From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: To run nss/pam against ldap server what verify clients, the tls_cert and tls_key must be set in /etc/ldap.conf. These files must be readable by all to proper nss working. This breaks security, everyone can stole keys and reuse them. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Enable ldap auth again ldap server, what does client verification 2. Set up tls_cert and tls_key to cert files. 3. Set file permissions on cert file to 400 4. As non-root user do 'll' inside directory, where some files are owned by user stored in ldap backend Actual Results: You will got 'Broken pipe' error Expected Results: When you change cert file permission to 444, everything works fine. Additional info: Setting cert file permissions to 444 breaks security and keys can be stolen to compromise you.
Fedora Core 1 is maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thanks! NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy project. After Fedora Core 6 Test 2 is released (currently scheduled for July 26th), there will be no more security updates for FC1. Please use these next two weeks to upgrade any remaining FC1 systems to a current release.
Closing per lack of response. Also note that FC1 and FC2 are no longer supported even by Fedora Legacy. If this still occurs on FC3 or FC4, please assign to that version and Fedora Legacy. If it still occurs on FC5 or FC6, please reopen and assign to the correct version.