Solving the SSL problem in CVS head
Alan DeKok
aland at deployingradius.com
Tue May 8 18:05:56 CEST 2007
Peter Nixon wrote:
> This is all cool, except my rpms no longer work by default :-D
>
> A new install on a clean server of last night's snapshot rpm gives the
> following on first start:
OK. The server isn't running in debugging mode, so it expects to read
the certificate file. If it isn't there, it complains. Of course,
SSL's version of "file not found" is "permission denied" <sigh>.
> Note that radiusd does not have permission to write to /etc/raddb with the
> default install of my rpms, and in my opinion should not need to have
> permission:
Exactly. The bootstrap is run ONLY in debugging mode, and should
probably be done only if run as root.
> Should I run "raddb/certs/bootstrap" during rpm build? On initial install?
When the RPM is installed. It will create per-host certificates.
This should be safe, because no client will have the certificates
installed. They won't trust the server if it presents them a newly
created (and unknown) certificate.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Devel
mailing list