search for: certifcates

Hi anyone. Can dovecot be configured to authenticate user using only SSL Certificates only and not ask for a password. So far I've got it taking the username from the common name of the certificate but I like it to use the certificate in place of the password. Is this possible and how? -- Regards Stephen. -------------- next part -------------- A non-text attachment was scrubbed...

How important is it to certify the firewall?

Hi people, i have a problem with trying ldaps i use autogenerated self-signed certificate, i write in smb this: tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another

Hi, I need to add X.509 Certificate support to OpenSSH. I came across the following post on the openssh-unix-dev mailing list that is very useful: http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2 <http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2> And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2

hello list, I noticed that when I run the command gpupdate in the clients I get the following error C:>gpupdate Updating policy... Computer policy could not be updated successfully. The following errors were enc ountered: The processing of Group Policy failed. Windows attempted to read the file \eccm g.cupet.cusysvoldomainPolicies{31B2F340-016D-11D2-945F-00C04FB984F9} gpt.ini from a domain

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...ficates are kept. # The default value is ''$confdir/ssl''. ssldir = $vardir/ssl report = true pluginsync = true server = devops.XXXXXX.com certname = blramisr195602.XXXXXX.com dns_alt_names = 10.209.47.31 modulepath = /etc/puppet/modules and resigned certifcates on master after clean up, but the puppet master still blocks it. However If I run through puppet master daemon (without nginx + passenger) all requests go through. Is there any specific configuration for Nginx host header etc or in passenger that I am missing? BR/ Anadi Misra. -- You recei...

You missing or : Smb.conf tls cafile = tls/ca.pem And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt In : /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/ca-certificates.crt Steps todo. mkdir /usr/local/share/ca-certificates/personal-cert Put the root in that folder. Run : update-ca-certificates You need to install ca-certificates first. apt install ca-certificates Or, add you CA...

...with 4.8.6. C:\>gpupdate Updating policy... Computer Policy update has completed successfully. User Policy update has completed successfully. And this works as of samba 4.4.x and up for me. And yes, this is a bit a work around some nasty bugs but its working fine here. I install software/certifcates, create local users, change/add localgroups to computers, deploy printers, etc. All done with GPO, and yes, it was hell to get it working. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Sandy via samba > Verzond...

...> > Computer Policy update has completed successfully. > User Policy update has completed successfully. > > > And this works as of samba 4.4.x and up for me. > And yes, this is a bit a work around some nasty bugs but its working > fine here. > > I install software/certifcates, create local users, change/add > localgroups to computers, deploy printers, etc. All done with GPO, > and yes, it was hell to get it working. > > > Greetz, > Yes, but do you delete the default Policies that are hardcoded into AD ? Rowland

How do i get samba to accept a self signed certificate from my ldap server? I have a self signed CA that created a certifcate for my ldap server. I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and <ssl-base>certs/<ca hash>.0.pem Yet I still get errors from samba 3.0.2 Is it not possible? If I add in SSLeay libraries will that sort it? I beleived that

I tried to set cn=myMachine instead of cn=192.168.1.x and...everything frezees! virsh -c qemu://.../system tries to connect forever. You really need static ip addresses in the cn field?? I think this is an HUGE bug: you are saying to me that each time I change network or ip (because, dear sirs, dhcp exists) I have to generate a whole new couple of certificates?? I hope it is not the case....

...edn=dc=ourcompany,dc=com --enablecache --enableldaptls then, in %post: curl http://www.ourcompany.com/ca/ca.crt \ -s -o /etc/openldap/cacerts/ca.ourcompany.com.pem /usr/sbin/cacertdir_rehash /etc/openldap/cacerts And that did the trick. The main difference is that you install a bundle of certifcates rather than a single one. There are two issues: 1. Hashing a certificate bundle does no good as far as I know. Hashes only work on a single cert, right? 2. Unless told otherwise, openssl looks in only one place for a cert bundle: ${OPENSSLDIR}/cert.pem (where the value of OPENSSLDIR can...

Puppet 3.2.1-rc1 is a bugfix release candidate for the 3.x series of Puppet. This release addresses two major issues that were uncovered in 3.2.0 and caused us to pull that release (#20726 and #20742). It also includes a fix for Solaris support (#19760). Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-3.2.1-rc1.tar.gz Available in native package format in

Hai Stefan, A heads up and few adviced changes/tips for you. smb.conf: realm = my.tld Change to realm = MY.TLD Try to set a REALM always in CAPS. Some programs rely on that. ( for example, MIT Kerberos expects realm in CAPS ) So prepair for 4.7 now already to save problems in future. These shares. > [netlogon] > path = /var/lib/samba/sysvol/my.tld/scripts > read only = No >

Hello all, I've happily been using Dovecot for a couple of years now, but only a couple of days ago I configured it to speak both TLS and SSL for both POP3 and IMAP. Ideally I want users to use TLS, but I've enabled SSL, because some mailers (at least Apple Mail on OS X Tiger) don't support TLS. Right now I'm in sort of a transitional phase, where I'm asking users to enable

Hello OpenSSH developers, A week ago I've posted a patch that enables openssh to work with PKCS#11 tokens. I didn't receive any comments regarding the patch or reply to my questions. In current software world, providing a security product that does not support standard interface for external cryptographic hardware makes the product obsolete. Please comment my patch, so I can know

Ok, lets start with : > Thinking of the other ~25 machines at their site I am not yet > there to deploy the new DC, I assume. Correct, your not there yet. > I don't see a share tab in the properties of \\dc\netlogon > and \\dc\sysvol Login as Adminstrator, Open de "computer manager" ( rigth klik computer, manage ), right klik, connect to, .. Now you should see

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

...=client at company.com This is extracted from the client certificate using openssl as described in the README file provided by you at http://roumenpetrov.info/openssh/x509h/README.x509v3 This system works fine, however my only concern is that I would like all Clients (possessing a valid Client-Certifcates signed by the CA) to be authenticated without having to place anything in the ~/.ssh/authorized_keys file on the server.(i.e authenticate all users if they have a valid certificate without any subject line checking). In Apache this is very much possible via mod_ssl as described in http://www.m...