Search Results

Search found 14044 results on 562 pages for 'trusted root ca'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 10/562 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Why can a local root turn into any LDAP user?

    - by Daniel Gollás
    I know this has been asked here before, but I am not satisfied with the answers and don't know if it's ok to revive and hijack an older question. We have workstations that authenticate users on an LDAP server. However, the local root user can su into any LDAP user without needing a password. From my perspective this sounds like a huge security problem that I would hope could be avoided at the server level. I can imagine the following scenario where a user can impersonate another and don't know how to prevent it: UserA has limited permissions, but can log into a company workstation using their LDAP password. They can cat /etc/ldap.conf and figure out the LDAP server's address and can ifconfig to check out their own IP address. (This is just an example of how to get the LDAP address, I don't think that is usually a secret and obscurity is not hard to overcome) UserA takes out their own personal laptop, configures authentication and network interfaces to match the company workstation and plugs in the network cable from the workstation to their laptop, boots and logs in as local root (it's his laptop, so he has local root) As root, they su into any other user on LDAP that may or may not have more permissions (without needing a password!), but at the very least, they can impersonate that user without any problem. The other answers on here say that this is normal UNIX behavior, but it sounds really insecure. Can the impersonated user act as that user on an NFS mount for example? (the laptop even has the same IP address). I know they won't be able to act as root on a remote machine, but they can still be any other user they want! There must be a way to prevent this on the LDAP server level right? Or maybe at the NFS server level? Is there some part of the process that I'm missing that actually prevents this? Thanks!!

    Read the article

  • How to make a non-root user to use chown for any user group files?

    - by user1877716
    I would like to make a user super powerful, with almost all root rights but unable to touch a the root user (to change the password of the root). My goal is to user "B" to manage my web server. The problem is user B need to able to run the chown and chmod commands on some files belonging to other users. I tried to put B in root group or use visudo, but it's not enough. I'm working an Centos 6 system. If some body have ideas!

    Read the article

  • What's the safest way to kick off a root-level process via cgi on an Apache server?

    - by MartyMacGyver
    The problem: I have a script that runs periodically via a cron job as root, but I want to give people a way to kick it off asynchronously too, via a webpage. (The script will be written to ensure it doesn't run overlapping instances or such.) I don't need the users to log in or have an account, they simply click a button and if the script is ready to be run it'll run. The users may select arguments for the script (heavily filtered as inputs) but for simplicity we'll say they just have the button to choose to press. As a simple test, I've created a Python script in cgi-bin. chown-ing it to root:root and then applying "chmod ug+" to it didn't have the desired results: it still thinks it has the effective group of the web server account... from what I can tell this isn't allowed. I read that wrapping it with a compiled cgi program would do the job, so I created a C wrapper that calls my script (its permissions restored to normal) and gave the executable the root permissions and setuid bit. That worked... the script ran as if root ran it. My main question is, is this normal (the need for the binary wrapper to get the job done) and is this the secure way to do this? It's not world-facing but still, I'd like to learn best practices. More broadly, I often wonder why a compiled binary is more "trusted" than a script in practice? I'd think you'd trust a file that was human-readable over a cryptic binaryy. If an attacker can edit a file then you're already in trouble, more so if it's one you can't easily examine. In short, I'd expect it to be the other way 'round on that basis. Your thoughts?

    Read the article

  • How can I start the desktop without having to "startx"?

