Another thing worth adding to your HOWTO is that if the LDAP server is
going to be publically available, a good name to use is
"keys.(yourdomain)". The reason for this is that both PGP and GnuPG
(as of 1.4.3) can automatically locate keys using that name. For
example, let's say I want to encrypt
On Thu, Feb 23, 2006 at 05:01:08PM +0100, Walter Haidinger wrote:
Thanks for writing this up! I will certainly be pointing people to
this when they ask inthe future.
One comment:
> Further notes:
> * GnuPG looks for PGPServerInfo under the base DN.
> If you decide to put it somewhere else, us
On Thu, Feb 23, 2006 at 03:52:37PM +, Walter Haidinger wrote:
> I was unaware that _all_ keyserver options apply to any type, i.e.
> http/hkp/ldap.
> The manpage talks about 'a' preferred keyserver, though, so I thought
> that there can be only one, which means all options are global anyways.
Hi!
After all issues are finally resolved, I'm glad to post this
howto about setting up a PGP keyserver with OpenLDAP.
The inital thread that finally leads to here starts at:
http://marc.theaimsgroup.com/?l=gnupg-users&m=114028686432264&w=2
Many thanks to Peter Palfrader for providing the LDAP sc
On Thu, February 23, 2006 16:22, David Shaw wrote:
>> What is wrong here?
>
> keyserver-options. Not keyserver-option. The 's' is part of the
> option name. It works on the command line for convenience, but the
> config file must be strict.
Thanks.
I've just read the following from the manpag
On Feb 22, 2006 at 21:52 +0100, Kiefer, Sascha wrote:
> I downloaded the latest GpgME version and called configure.
> The last lines it outputes are:
>
> configure: WARNING:
> ***
> *** ttyname() is not thread-safe and ttyname_r() does not exist
> ***
> checking whether we are using the GNU C Libr
On Thu, February 23, 2006 14:03, David Shaw wrote:
> --keyserver-option "binddn=\"uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\""
I've got yet another problem when I put keyserver-options into
~/.gnupg/gpg.conf, like:
> nl -b a ~/.gnupg/gpg.conf | tail -5
225 keyserver ldap://localhost
226 k
On Thu, Feb 23, 2006 at 04:13:51PM +0100, Walter Haidinger wrote:
> On Thu, February 23, 2006 14:03, David Shaw wrote:
> > --keyserver-option "binddn=\"uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\""
>
> I've got yet another problem when I put keyserver-options into
> ~/.gnupg/gpg.conf, like:
>
> >
On Thu, February 23, 2006 14:03, David Shaw wrote:
> Not a bug - you're quoting it wrong in the shell. It takes a lot to
> make the shell not eat stuff sometimes:
>
> --keyserver-option "binddn=\"uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\""
>
> That is, quote the value, not the name=value. The pa
On Thu, Feb 23, 2006 at 01:01:48PM +0100, Walter Haidinger wrote:
> On Thu, February 23, 2006 00:28, David Shaw wrote:
> >> Next release of 1.4.x or 1.9.x?
> >
> > 1.4.3. I've added the new feature, so you could probably grab the
> > gpgkeys_ldap.c from svn and use it in your 1.4.2 if you like. T
On Thu, February 23, 2006 00:28, David Shaw wrote:
>> Next release of 1.4.x or 1.9.x?
>
> 1.4.3. I've added the new feature, so you could probably grab the
> gpgkeys_ldap.c from svn and use it in your 1.4.2 if you like. There
> aren't significant changes to the keyserver protocol between the two.
On Wed, Feb 22, 2006 at 10:38:19AM -0500, Benjamin Esham wrote:
> On Feb 22, 2006, at 6:22 AM, Janusz A. Urbanowicz wrote:
>
> >And there is really no point in ecryptiong the whole access since the
> >contents, the emails usually travel the rest of the net unencrypted.
> But wouldn't it be much
On Thu, February 23, 2006 04:24, David Shaw wrote:
>> Does GnuPG support remote keyrings?
>
> No, unless it's via a remote filesystem (NFS, SMB, some magic with
> fuse, etc).
Well, would have been nice, though. I'll stick to rsync to distribute
secret keyrings then.
>> This is a general limitatio
13 matches
Mail list logo
