[Samba] file rights tls key files.

mathias dufresne infractory at gmail.com
Tue Apr 19 08:05:43 UTC 2016

https://www.samba.org/samba/security/CVE-2013-4476.html says :

"the private key for SSL/TLS encryption might be world readable".
It seems the initial issue was the key was world readable, which is
not the case in Louis.

Why Samba forces that key to be writeable when the point is it must
not be world readable?

2016-04-18 15:53 GMT+02:00 Björn JACKE <bjacke at sernet.de>:

> On 2016-04-15 at 11:08 +0200 Reindl Harald sent off:
> > >can you say, why you need 440 here? I can't think of a valid use case
> for that.
> > >If another service should use a SSL certificate on that server, you
> would give
> > >that service another certificate then and not reuse the AD server SSL
> cert
> >
> > wildcard certificates?
> using the same private/public key pair on the DC and other servers might be
> convenient but is a very bad idea from a security point of view. But if you
> really want to do anything like that, knowingly that this is *bad*, you can
> just copy the cert to some other place in the filesystem, where you also
> need
> it.
> Björn
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list