HOWTO LDAP SAMBA PDC Security Evaluation

From Gentoo Linux Wiki

Jump to: navigation, search
This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Previous page Top Next Page


The following commands are use OpenSSL to verify SSL and TLS connections. localhost can allways be subsituted for any name the refers to your LDAP server. The first command verify's SSL and the second will verify TLS.
Note: ctrl-c (^C) will be nesscary as the command hangs in limbo after it finishes.

Note: the second command wont work... yet!

# openssl s_client -connect localhost:636 -showcerts -state -CAfile /certs/openldap/CA-cert.pem
# openssl s_client -connect localhost:389 -showcerts -state -CAfile /certs/openldap/CA-cert.pem

Good output will resemble the following: (output was edited for size)

Code: good openssl output 
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
(...Certificate chain output deleted...)
---
No client certificate CA names sent
---
SSL handshake has read 2161 bytes and written 346 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: CF98B6D749348537401A137BA4BC6FFD4221A1BA...
    Session-ID-ctx:
    Master-Key: ...9DEA83A16F72934AF5213BDBF2EA46BF254342B846E8A7
    Key-Arg   : None
    Start Time: 1128586936
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Previous page Top Next Page

Retrieved from "http://www.gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Security_Evaluation"
Personal tools