    - by gtldsp
    I dont want to start every time startx is there any way to get GUI Direct login screen. my files are root@ubuntu:~# locate org.conf /usr/share/X11/xorg.conf.d /usr/share/X11/xorg.conf.d/10-evdev.conf /usr/share/X11/xorg.conf.d/11-evdev-quirks.conf /usr/share/X11/xorg.conf.d/11-evdev-trackpoint.conf /usr/share/X11/xorg.conf.d/50-synaptics.conf /usr/share/X11/xorg.conf.d/50-vmmouse.conf /usr/share/X11/xorg.conf.d/50-wacom.conf /usr/share/X11/xorg.conf.d/51-synaptics-quirks.conf /usr/share/man/man5/xorg.conf.5.gz /usr/share/man/man5/xorg.conf.d.5.gz root@ubuntu:~# cd /usr/share/X11/xorg.conf.d root@ubuntu:/usr/share/X11/xorg.conf.d# ll total 36 drwxr-xr-x 2 root root 4096 Apr 23 04:38 ./ drwxr-xr-x 5 root root 4096 Apr 23 04:38 ../ -rw-r--r-- 1 root root 1099 Apr 4 17:04 10-evdev.conf -rw-r--r-- 1 root root 590 Mar 15 08:52 11-evdev-quirks.conf -rw-r--r-- 1 root root 364 Mar 15 08:52 11-evdev-trackpoint.conf -rw-r--r-- 1 root root 956 Apr 13 06:00 50-synaptics.conf -rw-r--r-- 1 root root 115 Mar 22 09:54 50-vmmouse.conf -rw-r--r-- 1 root root 842 Mar 30 03:13 50-wacom.conf -rw-r--r-- 1 root root 590 Apr 13 05:59 51-synaptics-quirks.conf root@ubuntu:/usr/share/X11/xorg.conf.d# Please provide me step by step details.

    Read the article

  • SVN best practice - checking out root folder

    - by Stephen Dolier
    Hi all, quick question about svn checkout best practice. Once the structure of a repository is set up, ie trunk, branches, tags, is it normal to have the root checked out to our local machines. Or should you only check out the trunk if that's what you are working on or a branch if we so choose to create one. The reason i ask is that every time someone creates a branch or tag we all get a copy when we do an update. btw, we're recently migrated from vss.

    Read the article

  • What Belongs to the Aggregate Root

    - by jlembke
    This is a practical Domain Driven Design question: Conceptually, I think I get Aggregate roots until I go to define one. I have an Employee entity, which has surfaced as an Aggregate root. In the Business, some employees can have work-related Violations logged against them: Employee-----*Violations Since not all Employees are subject to this, I would think that Violations would not be a part of the Employee Aggregate, correct? So when I want to work with Employees and their related violations, is this two separate Repository interactions by some Service? Lastly, when I add a Violation, is that method on the Employee Entity? Thanks for the help!

    Read the article

  • Arrays- Square root of an Array and printing the result JAVA

    - by roger34
    Hello, The title says it all, really. I'm trying to get an array of (9) numbers squared then printed but I keep coming back with only one result - the number of numbers in the array squared- obviously not what I want. Thanks for any help. Ok, here is my terrible code so far. Trying to pass it to a method as well. public static void main ( String args[] ) { double[] nums = {126, 12.939, 795, 320.16, 110, 34.7676, 7773, 67, 567, 323}; System.out.println ("Square root is " +square); square(nums); } public static double square (double [] array) { double result; for( double i = 0; i < array.length ; i++ ) result = Math.sqrt(array[i]); return result; } }

    Read the article

  • My self-generated CA is nearing it's end-of-life; what are the best practices for CA-rollover?

    - by Alphager
    Some buddies and me banded together to rent a small server to use for email, web-hosting and jabber. Early on we decided to generate our own Certificate Authority(CA) and sign all our certificates with that CA. It worked great! However, the original CA-cert is nearing it's end-of-life (it expires in five months). Obviously, we will have to generate a new cert and install it on all our computers. Are there any best practices we should follow? We have to re-generate all certs and sign them with the new CA, right?

    Read the article

  • Execute an external application as root - problem

    - by user598011
    Good morning: I'm trying to run an external application that needs to be executed as root. I have to read the lines from exit after the execution of this application but it says "permission denied", as if the its not been done correctly. I've been thinking over a time and I can not move forward. The code is as follows: process = Runtime.getRuntime().exec("su"); String[] command = {external application command}; process = Runtime.getRuntime().exec(comando); InputStream inputStream = process.getInputStream(); BufferedReader bufferedReader = null; try { bufferedReader = new BufferedReader(new InputStreamReader(inputStream),8192); String line = null; while ((line = bufferedReader.readLine()) != null) { System.out.println("read line:"+line ); } } catch (IOException ioe) { ioe.printStackTrace(); } process.waitFor(); Does anyone know why not let me run the command? Thanks.

    Read the article

  • Install new root certificate authority (CA) in windows

    - by er4z0r
    I am trying to use ninite to get my new laptop set up quickly. However when I try to install, windows complains about the CA. The website ninite.com also shows certificate problems. They use a root CA (COMODO Certification Authority) that is not included into windows 7 by default. However I am not able to install that CA. I can view the certrification path for the ninite.com cert. I can view the cert for COMODO. However I cannot see any option to install it. Any clues?

