Brian Jones wrote: >Thanks, Kevin. > >Can I make a feature request to whoever sees this that is way better >at Java/C than me to at least make the stored password crypted in >something stronger than rot13? > > What would you suggest? Note that a determined attacker will be able to decode anything that could be done without a key, especially since the source code is available. > > >On 7/8/05, Kevin Myer <kevin_myer at iu13.org> wrote: > > >>http://www.redhat.com/docs/manuals/dir-server/ag/intro.htm#39523 >> >>NB: you trade the ease of startup with a security risk, in that your >>keyphrase >>is stored in a file cleartext. >> >>Kevin >> >>Quoting Brian Jones <bkjones at gmail.com>: >> >> >> >>>Hi all. >>> >>>I hit a snag yesterday when I rebooted my directory server box >>>(running RHEL 4). The problem is that I'm using SSL/TLS, and that >>>means that every time I restart the directory server I have to provide >>>the password for the certificate database. Now, I *know* that this >>>would never stand in a large production environment, so I can only >>>imagine that I missed some essential piece of documentation on how I >>>can use SSL/TLS, but not be forced to provide a password every time >>>the server starts. >>> >>>Could someone provide a link to the doc that addresses this, or does >>>someone have some clue they could provide for my feeble brain? >>> >>>Thanks. >>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >> >>-- >>Kevin M. Myer >>Senior Systems Administrator >>Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20050708/3db753db/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050708/3db753db/attachment.bin