Red Hat Directory Server 8.0 Administrator's Guide
CAUTION
This password is stored in clear text within the password file, so its usage
represents a significant security risk. Do not use a password file if the server is
running in an unsecured environment.
The password file must be in the same directory where the other key and certificate databases
for Directory Server are stored. This is usually the main configuration directory,
/etc/dirsrv/slapd-instance_name. The file should be named pin.txt.
Include the token name and password in the file, such as Token:mypassword. For example:
Internal (Software) Token:mypassword
For the NSS software crypto module, the token is always called “Internal (Software)
Token”.
The PIN file should be owned by the Directory Server user and set to read-only by the Directory
Server user, with no access to anyone other user (mode 0400).
4.4. Creating a Password File for the Administration Server
Like the Directory Server, the Administration Server can use a password file during login when
TLS/SSL is enabled.
CAUTION
This password is stored in clear text within the password file, so its usage
represents a significant security risk. Do not use a password file if the server is
running in an unsecured environment.
1. Open the Administration Server configuration directory, /etc/dirsrv/admin-serv.
2. Create a password file named password.conf. The file should include a line with the token
name and password, in the form Token:mypassword. For example:
Internal (Software) Token:mypassword
The password file should be owned by the Administration Server user and set to read-only by
the Administration Server user, with no access to any other user (mode 0400).
Creating a Password File for the
411