| |
| |
| |
|
Page: 1 2 3 4 5 6
Comments:
<wamty> can anybody help me with truecrypt ?
<howto> Crap.
<wamty> can anybody help me with truecrypt ?
<howto> Yes, but only at the weekend.
<cls> heh
<Idle247> ok, what the ****
<Idle247> been here 3 weeks, and we have an exam?!
<howto> BOOM
<jdk> headshot
<Trengo> exam?
<jdk> only if it's a prostate exam
<Trengo> yuck
<Idle247> :P
<ron_frown> anyone know if fedora comes with a window manager chooser? I got my vnc shizzle setup, and it works, but launches fvwm or some such ****
<ron_frown> which is absolutely redonkulous
<ron_frown> I'd like to setup and use latest xfce4
<graz> so edit the vncserver script to use something else.
<ron_frown> ****, I was editing wrong file =0
<tomas_> howdy everyone
<tomas_> having a bit of an ssl issue this evening, was hoping someone could shed some light on the subject
<Idle247> whats the issue?
<tomas_> i am using self-signed certs
<tomas_> i put my .crt/key and cacert.pem in /etc/ldap
<Idle247> oh, ick
<Idle247> I dont work with ldap... :P
<Trengo> in /etc/ldap?
<tomas_> yes, certs are for an openldap server
<tomas_> getting an ssl handshake error when i connect
<tomas_> conn=11 fd=16 closed (TLS negotiation failure)
<tomas_> SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188 <--- this is on client side
<tomas_> the tls neg failure is on server side
<tomas_> and taking the ldap client out of the equation by doing: openssl s_client -connect localhost:636 -showcerts -state -CAfile /etc/ldap/cacert.pem
<tomas_> any takers? :)
<Trengo> don't you have to tell the ldap server where your certs are?
<tomas_> i did
<tomas_> TLSCertificateFile /etc/ldap/ldap1.domain.com.crt.pem
<tomas_> TLSCertificateKeyFile /etc/ldap/ldap1.domain.com.key.pem
<tomas_> TLSCACertificateFile /etc/ldap/cacert.pem
<tomas_> TLSVerifyClient never
<Trengo> tomas_ which distro?
<tomas_> solaris
<tomas_> using openldap though
<tomas_> certs came from openssl on a debian box
<Trengo> did you check the perms?
<tomas_> ya, chowned it to ldap
<Trengo> can the ldap owner read the files?
<tomas_> chmodded 666 also
<tomas_> ya
<tomas_> and i openssl verified the crt and cacert.pem
<tomas_> ran a truss, and see where its trying to access /usr/local/ssl/cert.pem
<tomas_> and that file does not exist....
<tomas_> also explicility set the location of the crt/key with -cert and -key options in the opnessl s_client command
<tomas_> so im wondering if its something as simple as an openssl path issue.....i dont think so
<Trengo> no
<Trengo> i tried the selfsigned ones and cant get them to work either
<tomas_> really?
<Trengo> yes
<Trengo> apparently, the client is trying to verify the cert
<tomas_> i took the client out of equation here though
<tomas_> in your ldap.conf, did you put your path to cacert.pem ?
<tomas_> thats what the client uses when it verified certs
<tomas_> TLS_CACERT /etc/ldap/cacert.pem
<tomas_> and that cacert needs to be the same one that signed the provider/server cert
<tomas_> or in your .ldaprc file :)
<Trengo> yes its there
<Trengo> i also set TLS_CRLCHECK none
<Trengo> still says it cant verify the cert
<tomas_> weird
<Trengo> indeed
<Trengo> ok no idea
<Trengo> and im now officially pissed off
<Trengo> i was counting on certs
<Trengo> i'll try a proper cert tomorrow
<tomas_> well, self signed should work
<tomas_> they detail how to do it :\
<tomas_> they being openldap website
<overman> [johnny-oh] Here's.....Johnny!
<SlashPkg> [johnny-oh] Here's.....Johnny!
