[sudo-users] help regarding sudo + TLS
Todd C. Miller
Todd.Miller at courtesan.com
Fri May 1 12:41:26 EDT 2009
In message <662701800905010819p171c506bofb93fbc5cef9cdca at mail.gmail.com>
so spake Jerome Macaranas (jerome.m):
> im currently testing ldap + tls + sudo and Im stuck at this error.
>
> though im able to make sudo work via ldap:/// (w/o) tls.
ldaps (port 636) uses a different port than ldap (port 389). Is
your server listening on port 636? You may want to set
ssl start_tls
in /etc/ldap.conf to start TLS over a normal (port 389) connection.
Also, you may need to use:
tls_checkpeer no # ignore server SSL certificate
if the server's cert cannot be validated.
- todd
More information about the sudo-users
mailing list