[Samba] file rights tls key files.
mathias dufresne
infractory at gmail.com
Tue Apr 19 08:05:43 UTC 2016
https://www.samba.org/samba/security/CVE-2013-4476.html says :
"the private key for SSL/TLS encryption might be world readable".
It seems the initial issue was the key was world readable, which is
not the case in Louis.
Why Samba forces that key to be writeable when the point is it must
not be world readable?
2016-04-18 15:53 GMT+02:00 Björn JACKE <bjacke at sernet.de>:
> On 2016-04-15 at 11:08 +0200 Reindl Harald sent off:
> > >can you say, why you need 440 here? I can't think of a valid use case
> for that.
> > >If another service should use a SSL certificate on that server, you
> would give
> > >that service another certificate then and not reuse the AD server SSL
> cert
> >
> > wildcard certificates?
>
> using the same private/public key pair on the DC and other servers might be
> convenient but is a very bad idea from a security point of view. But if you
> really want to do anything like that, knowingly that this is *bad*, you can
> just copy the cert to some other place in the filesystem, where you also
> need
> it.
>
> Björn
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list