Kevin M. Myer wrote:
Quoting Richard Megginson <rmeggins@xxxxxxxxxx>:Craig White wrote:On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote:Darn it. That's right. With SSL enabled, you must start the server from the console, in order to provide the pin for the key/cert db.If you want to do unattended server restarts, you have to purchase a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt file in the proper format with the cleartext password in it.---- OK - important detail slapd-srv1-pin.txt does that go in /opt/fedora-ds/alias ? /opt/fedora-ds/slapd-srv1 ?It should go in the alias directory and have the following format: Internal (Software) Token:passwordIs there an equivalent setup for the admin server, either using a security module, or other means?
Yes. In admin-serv/config/console.conf, change NSSPassPhraseDialog builtin to NSSPassPhraseDialog file:/opt/fedora-ds/alias/admin-serv-pin.txtThen put the password in cleartext in the file /opt/fedora-ds/alias/admin-serv-pin.txt
You can name the file whatever you like.
Kevin
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
