[stunnel-users] client auth saga
Michal.Trojnara at mirt.net
Mon Aug 30 20:52:13 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 30 of August 2004 20:38, markzero at logik.ath.cx wrote:
> To be honest, I'm just generally paranoid. I'd rather have a prospective
> attacker have to crack two passwords (the root and one wheel group) than
> one. I thought I'd write the above just so I didn't get a big lecture,
> hehe. :)
You're not paranoid enough. You still use passwords! 8-)
> > I recommend to use CAfile instead of CApath for simple configurations.
> > It doesn't need a hashed directory and is not relative to chroot jail.
> So something like:
> CApath = /var/stunnel/certs
CAfile = /var/stunnel/certs/your_cert.pem
> I'm paranoid that someone has been at my testing configs now. :) I
> previously had a working setup, which worries me even further as I *did*
> use a symlink.
Yes, you can use symlinks, but instead of:
ln -s /a/b/c/x /a/b/c/y
ln -s x y
Please notice (ls -l) the results are not the same!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the stunnel-users