[Dovecot] [patch] gssapi support

Colin Walters walters at verbum.org
Tue Jul 13 20:44:49 EEST 2004


On Tue, 2004-07-13 at 19:04 +0300, Timo Sirainen wrote:
> On 13.7.2004, at 18:17, Colin Walters wrote:
> 
> > The major problem I ran into was
> > getting my dad and some of my friend's Windows machines to trust my CA.
> > It involved a lot of complexity with this "mmc" program.  Not to 
> > mention
> > my dad has multiple machines, one of them at his office that I didn't
> > have access to.  The rest of my friends use Linux as I do, but even
> > there configuring different applications to trust a certificate isn't
> > easy.
> 
> Adding new CAs is actually pretty easy in Windows. You right click it, 
> "install certificate", place it into "Trusted root certificates" and 
> click ok/next a few times.

I'll take your word for it.  I had just searched the Microsoft site
about the issue and found an article that told me to use mmc.

> I have no idea how to do it in Linux though. Does OpenSSL have some 
> hardcoded root certificates directory, or does each program handle it 
> in it's own way? 

Both :)

On my Fedora system all the root certificates are in 
/usr/share/ssl/certs/ca-bundle.crt.

But there is no standard way for an unprivileged user to write to that
file.

> Before Evolution used to ask me constantly about my 
> certificate, and lazy as I were I just clicked "ok". Nowadays it seems 
> to be silent, maybe one day it started remembering it.

I think Evolution remembers the result now, and keeps it around in its
own certificate cache.

If it's really as easy to install root certificates on Windows as you
say, then I might give it another try.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040713/408e868b/attachment.pgp


More information about the dovecot mailing list