search for: certifcate

Hi anyone. Can dovecot be configured to authenticate user using only SSL Certificates only and not ask for a password. So far I've got it taking the username from the common name of the certificate but I like it to use the certificate in place of the password. Is this possible and how? -- Regards Stephen. -------------- next part -------------- A non-text attachment was scrubbed...

How important is it to certify the firewall?

Hi people, i have a problem with trying ldaps i use autogenerated self-signed certificate, i write in smb this: tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

hello list, I noticed that when I run the command gpupdate in the clients I get the following error C:>gpupdate Updating policy... Computer policy could not be updated successfully. The following errors were enc ountered: The processing of Group Policy failed. Windows attempted to read the file \eccm g.cupet.cusysvoldomainPolicies{31B2F340-016D-11D2-945F-00C04FB984F9} gpt.ini from a domain

...s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd, !deleting, pkcs11provider) == -1) ret = 1; goto done; } does not check for additional (certifcate)-files files on the command line and update_card neither does. Is there any intention to change this? Thanks in alot, Manon

...ficates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl report = true pluginsync = true server = devops.XXXXXX.com certname = blramisr195602.XXXXXX.com dns_alt_names = 10.209.47.31 modulepath = /etc/puppet/modules and resigned certifcates on master after clean up, but the puppet master still blocks it. However If I run through puppet master daemon (without nginx + passenger) all requests go through. Is there any specific configuration for Nginx host header etc or in passenger that I am missing? BR/ Anadi Misra. -- You rece...

You missing or : Smb.conf tls cafile = tls/ca.pem And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt In : /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/ca-certificates.crt Steps todo. mkdir /usr/local/share/ca-certificates/personal-cert Put the root in that folder. Run : update-ca-certificates You need to install ca-certificates first. apt install ca-certificates Or, add you CA...

...with 4.8.6. C:\>gpupdate Updating policy... Computer Policy update has completed successfully. User Policy update has completed successfully. And this works as of samba 4.4.x and up for me. And yes, this is a bit a work around some nasty bugs but its working fine here. I install software/certifcates, create local users, change/add localgroups to computers, deploy printers, etc. All done with GPO, and yes, it was hell to get it working. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Sandy via samba > Verzon...

...> > Computer Policy update has completed successfully. > User Policy update has completed successfully. > > > And this works as of samba 4.4.x and up for me. > And yes, this is a bit a work around some nasty bugs but its working > fine here. > > I install software/certifcates, create local users, change/add > localgroups to computers, deploy printers, etc. All done with GPO, > and yes, it was hell to get it working. > > > Greetz, > Yes, but do you delete the default Policies that are hardcoded into AD ? Rowland

How do i get samba to accept a self signed certificate from my ldap server? I have a self signed CA that created a certifcate for my ldap server. I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and <ssl-base>certs/<ca hash>.0.pem Yet I still get errors from samba 3.0.2 Is it not possible? If I add in SSLeay libraries will that sort it? I beleived that these were only used if r...

I tried to set cn=myMachine instead of cn=192.168.1.x and...everything frezees! virsh -c qemu://.../system tries to connect forever. You really need static ip addresses in the cn field?? I think this is an HUGE bug: you are saying to me that each time I change network or ip (because, dear sirs, dhcp exists) I have to generate a whole new couple of certificates?? I hope it is not the case....

...edn=dc=ourcompany,dc=com --enablecache --enableldaptls then, in %post: curl http://www.ourcompany.com/ca/ca.crt \ -s -o /etc/openldap/cacerts/ca.ourcompany.com.pem /usr/sbin/cacertdir_rehash /etc/openldap/cacerts And that did the trick. The main difference is that you install a bundle of certifcates rather than a single one. There are two issues: 1. Hashing a certificate bundle does no good as far as I know. Hashes only work on a single cert, right? 2. Unless told otherwise, openssl looks in only one place for a cert bundle: ${OPENSSLDIR}/cert.pem (where the value of OPENSSLDIR can...

...r at: https://projects.puppetlabs.com/versions/405 ========================= ## Puppet 3.2.1-rc1 Changelog ## ========================= Andrew Parker (3): 76664ae (Maint) Give each test a meaningful name ab670d1 (#20742) Handle DNs that cannot be parsed de34775 (#20742) Only use certifcate info if there is a CN Josh Cooper (1): 4274d66 (#20726) Manage home has issues on Solaris Josh Partlow (4): 0588e57 (#20726) Add user managehome acceptance tests 6f92379 Revert "Merge branch ''pull-1512''" 46df39d (#20726) Include password for use...

Hai Stefan, A heads up and few adviced changes/tips for you. smb.conf: realm = my.tld Change to realm = MY.TLD Try to set a REALM always in CAPS. Some programs rely on that. ( for example, MIT Kerberos expects realm in CAPS ) So prepair for 4.7 now already to save problems in future. These shares. > [netlogon] > path = /var/lib/samba/sysvol/my.tld/scripts > read only = No >

Hello all, I've happily been using Dovecot for a couple of years now, but only a couple of days ago I configured it to speak both TLS and SSL for both POP3 and IMAP. Ideally I want users to use TLS, but I've enabled SSL, because some mailers (at least Apple Mail on OS X Tiger) don't support TLS. Right now I'm in sort of a transitional phase, where I'm asking users to enable

Hello OpenSSH developers, A week ago I've posted a patch that enables openssh to work with PKCS#11 tokens. I didn't receive any comments regarding the patch or reply to my questions. In current software world, providing a security product that does not support standard interface for external cryptographic hardware makes the product obsolete. Please comment my patch, so I can know

...so, but thats only once here. And the first login added my root CA. So, if your network setup is good, every is applied by GPO. Im setting for example any windows setting i want. ( per user/group or OU) Deploy software where needed. All my (MS) Office settings, Adobe reader, Printer deployment, certifcate deployment and security settings. But my best advice about GPO'.s start with small changes, and group you changes. Like "GPO:InternetSettings" i have 1 gpo for IE/EDGE/CHROME/Firefox. With defaults. Or GPO:PrinterDeploy, with only printer settings. Etc. think good about this, and...

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

...=client at company.com This is extracted from the client certificate using openssl as described in the README file provided by you at http://roumenpetrov.info/openssh/x509h/README.x509v3 This system works fine, however my only concern is that I would like all Clients (possessing a valid Client-Certifcates signed by the CA) to be authenticated without having to place anything in the ~/.ssh/authorized_keys file on the server.(i.e authenticate all users if they have a valid certificate without any subject line checking). In Apache this is very much possible via mod_ssl as described in http://www....