Excerpts from 's message of Mon Feb 20 10:56:32 +0100 2006:
Walter Haidinger schrieb am Samstag, dem 18. Feber 2006:
Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for
use with GnuPG). [...]
However, I was unable to find any schema definiton...
On Thu, 03 Feb 2011, Sascha Silbe wrote:
Excerpts from 's message of Mon Feb 20 10:56:32 +0100 2006:
Walter Haidinger schrieb am Samstag, dem 18. Feber 2006:
Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for
use with GnuPG). [...]
However, I was unable to
On Thu, February 23, 2006 04:24, David Shaw wrote:
Does GnuPG support remote keyrings?
No, unless it's via a remote filesystem (NFS, SMB, some magic with
fuse, etc).
Well, would have been nice, though. I'll stick to rsync to distribute
secret keyrings then.
This is a general limitation, not
On Thu, February 23, 2006 00:28, David Shaw wrote:
Next release of 1.4.x or 1.9.x?
1.4.3. I've added the new feature, so you could probably grab the
gpgkeys_ldap.c from svn and use it in your 1.4.2 if you like. There
aren't significant changes to the keyserver protocol between the two.
On Thu, February 23, 2006 14:03, David Shaw wrote:
Not a bug - you're quoting it wrong in the shell. It takes a lot to
make the shell not eat stuff sometimes:
--keyserver-option binddn=\uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\
That is, quote the value, not the name=value. The parser in
On Thu, Feb 23, 2006 at 04:13:51PM +0100, Walter Haidinger wrote:
On Thu, February 23, 2006 14:03, David Shaw wrote:
--keyserver-option binddn=\uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\
I've got yet another problem when I put keyserver-options into
~/.gnupg/gpg.conf, like:
nl -b a
On Thu, February 23, 2006 16:22, David Shaw wrote:
What is wrong here?
keyserver-options. Not keyserver-option. The 's' is part of the
option name. It works on the command line for convenience, but the
config file must be strict.
Thanks.
I've just read the following from the manpage
On Tue, 21 Feb 2006, David Shaw wrote:
If GnuPG could also store secret keys (btw, can it? have never checked)
It's theoretically possible, but no keyserver works that way.
Probably not for HTTP keyservers, but for LDAP offering strong
authentication and TLS/SSL?
A remotely accessible,
Walter Haidinger wrote:
On Tue, 21 Feb 2006, David Shaw wrote:
If GnuPG could also store secret keys (btw, can it? have never checked)
It's theoretically possible, but no keyserver works that way.
Probably not for HTTP keyservers, but for LDAP offering strong
authentication and
Alphax wrote:
Isn't this what Kerberos was designed for?
No, Kerberos is only an authentication protocol.
I'm talking about _storing_ secret keyrings on LDAP.
What if you access your email by IMAP only? Each MUA with GnuPG support
(e.g. Thunderbird with Enigmail plugin) could then use the
On Wed, Feb 22, 2006 at 11:02:10AM +0100, Walter Haidinger wrote:
On Tue, 21 Feb 2006, David Shaw wrote:
If GnuPG could also store secret keys (btw, can it? have never checked)
It's theoretically possible, but no keyserver works that way.
Probably not for HTTP keyservers, but for
On Wed, 22 Feb 2006, David Shaw wrote:
It's a bit more complex than that - what LDAP (and any keyserver) does
is provide the key itself. That key is then imported and lives
locally from then on until it is deleted. There would need to be
cleanup after use or keys would be left behind.
I
On Thu, Feb 23, 2006 at 01:04:10AM +0100, Walter Haidinger wrote:
On Wed, 22 Feb 2006, David Shaw wrote:
Are you looking for a remote keyring?
That's slightly different than a keyserver, or at least the thing
that GnuPG calls a keyserver.
Now that you mention it: acutally yes, for
On Tue, Feb 21, 2006 at 05:21:25PM +0100, Walter Haidinger wrote:
David Shaw wrote:
5) Make this file:
cat pgp.ldif
dn: ou=PGP Keys,dc=DOMAIN,dc=COM
objectclass: organizationalUnit
ou: PGP Keys
dn: cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM
Change this line to:
dn:
On Tue, Feb 21, 2006 at 10:10:40AM +0100, Matthias Urlichs wrote:
Hi, David Shaw wrote:
Anyway, that is (more or less) how I was expecting LDAP to be used. I
never added LDAP auth because I wasn't sure exactly what was needed,
and didn't want to implement it without some clear use case.
On Tue, Feb 21, 2006 at 01:15:08AM +0100, Walter Haidinger wrote:
On Mon, 20 Feb 2006, David Shaw wrote:
LDAP had TLS support back in 1.3.5. HTTP and FTP just got TLS support
in 1.4.3. At one point, I started documenting the new options and
stopped because the man page would be
On Tue, Feb 21, 2006 at 11:12:32PM +0100, Walter Haidinger wrote:
On Tue, 21 Feb 2006, David Shaw wrote:
beause GnuPG looks for PGPServerInfo unter the base DN,
not under dn=ou=PGP Keys,dc=DOMAIN,dc=COM.
