[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password protection of TLS key

> No really good ideas come to mind. I have a patch for libldap to
> explicitly 
> set a callback to supply the key password, it won't make it into
> 2.4.13 but 
> probably will be in 2.4.14. I will probably add two options to slapd,


Did this make it into 2.4.14? I've checked the CHANGES and can't see anything
mentioned re libldap?


> analogous to the back-bdb options to set the DB encryption key. (One
> option to 
> set the key directly as an argument of the config option, one option
> to read 
> the key from an arbitrary file.) Obviously for automated startup the
> plaintext 
> of the key must be accessible to the slapd somewhere, and that means
> it is 
> also accessible to potential intruders. This is just a fact of life.
> You can 
> make key retrieval more tedious by hiding it behind other layers of 
> encryption, but ultimately the keys to each of those layers must also
> be 
> accessible, otherwise slapd itself cannot use them.
> There are "clever" schemes to hide startup keys, but they tend to make
> restarts difficult. E.g., store keys on a mountpoint that you remount
> some 
> other filesystem onto after the boot sequence has completed and all
> dependent 
> daemons have started. Keep a file handle open on the new filesystem,
> to 
> prevent it from being dismounted without rebooting the system. It'll
> fool a 
> lot of intruders, but you won't be able to restart individual daemons
> without 
> rebooting the machine.
> > Akke Bengtsson
> -- 
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/

Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.