© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Sorry for the confusion. We need to distinguish three files:
- the CA certificate (world-readable) is used to verify the identity of the server to the client
- the client certificate (world-readable) is used to verify the identity of the client to the server
- the private key (readable to root and nslcd only) is also needed to verify the identity of the client to the server as well as encrypting the communication
As long as it is just the CA and client certificates that are world-readable there is no problem at all. I'm just talking about the private key file. I assumed that you were referring to the private key as well as I don't see how it could work otherwise without using the nslcd daemon. If the key is not world-readable, there is no problem at all.