Brian Jones wrote:
What would you suggest? Note that a determined attacker will be able to decode anything that could be done without a key, especially since the source code is available.Thanks, Kevin. Can I make a feature request to whoever sees this that is way better at Java/C than me to at least make the stored password crypted in something stronger than rot13? On 7/8/05, Kevin Myer <kevin_myer@xxxxxxxx> wrote:http://www.redhat.com/docs/manuals/dir-server/ag/intro.htm#39523 NB: you trade the ease of startup with a security risk, in that your keyphrase is stored in a file cleartext. Kevin Quoting Brian Jones <bkjones@xxxxxxxxx>:Hi all. I hit a snag yesterday when I rebooted my directory server box (running RHEL 4). The problem is that I'm using SSL/TLS, and that means that every time I restart the directory server I have to provide the password for the certificate database. Now, I *know* that this would never stand in a large production environment, so I can only imagine that I missed some essential piece of documentation on how I can use SSL/TLS, but not be forced to provide a password every time the server starts. Could someone provide a link to the doc that addresses this, or does someone have some clue they could provide for my feeble brain? Thanks. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Kevin M. Myer Senior Systems Administrator Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
