Problem with Centos 6.1

Peter Schober peter.schober at univie.ac.at
Tue Dec 20 11:42:39 GMT 2011


* Martins Purins <mpurins at gmail.com> [2011-12-20 12:27]:
> On 20 December 2011 12:56, Peter Schober <peter.schober at univie.ac.at> wrote:
> > * Martins Purins <mpurins at gmail.com> [2011-12-20 11:15]:
> >> Problem with c6
> >> https://c6/Shibboleth.sso/Metadata returns error
> >> "Metadata Request Failed"
> >
> > Jfyi, you don't need that, just use /etc/shibboleth/metagen.sh to
> > generate a metadata example.
>
> No. I need that for my clients. Not all are smrt to generate metadata from :)
> ./metagen.sh
> metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]

Grabbing metatdata from there is (1) only an example to get you
stared, as it's missing several probably relevant elements (e.g. the
new mdui metadata extensions), and (2) fully insecure by default.
Instead the common trust model is to have metadata signed by a trusted
third party (a "federation") and let people only get metadata from
there.
Then it's up to you how to provide the federation with metadata and
that's what metagen.sh could be used for (or any other method to
generate the XML).

> > That doesn't mean anything. Look at /etc/init.d/shibd to find out
> > what's relevant. Try this on the shell:
> >
> > $ LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH ldd /usr/sbin/shibd | fgrep curl
> 
> If I understand what you mean with your syntax, then result is such:

> [root at c6 ~]# ldd /usr/sbin/shibd | fgrep curl
>         libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007febe0a14000)

You're not doing the same as the init script, so the result differs.
The init script takes care of including libcurl-openssl so whatever
you do in the shell does not change that (or is indicative of problems
with the shibboleth packages).
-peter


More information about the users mailing list