HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

481

482

483

484

485

486

487

488

489

490

12.4.3 Creating a password file for the Directory Server

It is possible to store the certificate password in a password file. By placing the certificate database

password in a file, the server can be started from the Directory Server Console and also restarted

automatically when running unattended.

CAUTION:

This password is stored in clear text within the password file, so its usage represents a significant

security risk. Do not use a password file if the server is running in an unsecured environment.

The password file must be in the same directory where the other key and certificate databases for

Directory Server are stored. This is usually the main configuration directory,

/etc/opt/dirsrv/slapd-instance_name. The file should be named pin.txt.

Include the token name and password in the file. For example: Token:mypassword. For example:

Internal (Software) Token:secret

For the NSS software crypto module (the default software database), the token is always called

internal.

The PIN file should be owned by the Directory Server user and set to read-only by the Directory

Server user, with no access to anyone other user (mode 0400).

12.4.4 Creating a password file for the Administration Server

Like the Directory Server, the Administration Server can use a password file during login when

TLS/SSL is enabled.

CAUTION:

This password is stored in clear text within the password file, so its usage represents a significant

security risk. Do not use a password file if the server is running in an unsecured environment.

1. Open the Administration Server configuration directory, /etc/opt/dirsrv/admin-serv.

2. Create a password file named password.conf. The file should include a line with the token

name and password, in the form token:password. For example:

internal:secret

For the NSS software crypto module (the default software database), the token is always called

internal.

The password file should be owned by the Administration Server user and set to read-only by

the Administration Server user, with no access to any other user (mode 0400).

NOTE:

To find out what the Administration Server user ID is, run grep in the Administration Server

configuration directory:

cd /etc/opt/dirsrv/admin-serv

grep \^User console.conf

3. In the /etc/opt/dirsrv/admin-serv directory, edit the nss.conf file to point to the

location of the new password file.

# Pass Phrase Dialog:

# Configure the pass phrase gathering process.

# The filtering dialog program ('builtin' is a internal

# terminal dialog) has to provide the pass phrase on stdout.

NSSPassPhraseDialog file:/etc/opt/dirsrv/admin-serv/password.conf

4. Restart the Administration Server.

484 Managing SSL