George Theall <[EMAIL PROTECTED]> writes:
>
> Which version of OpenSSL are you using?
I'm using Red Hat 7.3 with their latest rpm, this is openssl-0.9.6b-32.7.
As they are known for backporting changes, I don't know if this can be
seen as "0.9.7 or newer"...
> If it's 0.9.7 or newer, you will need to adjust the DN in the user's
> dname file (eg, /usr/local/var/nessus/users/{username}/auth/dname),
> replacing "/Email=" with "/emailAddress=".
Wait, I have none of these. My DN in dname looks like:
/C=CH/ST=GE/L=Geneva/O=CERN/OU=<xxx>/CN=<yyy>/M=<zzz>
this is what nessus-adduser created.
For the record, here is what's in nessus-adduser:
echo "Please enter User Distinguished Name:"
#
echo $Xn "Country: $Xc"
read x && [ -n "$x" ] && dn=$dn/C=$x
echo $Xn "STate: $Xc"
read x && [ -n "$x" ] && dn=$dn/ST=$x
echo $Xn "Location: $Xc"
read x && [ -n "$x" ] && dn=$dn/L=$x
echo $Xn "Organization: $Xc"
read x && [ -n "$x" ] && dn=$dn/O=$x
echo $Xn "Organizational Unit: $Xc"
read x && [ -n "$x" ] && dn=$dn/OU=$x
echo $Xn "Common Name: $Xc"
read x && [ -n "$x" ] && dn=$dn/CN=$x
echo $Xn "e-Mail: $Xc"
read x && [ -n "$x" ] && dn=$dn/M=$x
[...]
echo "$dn" > "$localstatedir/nessus/users/$login/auth/dname"
Is nessus-adduser really doing the right thing?
> True, keys generated by nessus-mkcert and nessus-mkcert-client are not
> password-protected. Both NessusWX and the unix GUI prompt for a
> password / passphrase in case one is needed, although in the event your
> keys are not, the passphrase is not used.
Ok, the only annoying thing is that the GUI does not allow me to enter
an empty password... but if it really ignored, that's fine.
Thanks for your help.
__________________________________________________________
Lionel Cons http://cern.ch/lionel.cons
CERN http://www.cern.ch
Confidence comes not from always being right, but from not fearing
to be wrong.