    Read the article

  • XCA: sign IPsec certificates with own CA

    - by sbrattla
    I'm trying to establish a LAN to LAN connection through a VPN tunnel. There's a Zywall at the remote office which will be responsible for establishing a connection to a Draytek at the main office. I'm able to establish the connection if I use shared keys, but I'd like to use certificates instead. I've downloaded the XCA application for Ubuntu which allows me to first create a CA certificate, and then sign "certificate signing reqests" using this CA. However, I'm uncertain if I am doing things right. More specifically<, which basic keys/extended keys should the CA certificate and the certificates themselves have? Right now I just skip selecting any keys at all, but is that right? All hints and help appreciated!

    Read the article

  • Microsoft CA certificate templates expires sooner than expected

    - by Tim Brigham
    The certificates my Microsoft CA is generating do not match the time period indicated in the template used. How can I resolve this? I recently created a new certificate template for use on my Linux boxes on my Microsoft CA (2008 R2 Enterprise). This template is approved for server and client authentication purposes with a validity period of 10 years - the expected lifetime of our Linux boxes - and the subject name supplied in the request. I have checked both the intermediate and offline CA - both have more than 10 years of life listed. Is there some kind of hard limit I'm hitting here?

    Read the article

  • IPSec on Domain Controllers and Trusted Domains

    - by OneLogicalMyth
    I am looking at configuring IPSec as follows: Isolation Request authentication for inbound and outbound connections Computer and user (Kerberos V5) I am looking to do a blanket deployment across all servers and domain controllers. Workstations I will leave as not set. What impact in terms of the domain controllers with the 2-way forest trust do think I would see? Should I exclude the IP addresses of the trusted domain controllers? I don't want to stop communication between the current and trusted forest, however I do want IPsec to be used within the current forest on all servers. The trusted forest is running 2008 R2 and the current forest is 2012 R2.

    Read the article

  • XSLT: Add namespace to root element

    - by Ingrid
    I need to change namespaces in the root element as follows: input document: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <foo xsi:schemaLocation="urn:isbn:1-931666-22-9 http://www.loc.gov/ead/ead.xsd" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns="urn:isbn:1-931666-22-9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> desired output: <foo audience="external" xsi:schemaLocation="urn:isbn:1-931666-22-9 http://www.loc.gov/ead/ead.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="urn:isbn:1-931666-22-9"> I was trying to do it as I copy over the whole document and before I give any other transformation instructions, but the following doesn't work: <xsl:template match="* | processing-instruction() | comment()"> <xsl:copy copy-namespaces="no"> <xsl:for-each select="."> <xsl:attribute name="audience" select="'external'"/> <xsl:namespace name="xlink" select="'http://www.w3.org/1999/xlink'"/> </xsl:for-each> <xsl:apply-templates/> <xsl:copy-of select="@*"/> <xsl:apply-templates/> </xsl:copy> </xsl:template> Thanks for any advice!