<LinuxHOW2> [johnny-oh] Here's.....Johnny!
<howto> hi yo~
<Trengo> tomas_ i tried a proper cert
<Trengo> only it was done for a different server
<Trengo> and ldapsearch complains
<Qwell> man, did you guys know that AAA has a ****ing time machine?
<Qwell> they can literally go back in time and send me mail, before I give them my new address
<awol> go back to old sluts from your past? or what?
<Qwell> they're saying I didn't change my address until today
<Qwell> which is obviously complete bull****
<awol> Qwell: ignorance is 9 tenths of the law.... or something like that.....
<awol> where's graz?
<awol> .lart graz
<howto> .lart graz... .laz
<awol> is this thing on?
<howto> you wish
<shimlock> ok. i'm on a linux system. how do i find out who else is logged onto the system.
<shimlock> ?
<shimlock> alo?
<tomas_> w
<tomas_> or who
<shimlock> thanks
<Epik> Evening :)
<Epik> Anyone know if there is a way i can fully chroot all users with pure-ftpd (in the config, not recompiling)
<howto> hi yo~
<tomas_> epik- which ftpd?
<howto> only with spud
<tomas_> you can with proftpd
<tomas_> ah, your using pure-ftpd, not sure on that one
<Epik> Okay, it says enable the -A option in the config. I have that enabled and i can still see that i'm in /var/www/mydir and i can still move around
<Epik> http://download.pureftpd.org/pub/pure-ftpd/doc/README is what im reading, looking at "- '-A': chroot() everyone, but root."
<Epik> which should mean hide that, correct?
<tomas_> With -d, joe will be chrooted. If you want to give joe access to the whole
<tomas_> filesystem, use -D instead of -d.
<tomas_> how did you add the user?
<WhiteWolf> oh, you know, the usual... added it right into /etc/p***wd
<tomas_> epik?
<Epik> they are MySQL based
<Epik> MISC_OTHER="-A -x -j -R -Z -d"
<Epik> still didnt work
<tomas_> did you do -d /homedir ?
<Epik> im not sure what you mean by that..
<Epik> where can i read that?
<tomas_> http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users
<Qwell> State of the Union drinking game!
<Qwell> drink every time Bush says something stupid
<tomas_> haha, nice qwell
<korozion> Qwell: no! No one can stand that much drinking, not even me
<tomas_> get f'ed up in a hurry!
<pallav> i'm trying to use rsync to keep my home folder syncrhnoized between two machines (office, home)
<pallav> if i need to get this working, i only need to have the script running on one machine right? i.e. put both a put command and a get command in a script and have that run every 5 minutes?
<pallav> or do i need to have one "get" on each machine getting the files from the other?
<pallav> and have both scripts run every 5 minutes?
<Epik> No, there are no users on the system. so pure-pw is not an option, call i can do is edit the configs and compile with new options if needed
<Epik> well, figured it out.. have to do it via command line as proftpd doesnt read the config when running without init
<Epik> pure-ftpd -l mysql:/etc/pureftpd-mysql.conf -l unix -A -E -X -U 177:077 -d -4 -L100:5 -I 15 &
<tomas_> ah, nice
<Epik> gentoo has rc-update to add objects to startup, is there a way i can make that command run on startup as well?
<korozion> you can put stuff in rc.local
<korozion> stuff you want to run at boot
<korozion> like a script
<Epik> gentoo doesnt have rc.local
<korozion> o
<korozion> I always thought it did
<Epik> athena etc # locate rc.local
<Epik> /usr/share/doc/util-linux-2.12r-r4/examples/rc.local.gz
<korozion> neat
<tomas_> ya, just put rc.local in /etc in reboot
<tomas_> should start up
<Epik> it has rc.conf
<Epik> which is similar
Return to
#linuxhelp
or
Go to some related
logs:
#politics
#cisco
#beginner
#computers
#nhl
debian j2ee java-package
#hardware
#freebsd
|
|
