[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: Error when try modify olcTLS*

To: <igorvolt@gmail.com>,<openldap-technical@openldap.org>, <quanah@symas.com>
Subject: Antw: Re: Error when try modify olcTLS*
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 22 Jul 2019 08:01:15 +0200
Content-disposition: inline
In-reply-to: <0DBBAC4F8151F9DFD2CCA8D6@[192.168.1.39]>
References: <CAAg2ztWXNS0=G1zT=BO2KPTMzC0gc0Q+7ecRH_8N8gawvbrTVg@mail.gmail.com> <ECDFD8D8BD5A32677D782E4D@192.168.1.39> <CAAg2ztUUYCbw=7UD5eoLsPzyOC9FQLJN+gEjycdRqiLOnxtPEQ@mail.gmail.com> <758427B3CD8C6FF7EDCBA715@[192.168.1.39]> <811d67d9-9bef-433a-4844-fda99326aae9@symas.com> <CAAg2ztXPwc+Rydjt0Rw4+Pa6vUGt6ycDHfjw3v3tqQ_xb+W3pw@mail.gmail.com> <CAAg2ztV-oEBVia+P+N+JQB_pD+XzOJ8t_41sQTBbKhywWF+msQ@mail.gmail.com> <cdabbdfd-e2de-260e-f0e0-bf997fc3fcdf@symas.com> <CAAg2ztWMayH_6_x1DEti_B9TLcm9CXG+5gwWjFZwuR9-DC4E4w@mail.gmail.com> <138E3C1067F82ACFA51F5275@[192.168.1.39]> <0DBBAC4F8151F9DFD2CCA8D6@[192.168.1.39]>

>>> Quanah Gibson-Mount <quanah@symas.com> schrieb am 18.07.2019 um 22:35 in
Nachricht <0DBBAC4F8151F9DFD2CCA8D6@[192.168.1.39]>:
> --On Thursday, July 18, 2019 1:08 PM -0700 Quanah Gibson-Mount 
> <quanah@symas.com> wrote:
> 
>>>  build@c7rpm:/home/build/git/rheldap/RHEL7_x86_64/BUILD...lapd
>>> Jul 18 11:55:29 localhost.localdomain slapd[2133]: main: TLS init def ctx
>>> failed: -1
>>> Jul 18 11:55:29 localhost.localdomain slapd[2133]: Enter PEM pass phrase:
>>
>> This clearly indicates your key file is password protected, which is not
>> supported.
> 
> To be clear, it's not supported to use a password protected key file and 
> then try and start slapd via an automated init system such as systemd.  To 
> use a password protected key file requires that you start slapd manually so 
> you can provide the password as part of the startup process so slapd can 
> access it.

Well, it wopuldn't really add security, but maybe slapd should have a mechanism to read the private key's password from some file or pipe in the future.

> 
> Regards,
> Quanah
> 
> 
> 
> 
> --
> 
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>

References:
- Re: Error when try modify olcTLS*
  - From: Igor Sousa <igorvolt@gmail.com>
- Re: Error when try modify olcTLS*
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Error when try modify olcTLS*
  - From: Howard Chu <hyc@symas.com>
- Re: Error when try modify olcTLS*
  - From: Igor Sousa <igorvolt@gmail.com>
- Re: Error when try modify olcTLS*
  - From: Igor Sousa <igorvolt@gmail.com>
- Re: Error when try modify olcTLS*
  - From: Howard Chu <hyc@symas.com>
- Re: Error when try modify olcTLS*
  - From: Igor Sousa <igorvolt@gmail.com>
- Re: Error when try modify olcTLS*
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Error when try modify olcTLS*
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Antw: Re: Error when try modify olcTLS*
Next by Date: Antw: Re: where is debuglevel documented ?
Index(es):
- Chronological
- Thread