Changes between Version 8 and Version 9 of STunnelTracd

Timestamp:

Jun 7, 2006, 8:52:06 PM (18 years ago)

Author:

anonymous

Comment:

document that stunnel is strict about permissions on .pem file

STunnelTracd

@@ -2 +2 @@
 I would appreciate if others could go over this  tutorial on securing (at least for avoiding plaintext sending of auth) tracd  and provide any feedback. It works for me on trac 0.9.2. 
 
-Using stunnel version 4 or higher, you can create a tracd configuration file that passes requests on an https port to the port you specify when running tracd. In this manner, your users can access tracd using an https:// request, ensuring their requests (and passwords) aren't being sent cleartext.
+Using stunnel version 4 or higher, you can create a tracd configuration file that passes requests on an https port to the port you specify when running tracd. In this manner, your users can access tracd using an `https://` request, ensuring their requests (and passwords) aren't being sent cleartext.
 
 Put this file in /etc/stunnel/stunnel-tracd.conf:
@@ -33 +33 @@
 }}}
 
-The stunnel.cnf file mentioned here is in the source distribution for stunnel, in the tools subdirectory. It will ask you for your state, country, etc. After it generates the .pem file move it to where the .conf file above indicates.
+The stunnel.cnf file mentioned here is in the source distribution for stunnel, in the tools subdirectory. It will ask you for your state, country, etc. After it generates the .pem file move it to where the .conf file above indicates. Note that depending on what your `umask` is, you may need to adjust the permissions on the `stunnel.pem` file -- 600 (readable and writeable only by owner) should work. 
 
 Make sure to apply the patch in [http://projects.edgewall.com/trac/ticket/2553 ticket 2553] as of trac 0.9.2 so that tracd doesn't forward to an http url.