Craig White wrote:
On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote:Craig White wrote:Darn it. That's right. With SSL enabled, you must start the server from the console, in order to provide the pin for the key/cert db.You will get this error if you try to use startTLS but the server is not configured for security, which brings us back to your earlier problem . . .What are the first few lines of slapd-srv1/logs/errors?---- you are right on the money but I don't know why. nsslapd-security: on # in /opt/fedora-ds/slapd-srv1/config/dse.ldif then 'service fds restart' will absolutely hang and never start up. if it equals 'off' then obviously slapd will start up. recent efforts which include the 'hang' effect show nothing in /opt/fedora-ds/slapd-srv1/logs/error but the one time that I restarted the server from the console, it did show this... [08/Dec/2005:15:22:57 -0700] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8177 - The security password entered is incorrect.) [08/Dec/2005:15:22:57 -0700] - ERROR: SSL Initialization Failed.If you want to do unattended server restarts, you have to purchase a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in the proper format with the cleartext password in it.---- OK - important detail slapd-srv1-pin.txt does that go in /opt/fedora-ds/alias ? /opt/fedora-ds/slapd-srv1 ?
It should go in the alias directory and have the following format: Internal (Software) Token:password
Thanks Craig -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
