryption
      ... asked them on their thoughts regarding data stream encryption, ... which means that all data is encrypted before it is sent to the client. ... certificate and the keys from three different places: ... SSL client authentication provides additional authentication and access ...
      (bit.listserv.ibm-main)