|
|
Re: lug-bg: Apache/mod-ssl
- Subject: Re: lug-bg: Apache/mod-ssl
- From: borj@xxxxxxxxx (Boris Jordanov)
- Date: Mon, 2 Sep 2002 14:09:02 +0300
On Mon, 2 Sep 2002 11:08:38 +0300
"Kostadin Karaivanov" <larry@xxxxxxxxxxxxxxxxxxxx> wrote:
> BEZ PAROLA GLUPOSTI !!!!!!!!!!!!!!!!!
>
> w /etc/apache ili tam kadeto ti e confa slagash
> SSLPassPhraseDialog exec:/sbin/mypass
>
> prawish si /sbin/mypass w coito ima
> echo parolata_na_setifikata
>
> i si w biznesa :-)))))
> ops i da ne zabrawish da go chownesh root.root i da go naprawish executable
I tova e siguren variant? Moze bi, no pass-a ti ostava v javen vid na mashinata.
Owner e root, i kakvo? i v dvata sluchaja za da se komprometira certificata ti
trjabva access do nego (files - cert i private key). Naistina tozi variant
izglezda po-krasiv, no te ostavja s leko falshivoto spokoistvie, che poneze
certificate e s parola e sigurno reshenie. I v dvata sluchaja e nuzen private
key na certificata za da moze da bude izpolzvan. Ako njama parola, owner na
private key-a e pak root - znachi pak trjabva da se dokopame do file sobstvenost
na root. Misulta mi e, che za po-paranoichnia admin i dvata varianta izglezdat
ednakvo riskovi.
Take care
Boris Jordanov (borj) <borj@xxxxxxxxx>
ICQ 10751645
PGP-key-fingerprint:------------------------------
CB23 8B52 5FBC F36A 1B61 F1ED 2831 E52D AAFF 7B08
--------------------------------------------------
Public-key:---------------------------------------
http://borj.freeshell.org/borj.asc
--------------------------------------------------
To err is human...
to really foul up requires the root password.
<HR>
<UL>
<LI>application/pgp-signature \\\\\\\\\ \\\\: stored
</UL>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|