Kevin Myer wrote:
http://www.redhat.com/docs/manuals/dir-server/ag/intro.htm#39523NB: you trade the ease of startup with a security risk, in that your keyphraseis stored in a file cleartext.
Right. Very secure environments invest in hardware crypto devices/dongles that provide this functionality without giving up the security.
Kevin Quoting Brian Jones <bkjones@xxxxxxxxx>:Hi all. I hit a snag yesterday when I rebooted my directory server box (running RHEL 4). The problem is that I'm using SSL/TLS, and that means that every time I restart the directory server I have to provide the password for the certificate database. Now, I *know* that this would never stand in a large production environment, so I can only imagine that I missed some essential piece of documentation on how I can use SSL/TLS, but not be forced to provide a password every time the server starts. Could someone provide a link to the doc that addresses this, or does someone have some clue they could provide for my feeble brain? Thanks. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
