Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?

On Fri, Aug 15, 2008 at 9:07 PM, Emmanuel Dreyfus manu@netbsd.org wrote:

Not that some programs will not accept that: sendmail insiste on the ket being mode 600, for instance. I had to copy the key in a second file.

yeah, i've found the same issue. pita, imho. exim, e.g., handles it nicely in that it allows def'n of separate exec & auth users/groups, so that thte app can run as 'exim', but use other own/perm certs.

atm, not an issue for me though. since i'm implementing this as an auth server in a 'lightweight' Xen VM, it's just openldap + kerberos + apache + openssh. and , it seems, these are ok.