[Date Prev][Date Next]
Re: Password protection of TLS key
> No really good ideas come to mind. I have a patch for libldap to
> set a callback to supply the key password, it won't make it into
> 2.4.13 but
> probably will be in 2.4.14. I will probably add two options to slapd,
Did this make it into 2.4.14? I've checked the CHANGES and can't see anything
mentioned re libldap?
> analogous to the back-bdb options to set the DB encryption key. (One
> option to
> set the key directly as an argument of the config option, one option
> to read
> the key from an arbitrary file.) Obviously for automated startup the
> of the key must be accessible to the slapd somewhere, and that means
> it is
> also accessible to potential intruders. This is just a fact of life.
> You can
> make key retrieval more tedious by hiding it behind other layers of
> encryption, but ultimately the keys to each of those layers must also
> accessible, otherwise slapd itself cannot use them.
> There are "clever" schemes to hide startup keys, but they tend to make
> restarts difficult. E.g., store keys on a mountpoint that you remount
> other filesystem onto after the boot sequence has completed and all
> daemons have started. Keep a file handle open on the new filesystem,
> prevent it from being dismounted without rebooting the system. It'll
> fool a
> lot of intruders, but you won't be able to restart individual daemons
> rebooting the machine.
> > Akke Bengtsson
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
OpenLDAP Engineering Team.
Community developed LDAP software.