Fedora directory users - Mar 2006 - PIN file for unattended SSL restarts

Hi all,

Does anybody know where the file should live containing the SSL key pin 
to enable an unattended restart of a server, and what that file should 
be called?

There is a lot of conflicting info on this as found by Google, noen of 
which works :(

Regards,
Graham
--

Graham Leggett wrote:
> Hi all,
> 
> Does anybody know where the file should live containing the SSL key pin 
> to enable an unattended restart of a server, and what that file should 
> be called?
> 
> There is a lot of conflicting info on this as found by Google, noen of 
> which works :(
[root@vectra-3 alias]# pwd
/opt/fedora-ds/alias

[root@vectra-3 alias]# cat slapd-netauth-pin.txt
Internal (Software) Token:secret

Substitute "netauth" for your instance name. Substitute
"secret" for
your security database''s password.


This is covered in the administration guide:

http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824


BR,
--
mike

Mike Jackson wrote:
> [root@vectra-3 alias]# pwd
> /opt/fedora-ds/alias
> 
> [root@vectra-3 alias]# cat slapd-netauth-pin.txt
> Internal (Software) Token:secret
> 
> Substitute "netauth" for your instance name. Substitute
"secret" for
> your security database''s password.
Thanks for the info - it seemed to work for the LDAP server but not for 
the admin server for some reason.

Is it possible to update the wiki entry at 
http://directory.fedora.redhat.com/wiki/Howto:SSL#Starting_the_Server_with_SSL_enabled
with this info? It contains the line "If you do not have PIN file, it 
will prompt you for the password you used to create the server cert.", 
but doesn''t explain what a PIN file is as you''ve explained
above.

Regards,
Graham
--

Graham Leggett wrote:
> Mike Jackson wrote:
> 
>> [root@vectra-3 alias]# pwd
>> /opt/fedora-ds/alias
>>
>> [root@vectra-3 alias]# cat slapd-netauth-pin.txt
>> Internal (Software) Token:secret
>>
>> Substitute "netauth" for your instance name. Substitute
"secret" for
>> your security database''s password.
> 
> 
> Thanks for the info - it seemed to work for the LDAP server but not for 
> the admin server for some reason.
> 
> Is it possible to update the wiki entry at 
>
http://directory.fedora.redhat.com/wiki/Howto:SSL#Starting_the_Server_with_SSL_enabled
> with this info? It contains the line "If you do not have PIN file, it 
> will prompt you for the password you used to create the server cert.",
> but doesn''t explain what a PIN file is as you''ve
explained above.
Edit /opt/fedora-ds/admin-serv/config/nss.conf. Look for the line:

NSSPassPhraseDialog  builtin

Change it to the form:

NSSPassPhraseDialog file:/path/to/password/file

e.g.

NSSPassPhraseDialog file:/opt/fedora-ds/admin-serv/config/admin.txt

The format is slightly different from the DS, it is:

internal:secret

Substitute "secret" for the admin server security database password.

rob

Rob Crittenden wrote:
> Graham Leggett wrote:
>
>> Mike Jackson wrote:
>>
>>> [root@vectra-3 alias]# pwd
>>> /opt/fedora-ds/alias
>>>
>>> [root@vectra-3 alias]# cat slapd-netauth-pin.txt
>>> Internal (Software) Token:secret
>>>
>>> Substitute "netauth" for your instance name. Substitute
"secret" for
>>> your security database''s password.
>>
>>
>>
>> Thanks for the info - it seemed to work for the LDAP server but not 
>> for the admin server for some reason.
>>
>> Is it possible to update the wiki entry at 
>>
http://directory.fedora.redhat.com/wiki/Howto:SSL#Starting_the_Server_with_SSL_enabled
>> with this info? It contains the line "If you do not have PIN file,
it
>> will prompt you for the password you used to create the server 
>> cert.", but doesn''t explain what a PIN file is as
you''ve explained
>> above.
>
>
> Edit /opt/fedora-ds/admin-serv/config/nss.conf. Look for the line:
>
> NSSPassPhraseDialog  builtin
>
> Change it to the form:
>
> NSSPassPhraseDialog file:/path/to/password/file
>
> e.g.
>
> NSSPassPhraseDialog file:/opt/fedora-ds/admin-serv/config/admin.txt
>
> The format is slightly different from the DS, it is:
>
> internal:secret
>
> Substitute "secret" for the admin server security database
password.
The SSL Howto now has a shell script which automates much of the SSL 
setup process including the Admin Server pin file.  See 
http://directory.fedora.redhat.com/wiki/Howto:SSL#Script for more 
information.
>
> rob
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>