"Davidson, Stuart" <[EMAIL PROTECTED]> writes: > The following ssldump trace records the following 'su' sequence and shows that > an su from a non privileged account does not work. > > # su - dav > $ id > uid=4001 gid=401 +++ su from root to dav works OK +++ > $ su - dav > Password: > su: Sorry +++ su from dav to dav does NOT work +++ > $ > > Questions: > > 1. any idea why the su from a non privileged account is not working? This is a Solaris question. My guess, offhand, would be that DAV has a '*'-ed out password field so you can't su to it if you're not root.
> 2. how do I invoke ssldump to decrypt the complete dialog? > (e.g. all Handshakes and application data) You need to ensure that it has the server's private key, using the -k and -p arguments. > 3. how do I convert the certificates exported from Microsoft Enterprise > Certificate Authority to a format which can be read by ssldump? I'm not sure what yu're trying to do here. There seem to be two ways to read this message: (1) You want ssldump to decode the certificates when it parses the transaction. This is a simple matter of giving it the -N flag to tell it to parse the ASN.1. (Assuming, of course, ssldump was linked with OpenSSL when you built it.) (2) You want ssldump to read the server's private key (not certificate). There's no need to read the server's certificate. All you need to do for this is convert it into an OpenSSL keyfile. It's not clear what kind of keyfile you're starting with here... -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]