Kevin Myer wrote: > http://www.redhat.com/docs/manuals/dir-server/ag/intro.htm#39523 > > NB: you trade the ease of startup with a security risk, in that your > keyphrase > is stored in a file cleartext. Right. Very secure environments invest in hardware crypto devices/dongles that provide this functionality without giving up the security. > > Kevin > > Quoting Brian Jones <bkjones at gmail.com>: > >> Hi all. >> >> I hit a snag yesterday when I rebooted my directory server box >> (running RHEL 4). The problem is that I'm using SSL/TLS, and that >> means that every time I restart the directory server I have to provide >> the password for the certificate database. Now, I *know* that this >> would never stand in a large production environment, so I can only >> imagine that I missed some essential piece of documentation on how I >> can use SSL/TLS, but not be forced to provide a password every time >> the server starts. >> >> Could someone provide a link to the doc that addresses this, or does >> someone have some clue they could provide for my feeble brain? >> >> Thanks. >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050708/4fd52f45/attachment.bin
