On Monday 30 of August 2004 20:38, markzero at logik.ath.cx wrote:

To be honest, I'm just generally paranoid. I'd rather have a prospective attacker have to crack two passwords (the root and one wheel group) than one. I thought I'd write the above just so I didn't get a big lecture, hehe. :)

You're not paranoid enough. You still use passwords! 8-)

I'm currently in the process of moving everything over to keypairs. I'm not blessed with security conscious users, and it's hard to get them to understand that a keypair is actually more convenient (especially if you use an agent). :)

...

I recommend to use CAfile instead of CApath for simple configurations. It doesn't need a hashed directory and is not relative to chroot jail.

So something like:

CApath = /var/stunnel/certs

No! CAfile = /var/stunnel/certs/your_cert.pem

Oops, yeah I see what you mean.

I'm paranoid that someone has been at my testing configs now. :) I previously had a working setup, which worries me even further as I *did* use a symlink.

Yes, you can use symlinks, but instead of: ln -s /a/b/c/x /a/b/c/y use: cd /a/b/c ln -s x y Please notice (ls -l) the results are not the same! That must have been it.

Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBM3dd/NU+nXTHMtERApCuAKDe+RWT1S0MQJ4Fr+FSyk8qyqwgpwCg4XED zBBeDZ6AU+LPU+iejancYGI= =8uvI -----END PGP SIGNATURE-----