Kevin M. Myer wrote: > Quoting Richard Megginson <rmeggins at redhat.com>: > >> Craig White wrote: >> >>> On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote: >>> >>>> Darn it. That's right. With SSL enabled, you must start the >>>> server from the console, in order to provide the pin for the >>>> key/cert db. >>>> >>>> If you want to do unattended server restarts, you have to purchase >>>> a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt >>>> file in the proper format with the cleartext password in it. >>>> >>> ---- >>> OK - important detail >>> >>> slapd-srv1-pin.txt >>> >>> does that go in >>> >>> /opt/fedora-ds/alias ? >>> /opt/fedora-ds/slapd-srv1 ? >>> >> It should go in the alias directory and have the following format: >> Internal (Software) Token:password >> > > Is there an equivalent setup for the admin server, either using a > security module, or other means? Yes. In admin-serv/config/console.conf, change NSSPassPhraseDialog builtin to NSSPassPhraseDialog file:/opt/fedora-ds/alias/admin-serv-pin.txt Then put the password in cleartext in the file /opt/fedora-ds/alias/admin-serv-pin.txt You can name the file whatever you like. > > Kevin > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051208/532b9fa6/attachment.bin
