Configuring The Password.conf; Protecting The Password.conf File - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 12. Editing Configuration in the CS.cfg File
• The bind password used by the Certificate System instance to access and remove PINs from
the authentication directory, if the Certificate System is configured to remove PINs from the
authentication directory.
• The bind password used by the subsystem to access and update the LDAP directory; this is
required only if the Certificate System instance is configured for publishing certificates and CRLs to
an LDAP-compliant directory.
• For a TPS instance, the bind password used to access and update the token database.
The password.conf file also contains the token passwords needed to open the private keys of the
subsystem.
12.3.1. Configuring the password.conf
The name and location password file to use for the subsystem is configured in the CS.cfg file:
passwordFile=/var/lib/subsystem_name/conf/password.conf
By default, the passwords to access the instance's internal password store (internal, also called
its NSS certificate database), its internal LDAP directory (internaldb), and its replication database.
The internal password store and replication database have randomly-generated PINs which were
set when the subsystem was configured; the internal LDAP database password was defined by the
administrator when the instance was configured.
internal=376577078151
internaldb=secret12
replicationdb=1535106826
12.3.2. Protecting the password.conf File
Certificate System centralizes all passwords in a clear-text file, password.conf, in the conf
directory. The default configuration creates and stores all required passwords in this file, which
keeps password management simple and clean and allows the file to be edited in a text editor and
passwords to be manually added, deleted, or modified.
However, storing passwords in clear text can be dangerous. Setting proper file permissions protects
this file. Alternatively, the password.conf file can be by-passed by doing the following:
1. Back up the password.conf file.
2. Remove the password.conf file.
rm password.conf
3. Create a pipe corresponding to password.conf.
mkfifo password.conf
4. With the password.conf pipe, start the subsystem instance.
a. Run the standard start script. For example:
286
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers