HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

481

482

483

484

485

486

487

488

489

490

To restart the Directory Server without the password prompt, create a PIN file or use a

hardware crypto device. For information on how to create a PIN file, see “Creating a password

file for the Directory Server”.

For more information about the commands to start, stop, and restart the Directory Server,

see “Starting and stopping servers”.

NOTE:

When next logging into the Directory Server Console, be certain that the address reads https;

otherwise, the operation will time out, unable to find the server because it is running on a secure

connection. After successfully connecting, a dialog box appears to accept the certificate. Click

OK to accept the certificate (either only for that current session or permanently).

12.4.3 Creating a password file for the Directory Server

It is possible to store the certificate password in a password file. By placing the certificate database

password in a file, the server can be started from the Directory Server Console and also restarted

automatically when running unattended.

CAUTION:

This password is stored in clear text within the password file, so its usage represents a significant

security risk. Do not use a password file if the server is running in an unsecured environment.

The password file must be in the same directory where the other key and certificate databases

for Directory Server are stored. This is usually the main configuration directory,

/etc/opt/dirsrv/slapd-instance_name. The file should be named pin.txt.

Include the token name and password in the file. For example: Token:mypassword. For example:

Internal (Software) Token:secret

For the NSS software crypto module (the default software database), the token is always called

internal.

The PIN file should be owned by the Directory Server user and set to read-only by the Directory

Server user, with no access to anyone other user (mode 0400).

12.4.4 Creating a password file for the Administration Server

Like the Directory Server, the Administration Server can use a password file during login when

TLS/SSL is enabled.

CAUTION:

This password is stored in clear text within the password file, so its usage represents a significant

security risk. Do not use a password file if the server is running in an unsecured environment.

1. Open the Administration Server configuration directory, /etc/opt/dirsrv/admin-serv.

2. Create a password file named password.conf. The file should include a line with the

token name and password, in the form token:password. For example:

internal:secret

For the NSS software crypto module (the default software database), the token is always

called internal.

The password file should be owned by the Administration Server user and set to read-only

by the Administration Server user, with no access to any other user (mode 0400).

486 Managing SSL