[Fedora-directory-users] boot time startup requires password
Rich Megginson
rmeggins at redhat.com
Fri Jul 8 15:43:14 UTC 2005
Kevin Myer wrote:
> http://www.redhat.com/docs/manuals/dir-server/ag/intro.htm#39523
>
> NB: you trade the ease of startup with a security risk, in that your
> keyphrase
> is stored in a file cleartext.
Right. Very secure environments invest in hardware crypto
devices/dongles that provide this functionality without giving up the
security.
>
> Kevin
>
> Quoting Brian Jones <bkjones at gmail.com>:
>
>> Hi all.
>>
>> I hit a snag yesterday when I rebooted my directory server box
>> (running RHEL 4). The problem is that I'm using SSL/TLS, and that
>> means that every time I restart the directory server I have to provide
>> the password for the certificate database. Now, I *know* that this
>> would never stand in a large production environment, so I can only
>> imagine that I missed some essential piece of documentation on how I
>> can use SSL/TLS, but not be forced to provide a password every time
>> the server starts.
>>
>> Could someone provide a link to the doc that addresses this, or does
>> someone have some clue they could provide for my feeble brain?
>>
>> Thanks.
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20050708/4fd52f45/attachment.bin>
More information about the 389-users
mailing list