> On 18 Jun 2019, at 13:41, Angel Bosch <abosch@xxxxxxxxxxxxxxx> wrote: > >> However, be mindful that the if you use attribute encryption, this >> value is stored in the key3.db, and replacement of this file WILL >> destroy your access to your own database! IE if you plan to use this >> strategy, you MUST NOT use attribute encryption at the same time. >> > > I'll take that into account. > > > >> A better process could be to have a systemd drop in file that on >> "start" takes .PEM files and turns them into the nss db, OR loads >> them into the existing NSS db. This would be useful upstream too, so >> maybe that's a better strategy, and of course, tools for PEM >> management are much better from a sys admin view. Would this be a >> cleaner approach do you think? >> > > > do you have any docs about this process? > I'm not really sure if I understand you when you say "This would be useful upstream too", can you elaborate? The feature doesn't exist yet, so if you write a PEM -> NSS tool, the project would love to accept it to our source code. It's been something I have wanted for a while, and recently I have been thinking with containers I should more seriously develop it, but if you wanted to add this, we would review and help you achieve it :) > > > abosch — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
