[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password protection of TLS key



Is it still a requirement that TLS keys must have their password nullified
before using them in an openldap context?

Some experimentation with slapd startup has revealed that for some
combinations of OS and OpenLDAP version, I will be given a prompt for the
TLS password and can also input it and the slapd daemon starts correctly.
On other systems, I was prompted for the password but before I even could
enter it, the  slapd startup crashed. The tests were all performed doing a
manual startup via "/etc/init.d/ldap start".
Automatic startup means that the password, instead of being entered by a
person, has to reside on file and thereby be accessible to potential
intruders.

Is there any way to prevent unprotected keys or passwords to keys in this
context?

Akke Bengtsson