still working instructions through...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Craig White wrote:

>On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote:
>  
>
>>Craig White wrote:
>>    
>>
>
>  
>
>>>>You will get this error if you try to use startTLS but the server is not 
>>>>configured for security, which brings us back to your earlier problem . . .
>>>>What are the first few lines of slapd-srv1/logs/errors?
>>>>   
>>>>
>>>>        
>>>>
>>>----
>>>you are right on the money but I don't know why.
>>>
>>>nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif
>>>
>>>then 'service fds restart' will absolutely hang and never start up.
>>>
>>>if it equals 'off' then obviously slapd will start up.
>>>
>>>recent efforts which include the 'hang' effect show nothing
>>>in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I
>>>restarted the server from the console, it did show this...
>>>
>>>[08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization:
>>>Unable to authenticate (Netscape Portable Runtime error -8177 - The
>>>security password entered is incorrect.)
>>>[08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed.
>>> 
>>>
>>>      
>>>
>>Darn it.  That's right.  With SSL enabled, you must start the server 
>>from the console, in order to provide the pin for the key/cert db.
>>
>>If you want to do unattended server restarts, you have to purchase a 
>>PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in 
>>the proper format with the cleartext password in it.
>>    
>>
>----
>OK - important detail
>
>slapd-srv1-pin.txt
>
>does that go in
>
>/opt/fedora-ds/alias ?
>/opt/fedora-ds/slapd-srv1 ?
>  
>
It should go in the alias directory and have the following format:
Internal (Software) Token:password

>Thanks
>
>Craig
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051208/a4712ada/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux