On Wed, 2004-12-15 at 10:39, Andrew wrote:
> Hia,
>
> Try (for the sake of testing) setting the ownership of the file to g+r
> o+r (so everyone can read it - but change it back later! ).....
>
> If that still fails, then try copying the cert into an exim owned dir
> and chown both to the same user and group as exim is run as.
>
Yup that was it, the exim grp did not have read access to the file. Now
that works ok, but another problem has arisen. It complains about not
having pam authentication so am recompiling with
SUPPORT_PAM=yes
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
but unsure about this last bit, I can find EXTRALIBS_EXIM but not
EXTRALIBS on its own. Can anybody explain what this bit means and where
in the file the entry should go so that pam support will work.
Ron
> ...All the best.
>
> A.
>
>
> Ron McKeating wrote:
>
> >Hi all,
> >
> >I have set up exim and courier_imap on a new fedora core 3 box. I have
> >imap working with courier over sll. Courier generates a certificate
> >which it stores as
> >
> >/usr/lib/courier-imap/share/imapd.pem
> >
> >Now I thought I would be able to use this same certificate in exim, it
> >is a concatenated file with both the certificate and the key in it. So
> >in my exim config I have
> >
> ># SSL Support options
> > tls_advertise_hosts = *
> >
> >tls_certificate = /usr/lib/courier-imap/share/imapd.pem
> >
> >but when I try and send through it I get an error
> >
> >2004-12-15 10:25:40 TLS error on connection from sprocket.lut.ac.uk
> >[131.231.80.5] (SSL_CTX_use_certificate_chain_file):
> >error:0200100D:system library:fopen:Permission denied
> >
> >the certificate file is owned by user root and group exim so would have
> >thought exim would have the permissions it needed.
> >
> >Any thoughts or advice much appreciated.
> >
> >Ron
> >
> >
--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329
