"Davidson, Stuart" <[EMAIL PROTECTED]> writes:
> The following ssldump trace records the following 'su' sequence and shows that
> an su from a non privileged account does not work.
>
> # su - dav
> $ id
> uid=4001 gid=401 +++ su from root to dav works OK +++
> $ su - dav
> Password:
> su: Sorry +++ su from dav to dav does NOT work +++
> $
>
> Questions:
>
> 1. any idea why the su from a non privileged account is not working?
This is a Solaris question. My guess, offhand, would be that DAV has
a '*'-ed out password field so you can't su to it if you're not
root.
> 2. how do I invoke ssldump to decrypt the complete dialog?
> (e.g. all Handshakes and application data)
You need to ensure that it has the server's private key, using the
-k and -p arguments.
> 3. how do I convert the certificates exported from Microsoft Enterprise
> Certificate Authority to a format which can be read by ssldump?
I'm not sure what yu're trying to do here. There seem to be two
ways to read this message:
(1) You want ssldump to decode the certificates when it parses
the transaction. This is a simple matter of giving it the -N
flag to tell it to parse the ASN.1. (Assuming, of course, ssldump
was linked with OpenSSL when you built it.)
(2) You want ssldump to read the server's private key (not certificate).
There's no need to read the server's certificate. All you need to do for
this is convert it into an OpenSSL keyfile. It's not clear what
kind of keyfile you're starting with here...
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
