[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)

I wrote:
> - Protecting data on the machine itself, if it gets stolen or carelessly
>   sold.  I don't know much about how that works though, in particular
>   if one wants slapd to come up at reboot.  Store the key physically
>   in a different place, on a remote filesystem?

Sorry, I should have read the thread you referred to first.  But still,
I don't understand why it needs to be such a problem.  It would need
proper care, yes.  The remote filesystem would have access controls for
the machine's IP address and network, I presume.  Or if not a
filesystem, the server could fetch the keys with ldaps: or https: from a
server with similar access controls:-)