I can't remember if cyrus21-imapd installation add user cyrus to group mail, but until yesterday's upgrade my configuration works perfectly so I think that there was change on some ssl-relate-package that changed the permissions of /etc/ssl/private to this:
escaflowne:/etc/ssl# ls -l
[...]
drwxr-x--- 2 root ssl-cert 4096 Jun 7 11:55 private
The default imapd.conf configuration says:
tls_key_file: /etc/ssl/private/cyrus-global.key
So I think that the cyrus-imapd instalallation scripts need to add the
cyrus user to the ssl-cert group. (I don't know if the installer already
add cyrus to group ssl-cert, sorry).
(Sorry for my bad english)
El mié, 07-06-2006 a las 14:15 -0400, Benjamin Seidenberg escribió:
> Diego Fdez. Duran wrote:
> > Package: cyrus21-imapd
> > Version: 2.1.18-3
> > Severity: normal
> >
> > If cyrus user is not in the ssl-cert group you'll get:
> > unable to get private key from '/etc/ssl/private/cyrus.key'
> > TLS engine: cannot load cert/key data
> > error initializing TLS
> > Fatal error: tls_init() failed
> >
>
> Uhmm, isn't this the way it should work? The ssl-cert group defines who
> has access to the private key, so if the cyrus user isn't in that group,
> it shouldn't have access. (This is a feature, not a bug)
>
> Feel free to correct me if i'm wrong.
>
--
Diego Fdez. Durán <[EMAIL PROTECTED]> | http://iota.goedi.net
GPG : 925C 9A21 7A11 3B13 6E43 50DB F579 D119 90D2 66BB
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
