I am still struggling to get this working at all, but one of the
confusing issues I've come across is as follows:
- make sure $HOME/.pki does not exist
- run a PCP client with PCP_SECURE_SOCKETS=enforce
- note that $HOME/.pki is populated with an nssdb directory and files
therein
- rm -rf $HOME/.pki
- now sudo bash ... note that for me this does not change $HOME
- as root run a PCP client (it does NOT need PCP_SECURE_SOCKETS=enforce)
- notice that $HOME belongs to kenj, but there is now an unreadable .pki
directory and contents owned by _root_
- exit the sudo shell
- now any PCP client run with PCP_SECURE_SOCKETS=enforce aborts with the
unhelpful message: Cannot connect to PMCD on host "bozo": Cannot
connect: SSL is disabled.
I presume SSL is disabled is because I cannot read $HOME/.pki.
But allowing a uid 0 process to blindly follow $HOME from the
environment and start creating files and directories seems NQR (tm).
|