[Date Prev][Date Next]
Re: TLS/SSL possible startup bug in slapd
On Tue, Jan 23, 2001 at 11:07:20AM -0800, Kurt D. Zeilenga wrote:
> At 10:59 AM 1/23/01 -0700, Monty Charlton wrote:
> >When TLSCertificateKeyFile is defined in slapd.conf, and that file points to an encrypted key, I am prompted for a PEM password regardless of whether I am trying to start slapd with TLS/SSL support enabled (slapd -h "ldap:///" or just plain slapd). Is this intended?
> Yes. The key is needed for Start TLS.
I don't believe I made myself clear enough :-) . Starting _with_ TLS support is not necessarily the problem. The problem is that, if TLSCertificateKeyFile points to an encrypted key, I am _always_ prompted for a PEM password. This is, of course, fine when starting with TLS. But if I want to start _without_ TLS support, there seems to be no reason to have to enter that password.
> >After entering the password, it starts, just as it should, _without_ TLS/SSL support.
> But with Start TLS support.
I guess the question here is, should users be allowed to toggle between TLS and non-TLS easily:
# slapd -h "ldap:/// ldaps:///"
Enter PEM pass phrase:
# killall slapd
# slapd -h "ldap:///"
<-- There should not be a pw prompt here but there always is.
Caldera Systems, Inc.