Hi all,
Does anybody know where the file should live containing the SSL key pin to enable an unattended restart of a server, and what that file should be called?
There is a lot of conflicting info on this as found by Google, noen of which works :(
Regards, Graham --
Graham Leggett wrote:
Hi all,
Does anybody know where the file should live containing the SSL key pin to enable an unattended restart of a server, and what that file should be called?
There is a lot of conflicting info on this as found by Google, noen of which works :(
[root@vectra-3 alias]# pwd /opt/fedora-ds/alias
[root@vectra-3 alias]# cat slapd-netauth-pin.txt Internal (Software) Token:secret
Substitute "netauth" for your instance name. Substitute "secret" for your security database's password.
This is covered in the administration guide:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824
BR, -- mike
Mike Jackson wrote:
[root@vectra-3 alias]# pwd /opt/fedora-ds/alias
[root@vectra-3 alias]# cat slapd-netauth-pin.txt Internal (Software) Token:secret
Substitute "netauth" for your instance name. Substitute "secret" for your security database's password.
Thanks for the info - it seemed to work for the LDAP server but not for the admin server for some reason.
Is it possible to update the wiki entry at http://directory.fedora.redhat.com/wiki/Howto:SSL#Starting_the_Server_with_S... with this info? It contains the line "If you do not have PIN file, it will prompt you for the password you used to create the server cert.", but doesn't explain what a PIN file is as you've explained above.
Regards, Graham --
Graham Leggett wrote:
Mike Jackson wrote:
[root@vectra-3 alias]# pwd /opt/fedora-ds/alias
[root@vectra-3 alias]# cat slapd-netauth-pin.txt Internal (Software) Token:secret
Substitute "netauth" for your instance name. Substitute "secret" for your security database's password.
Thanks for the info - it seemed to work for the LDAP server but not for the admin server for some reason.
Is it possible to update the wiki entry at http://directory.fedora.redhat.com/wiki/Howto:SSL#Starting_the_Server_with_S... with this info? It contains the line "If you do not have PIN file, it will prompt you for the password you used to create the server cert.", but doesn't explain what a PIN file is as you've explained above.
Edit /opt/fedora-ds/admin-serv/config/nss.conf. Look for the line:
NSSPassPhraseDialog builtin
Change it to the form:
NSSPassPhraseDialog file:/path/to/password/file
e.g.
NSSPassPhraseDialog file:/opt/fedora-ds/admin-serv/config/admin.txt
The format is slightly different from the DS, it is:
internal:secret
Substitute "secret" for the admin server security database password.
rob
Rob Crittenden wrote:
Graham Leggett wrote:
Mike Jackson wrote:
[root@vectra-3 alias]# pwd /opt/fedora-ds/alias
[root@vectra-3 alias]# cat slapd-netauth-pin.txt Internal (Software) Token:secret
Substitute "netauth" for your instance name. Substitute "secret" for your security database's password.
Thanks for the info - it seemed to work for the LDAP server but not for the admin server for some reason.
Is it possible to update the wiki entry at http://directory.fedora.redhat.com/wiki/Howto:SSL#Starting_the_Server_with_S... with this info? It contains the line "If you do not have PIN file, it will prompt you for the password you used to create the server cert.", but doesn't explain what a PIN file is as you've explained above.
Edit /opt/fedora-ds/admin-serv/config/nss.conf. Look for the line:
NSSPassPhraseDialog builtin
Change it to the form:
NSSPassPhraseDialog file:/path/to/password/file
e.g.
NSSPassPhraseDialog file:/opt/fedora-ds/admin-serv/config/admin.txt
The format is slightly different from the DS, it is:
internal:secret
Substitute "secret" for the admin server security database password.
The SSL Howto now has a shell script which automates much of the SSL setup process including the Admin Server pin file. See http://directory.fedora.redhat.com/wiki/Howto:SSL#Script for more information.
rob
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org
-
Graham Leggett -
Mike Jackson -
Rich Megginson -
Rob Crittenden