    Read the article

  • Cannot find root device after latest kernel upgrade

    - by DisgruntledGoat
    I'm running Ubuntu 13.04. Yesterday I tried to install updates but there was an error, and it suggested running apt-get -f install which I did. Now when I try to boot, I get an error "Gave up waiting for root device". The text is almost identical to the text shown in this and this question. However, the "built-in shell" simply doesn't work! Nothing I type shows up on the screen or does anything. I tried adding a rootdelay to grub but it just waits longer and shows the same screen. Loading the previous kernel works (although there are a few graphics glitches) but as far as I can tell, it should be booting the exact same stuff. The new kernel is 3.8.0-31-generic and the previous working one is 3.8.0-25-generic. Here is my entire /boot/grub/menu.lst file, comments removed: default 0 timeout 3 title Ubuntu 13.04, kernel 3.8.0-31-generic uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/vmlinuz-3.8.0-31-generic root=UUID=c690c1e6-beb9-46e7-85c2-145cd07d44ac rootdelay=120 ro quiet splash initrd /boot/initrd.img-3.8.0-31-generic quiet title Ubuntu 13.04, kernel 3.8.0-31-generic (recovery mode) uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/vmlinuz-3.8.0-31-generic root=UUID=c690c1e6-beb9-46e7-85c2-145cd07d44ac ro single initrd /boot/initrd.img-3.8.0-31-generic title Ubuntu 13.04, kernel 3.8.0-25-generic uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/vmlinuz-3.8.0-25-generic root=UUID=c690c1e6-beb9-46e7-85c2-145cd07d44ac ro quiet splash initrd /boot/initrd.img-3.8.0-25-generic quiet title Ubuntu 13.04, kernel 3.8.0-25-generic (recovery mode) uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/vmlinuz-3.8.0-25-generic root=UUID=c690c1e6-beb9-46e7-85c2-145cd07d44ac ro single initrd /boot/initrd.img-3.8.0-25-generic title Ubuntu 13.04, kernel 3.8.0-23-generic uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/vmlinuz-3.8.0-23-generic root=UUID=c690c1e6-beb9-46e7-85c2-145cd07d44ac ro quiet splash initrd /boot/initrd.img-3.8.0-23-generic quiet title Ubuntu 13.04, kernel 3.8.0-23-generic (recovery mode) uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/vmlinuz-3.8.0-23-generic root=UUID=c690c1e6-beb9-46e7-85c2-145cd07d44ac ro single initrd /boot/initrd.img-3.8.0-23-generic title Ubuntu 13.04, memtest86+ uuid c690c1e6-beb9-46e7-85c2-145cd07d44ac kernel /boot/memtest86+.bin quiet title -------------------------------- root title Windows Vista rootnoverify (hd0,2) savedefault makeactive chainloader +1 As you can see the UUID is the same for all kernels. Why am I getting this problem, and what can I do to fix it?

    Read the article

  • Restrict access to apache2 web root but allow it to subfolders

    - by razor7
    I need to restrict access by password to my web root apache test server (ie http://localhost) but allow access to subfolders (ie: http://localhost/testsite) I did create the .htpasswd and .htaccess, and put the .htaccess to web root (http://localhost) so when trying to access web root, it asks for user and pass, but so does in subfolders (ie: trying to access http://localhost/testite) I want to be asked for password on web root, but not on subfolders. Is that possible?

    Read the article

  • Hardening non-root standalone Linux Tomcat install

    - by NoozNooz42
    I want to know if you have any tips as to how to strengthen the security of a non-root install of Tomcat in standalone mode once Tomcat is already installed in a non-root account, in standalone mode. I precise this because, for example, I'm not at all interested by the answers given here (because both Java and Tomcat requires root priviledges there to be installed and I've got zero interest in running jsvc): http://serverfault.com/questions/43765 So far, here's what I've done for my non-root standalone Tomcat 6 install: download and install the JRE .bin provided by Oracle/Sun (no need to be root here) (no need for a full JDK anymore right seen that Jasper [Tomcat's JSP engine] has its own compiler now right?) download and tar -xzf tomcat 6 (no need to be root here) set up transparent port-forwarding (must be root here) Note that my distribution is a Debian one and I have exactly zero interest in downloading Debian package / backports / whatever... Because, once again, I DO NOT want to need to be root to install Java & Tomcat. The only moment I needed to be root was to configure the firewall to transparently do the port forwarding 80 <-- 8080 and 443 <-- 8443. I then deleted all the default webapps but one: cd ~/apache-tomcat-6.0.26/webapps rm -rf docs rm -rf examples/ rm -rf manager/ rm -rf ROOT/ What about the directory ~/apache-tomcat-6.0.26/webapps/host-manager, do I need it or can I delete it? So, once I've installed Tomcat standalone in a non-root account (and taken into account that I don't want to enter the root password anymore and that I don't plan to install the whole Apache shebang), what more can I do? Are there connectors I can disable? (how?)