Not exactly. It looks for PGPServerInfo under each DN returned from
On Tue, 21 Feb 2006, David Shaw wrote:
beause GnuPG looks for PGPServerInfo unter the base DN,
not under dn=ou=PGP Keys,dc=DOMAIN,dc=COM.
Not exactly. It looks for PGPServerInfo under each DN returned from
namingContexts in order. It may well check for
cn=PGPServerInfo,dc=DOMAIN,dc=COM
On Tue, 21 Feb 2006, David Shaw wrote:
On Tue, Feb 21, 2006 at 01:15:08AM +0100, Walter Haidinger wrote:
On Mon, 20 Feb 2006, David Shaw wrote:
LDAP had TLS support back in 1.3.5. HTTP and FTP just got TLS support
in 1.4.3. At one point, I started documenting the new options and
On Tue, 21 Feb 2006, David Shaw wrote:
On Tue, Feb 21, 2006 at 11:12:32PM +0100, Walter Haidinger wrote:
On Tue, 21 Feb 2006, David Shaw wrote:
beause GnuPG looks for PGPServerInfo unter the base DN,
not under dn=ou=PGP Keys,dc=DOMAIN,dc=COM.
Not exactly. It looks for
On Tue, Feb 21, 2006 at 11:42:56PM +0100, Walter Haidinger wrote:
On Tue, 21 Feb 2006, David Shaw wrote:
On Tue, Feb 21, 2006 at 11:12:32PM +0100, Walter Haidinger wrote:
On Tue, 21 Feb 2006, David Shaw wrote:
beause GnuPG looks for PGPServerInfo unter the base DN,
not under
On Tue, Feb 21, 2006 at 11:35:02PM +0100, Walter Haidinger wrote:
A LDAP keyserver would be useful as a company keyserver where people
inside the company IP range or an administrator can add keys, and the
rest of the world can just read.
That eliminates tcp-wrapping. You'd
On Tue, 21 Feb 2006, David Shaw wrote:
The problem here is remote authentication. Each user would need some
way to authenticate to the LDAP server to give them the delete
ability.
Every user could get this own DN just for authentication, like
On Wed, Feb 22, 2006 at 01:07:48AM +0100, Walter Haidinger wrote:
Potentially dangerous. How sensitive is this password?
Is a mode 600 file secure for your usage?
Yes, I'd think so. After all, we're talking about protecting
a keystore of _public_ keys...
If GnuPG could also store
On Sat, Feb 18, 2006 at 10:11:32PM +0100, Peter Palfrader wrote:
Walter Haidinger schrieb am Samstag, dem 18. Feber 2006:
Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for
use with GnuPG). Please note that I already have a working OpenLDAP
server, so I'd only need
On Mon, 20 Feb 2006, David Shaw wrote:
Here's a rough guide for OpenLDAP:
[--cut--]
Thanks, no problem following the guide.
The configuration above obviously allows anyone to write/delete keys.
I'll add appropriate access rules once key import/export works.
However, I'm having trouble with
On Mon, Feb 20, 2006 at 11:14:33PM +0100, Walter Haidinger wrote:
On Mon, 20 Feb 2006, David Shaw wrote:
Here's a rough guide for OpenLDAP:
[--cut--]
Thanks, no problem following the guide.
The configuration above obviously allows anyone to write/delete keys.
I'll add appropriate
On Mon, 20 Feb 2006, David Shaw wrote:
TLS too? How to tell GnuPG to use TLS over port 389 (ldap://)?
Try for TLS, and do nothing if TLS can't start:
keyserver-options tls=try
Try for TLS, and print a warning if TLS can't start:
keyserver-options tls=warn
Try for TLS, and fail if
On Tue, Feb 21, 2006 at 12:21:42AM +0100, Walter Haidinger wrote:
On Mon, 20 Feb 2006, David Shaw wrote:
TLS too? How to tell GnuPG to use TLS over port 389 (ldap://)?
Try for TLS, and do nothing if TLS can't start:
keyserver-options tls=try
Try for TLS, and print a warning if
Peter Palfrader schrieb:
http://asteria.noreply.org/~weasel/PGPKeyserverSchema.zip
Thanks! One question, though: Where is this schema from?
Is it the new one the GnuPG announcement was talking about or
is it a schema shipped with with a commercial(?) keyserver?
If you get an LDAP keyserver
Hi!
Quoting from the GnuPG-1.4.0 announcement:
The LDAP keyserver helper now supports storing, retrieving, and
searching for keys in both the old NAI LDAP keyserver as well as the
more recent method to store OpenPGP keys in standard LDAP servers.
Now, I'd like to setup an OpenLDAP server to
31 matches
Mail list logo
