Bug#856436: xrdp: client is not connecting when security_layer=tls

[Koichiro IWAO]

> Well, the third and only correct solution would be xrdp getting its own
> mechanism for dropping prvileges, so it could read the key as root and
> then drop to the xrdp user.

You have a point. Running daemon under user privilege is a good practice
if root privilege is actually unnecessary. xrdp should take care of 
being
run under user privilege.

> For now, I think the local administrator should add xrdp to the 
> ssl-cert
> group if they want to use TLS. This is IMHO not a bug in the package,
> because by default, xrdp also uses RDP security and adding daemon users
> to ssl-cert is a common and well-known practice.

OK. If it's a common practice in Debian I agree that the local 
administrator
should adjust the group. Anyway, xrdp should output user-friendly logs 
when
certificate/private key is not accessible. I'll make a fix for that in
upstream.

-- 
`whois vmeta.jp | nkf -w`
meta <meta at vmeta.jp>