Changing group ownership in etc/openca/access_control
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Changing group ownership in etc/openca/access_control
by John A. Sullivan III
::
Rate this Message:
|
|||||||||||
|
|
|
|||||||||||
|
|
Re: Changing group ownership in etc/openca/access_control
by Massimiliano Pala-3
::
Rate this Message:
I think that's a good idea too.. :)
This will become the default for the next release... Thanks, Max blainedw@... wrote: > Awesome > > I have the same security concerns and was also looking into the same thing > > Dave >>From David Blaine's blackberry > > > ----- Original Message ----- > From: "John A. Sullivan III" [jsullivan@...] > Sent: 06/05/2009 09:22 PM AST > To: Openca Users <openca-users@...> > Subject: [Openca-Users] Changing group ownership in etc/openca/access_control > > > > Hello, all. May I suggest changing the group ownership of the files in > etc/openca/access_control to the web process owner. > > We prefer to use LDAP authentication but we do not allow anonymous binds > for security reasons. Thus, we specify the binddn and bindpw in the > access_control files. Consequently, we do not want these to be world > readable. Removing o-r on the files breaks OpenCA because the web > process can no longer read them. We thus do not only "chmod o-r *" but > "chgrp apache *". May I suggest this become the default. Thanks - John > -- > John A. Sullivan III > Open Source Development Corporation > > Street Preacher: Are you SAVED?????!!!!!! > Educated Skeptic: Saved from WHAT?????!!!!!! > Educated Believer: From our selfishness that hurts the ones we love > and condemns us to an eternity of hurting each other. > http://www.spiritualoutreach.com > Christianity that makes sense > > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Openca-Users mailing list > Openca-Users@... > https://lists.sourceforge.net/lists/listinfo/openca-users > > > > This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. > > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Openca-Users mailing list > Openca-Users@... > https://lists.sourceforge.net/lists/listinfo/openca-users > -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] Massimiliano.Pala@... project.manager@... Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users |
|||||||||||
|
|
Re: Changing group ownership in etc/openca/access_control
by blainedw
::
Rate this Message:
Hi Max, Might I ask when that next release might be????? DAVID BLAINE, GCIA, CISSP Information Security Architect General Dynamics Land Systems 6000 East 17 Mile Road, MZ: 435-01-16, Sterling Heights, MI 48313 GDLS Security | p: 586.825.8437 | m: 586-215-4174 | f: 586.825.8606 | blainedw@... | www.gdls.com
I think that's a good idea too.. :) This will become the default for the next release... Thanks, Max blainedw@... wrote: > Awesome > > I have the same security concerns and was also looking into the same thing > > Dave >>From David Blaine's blackberry > > > ----- Original Message ----- > From: "John A. Sullivan III" [jsullivan@...] > Sent: 06/05/2009 09:22 PM AST > To: Openca Users <openca-users@...> > Subject: [Openca-Users] Changing group ownership in etc/openca/access_control > > > > Hello, all. May I suggest changing the group ownership of the files in > etc/openca/access_control to the web process owner. > > We prefer to use LDAP authentication but we do not allow anonymous binds > for security reasons. Thus, we specify the binddn and bindpw in the > access_control files. Consequently, we do not want these to be world > readable. Removing o-r on the files breaks OpenCA because the web > process can no longer read them. We thus do not only "chmod o-r *" but > "chgrp apache *". May I suggest this become the default. Thanks - John > -- > John A. Sullivan III > Open Source Development Corporation > > Street Preacher: Are you SAVED?????!!!!!! > Educated Skeptic: Saved from WHAT?????!!!!!! > Educated Believer: From our selfishness that hurts the ones we love > and condemns us to an eternity of hurting each other. > http://www.spiritualoutreach.com > Christianity that makes sense > > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Openca-Users mailing list > Openca-Users@... > https://lists.sourceforge.net/lists/listinfo/openca-users > > > > This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. > > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Openca-Users mailing list > Openca-Users@... > https://lists.sourceforge.net/lists/listinfo/openca-users > -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] Massimiliano.Pala@... project.manager@... Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects_______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users |
|||||||||||
|
|
Re: Changing group ownership in etc/openca/access_control
by Massimiliano Pala-3
::
Rate this Message:
Hi,
well.. that's a tough one.. :) I currently do not know.. I want to include support for PRQP built into the CA. But this requires a bit of work still. I was planning for a July release... but it all depends how much time I can dedicate to it. Later, Max blainedw@... wrote: > > Hi Max, > > Might I ask when that next release might be????? > > DAVID BLAINE, GCIA, CISSP > Information Security Architect > General Dynamics Land Systems > > 6000 East 17 Mile Road, MZ: 435-01-16, Sterling Heights, MI 48313 > > GDLS Security | p: 586.825.8437 | m: 586-215-4174 | f: 586.825.8606 | > blainedw@... | www.gdls.com -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] Massimiliano.Pala@... project.manager@... Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users |
smime.p7s (4K) | Free embeddable forum powered by Nabble | Forum Help |
