[Fedora-directory-users] still working instructions through...
Richard Megginson
rmeggins at redhat.com
Fri Dec 9 03:56:51 UTC 2005
Kevin M. Myer wrote:
> Quoting Richard Megginson <rmeggins at redhat.com>:
>
>> Craig White wrote:
>>
>>> On Thu, 2005-12-08 at 19:11 -0700, Richard Megginson wrote:
>>>
>>>> Darn it. That's right. With SSL enabled, you must start the
>>>> server from the console, in order to provide the pin for the
>>>> key/cert db.
>>>>
>>>> If you want to do unattended server restarts, you have to purchase
>>>> a PKCS11 Hardware Security Module or create a slapd-svr1-pin.txt
>>>> file in the proper format with the cleartext password in it.
>>>>
>>> ----
>>> OK - important detail
>>>
>>> slapd-srv1-pin.txt
>>>
>>> does that go in
>>>
>>> /opt/fedora-ds/alias ?
>>> /opt/fedora-ds/slapd-srv1 ?
>>>
>> It should go in the alias directory and have the following format:
>> Internal (Software) Token:password
>>
>
> Is there an equivalent setup for the admin server, either using a
> security module, or other means?
Yes. In admin-serv/config/console.conf, change
NSSPassPhraseDialog builtin
to
NSSPassPhraseDialog file:/opt/fedora-ds/alias/admin-serv-pin.txt
Then put the password in cleartext in the file
/opt/fedora-ds/alias/admin-serv-pin.txt
You can name the file whatever you like.
>
> Kevin
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051208/532b9fa6/attachment.bin>
More information about the Fedora-directory-users
mailing list