On Thu, Oct 23, 2003 at 01:00:07PM +0200, Lionel CONS wrote: > I'm trying to make Nessus use some certificates instead of the normal > password authentication but I fail to make it work. ... > - added a user with nessus-adduser with the corresponding DN
Which version of OpenSSL are you using? If it's 0.9.7 or newer, you will
need to adjust the DN in the user's dname file (eg,
/usr/local/var/nessus/users/{username}/auth/dname), replacing "/Email="
with "/emailAddress=". The nessus-mkcert-client script assumes the
former string will always be reported by OpenSSL, but a change was
introduced in OpenSSL 0.9.7 (or maybe 0.9.6h, I'm not certain) to use
the latter, thereby making object definitions compliant with RFC 2256
(LDAP).
> In the procedure, I'm never prompted for a password so I guess the
> client key is not password protected. However, the Nessus GUI wants a
> password. When I type one, I get a "failed login" message.
True, keys generated by nessus-mkcert and nessus-mkcert-client are not
password-protected. Both NessusWX and the unix GUI prompt for a
password / passphrase in case one is needed, although in the event your
keys are not, the passphrase is not used.
George
--
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