    Read the article

  • Display all images from outside web root folder using PHP

    - by micmola
    Hello, I want to display all images that are stored outside my web root folder. Please help me. I am only able to display one image repeatedly. For example, if I have 5 images in my folder, only one image is displayed on my browser 5 times. Please help me on this. I've been working on this problem for over a month now. I'm a newbie. Help. Thank you. Here is the code I'm using. images.php <?php // Get our database connector require("includes/copta.php"); // Grab the data from our people table $sql = "select * from people"; $result = mysql_query($sql) or die ("Could not access DB: " . mysql_error()); $imgLocation = " /uploadfile/"; while ($row = mysql_fetch_array($result)) { $imgName = $row["filename"]; $imgPath = $imgLocation . $imgName; echo "<img src=\"call_images.php?imgPath=" . $imgName . "\" alt=\"\"><br/>"; echo $row['id'] . " " . $imgName. "<br />"; } ?> call_images.php <?php // Get our database connector require("includes/copta.php"); $imgLocation = '/ uploadz/'; $sql = "select * from people"; $result = mysql_query($sql) or die ("Could not access DB: " . mysql_error()); while ($row = mysql_fetch_array($result)) { $imgName = $row["filename"]; $imgPath = $imgLocation . $imgName; // Make sure the file exists if(!file_exists($imgPath) || !is_file($imgPath)) { header('HTTP/1.0 404 Not Found'); die('The file does not exist'); } // Make sure the file is an image $imgData = getimagesize($imgPath); if(!$imgData) { header('HTTP/1.0 403 Forbidden'); die('The file you requested is not an image.'); } // Set the appropriate content-type // and provide the content-length. header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: image/jpg"); header("Content-length: " . filesize($imgPath)); // Print the image data readfile($imgPath); exit(); } ?>

    Read the article

  • Silverlight 4 launch a trusted application into the browser ?

    - by Niklaos
    Hi guys, I just lost 5 hours looking for a answer which i haven't been able to find :p First, I'd like to force a trusted application (i need to access the file system) to display into the browser. Based on what i found on google a trusted application must be installed and launched as a desktop application (also called out-of-browser application). So, i want to have an installed application on the client side but meanwhile, the user must also be able to start this same application into a browser window when he goes on my web site. Is this possible ? Second, I'd like to give to the user the possibility to start the application from the browser. To be clear be the application is installed on the client computer but i want a button on my web site which starts the desktop application. How can i do that ? Thanks

    Read the article

  • Locating SSL certificate, key and CA on server

    - by jovan
    Disclaimer: you don't need to know Node to answer this question but it would help. I have a Node server and I need to make it work with HTTPS. As I researched around the internet, I found that I have to do something like this: var fs = require('fs'); var credentials = { key: fs.readFileSync('path/to/ssl/private-key'), cert: fs.readFileSync('path/to/ssl/cert'), ca: fs.readFileSync('path/to/something/called/CA') }; var app = require('https').createServer(credentials, handler); I have several problems with this. First off, all the examples I found use completely different approaches. Some link to .pem files for both the certificate and key. I don't know what pem files are but I know my certificate is .crt and my key is .key. Some start off at the root folder and some seem to just have these .pem files in the application directory. I don't. Some use the ca thing too and some don't. This CA is supposed to be my domain's CA bundle according to some articles - but none explain where to find this file. In the ssl directory on my server I have one .crt file in the certs directory and one .key file in the keys directory, in addition to an empty csrs directory and an ssl.db file. So, where do I find these 3 files (key, cert, ca) and how do I link to them correctly?

    Read the article

  • Download link for trial/evaluation copy of CA Siteminder

    - by velusbits
    Is there a trial/evaluation version available of CA Siteminder? What is CA SiteMinder? It is a centralized Internet access management system that enables user authentication and single sign-on, authentication management, policy-based authorization, identity federation and auditing of access to Web applications and portals. Where would I go for that link if one exists?

    Read the article

  • Disable Google Chrome warning if security certificate is not trusted

    - by sippa
    Hi, I want to know if it's possible to disable the warning you get in Chrome when you try to go to some HTTPS site that doesn't have a trusted certificate. I have a few sites in my bookmarks that use HTTPS but none of them have trusted certificates, so each time I visit them I manually have to click "Proceed anyway" in the warning and it's getting kind of annoying. Is there any way to disable the warning or somehow add these sites to some kind of safe list? Thanks

    Read the article

  • Download link for trial/evaluation copy of CA Siteminder

    - by velusbits
    Is there a trial/evaluation version available of CA Siteminder? What is CA SiteMinder? It is a centralized Internet access management system that enables user authentication and single sign-on, authentication management, policy-based authorization, identity federation and auditing of access to Web applications and portals. Where would I go for that link if one exists?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >