Bug#371087: cyrus21-imapd: Fatal error: tls_init() failed if user
cyrus is not in ssl-cert group
Diego Fdez. Durán
diego at goedi.net
Wed Jun 7 18:53:09 UTC 2006
I can't remember if cyrus21-imapd installation add user cyrus to group
mail, but until yesterday's upgrade my configuration works perfectly so
I think that there was change on some ssl-relate-package that changed
the permissions of /etc/ssl/private to this:
escaflowne:/etc/ssl# ls -l
[...]
drwxr-x--- 2 root ssl-cert 4096 Jun 7 11:55 private
The default imapd.conf configuration says:
tls_key_file: /etc/ssl/private/cyrus-global.key
So I think that the cyrus-imapd instalallation scripts need to add the
cyrus user to the ssl-cert group. (I don't know if the installer already
add cyrus to group ssl-cert, sorry).
(Sorry for my bad english)
El mié, 07-06-2006 a las 14:15 -0400, Benjamin Seidenberg escribió:
> Diego Fdez. Duran wrote:
> > Package: cyrus21-imapd
> > Version: 2.1.18-3
> > Severity: normal
> >
> > If cyrus user is not in the ssl-cert group you'll get:
> > unable to get private key from '/etc/ssl/private/cyrus.key'
> > TLS engine: cannot load cert/key data
> > error initializing TLS
> > Fatal error: tls_init() failed
> >
>
> Uhmm, isn't this the way it should work? The ssl-cert group defines who
> has access to the private key, so if the cyrus user isn't in that group,
> it shouldn't have access. (This is a feature, not a bug)
>
> Feel free to correct me if i'm wrong.
>
--
Diego Fdez. Durán <diego at goedi.net> | http://iota.goedi.net
GPG : 925C 9A21 7A11 3B13 6E43 50DB F579 D119 90D2 66BB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
digitalmente
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20060607/c0364fe9/attachment-0001.pgp
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list