07-31-2003
Iplanet(SUNONE): automate instance startup
On a Sun Solaris 5.8 machine, We are attempting to automate the startup of our Iplanet servers and are struggling with the fact that we would have to hard-code the passwords somewhere. Here is what the administrator's guide says:
Quote:
By default, the web server prompts the administrator for the key database password before starting up. If you want to be able to restart an unattended web server, you need to save the password in a password.conf file. Only do this if your system is adequately protected so that this file and the key databases are not compromised.
Normally, you cannot start an Unix SSL-enabled server with the /etc/rc.local or the etc/inittab files because the server requires a password before starting. Although you can start an SSL-enabled server automatically if you keep the password in plain text in a file, this is not recommended. The server's password.conf file should be owned by root or the user who installed the server, with only the owner having read and write access to them.
On Unix, leaving the SSL-enabled server's password in the password.conf file is a large security risk. Anyone who can access the file has access to the SSL-enabled server's password. Consider the security risks before keeping the SSL-enabled server's password in the password.conf file.
Is there any way to truly encrypt the password?
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have iplanet6.0 sp1 installed on a Sunfire 280r which is running Solaris 8. On boot up I get the following message 'Failed to create psetHandle for cn=' the error code is 2.
Iplanet appears to function as normal but can anyone enlighten me as to what this means.
many thanks (2 Replies)
Discussion started by: silvaman
2 Replies
2. Shell Programming and Scripting
Alright, I think I know what I am doing with sed(which probably means I don't). But I cant figure out how to replace just the first occurance of a string. I have tried sed, ed, and grep but can't seem to figure it out. If you have any suggestions I am open to anything! (3 Replies)
Discussion started by: IronHorse7
3 Replies
3. Solaris
Just wondering anyone has experience in SunOne Directory (replication, migrationg etc..) here? (4 Replies)
Discussion started by: xiaochensg
4 Replies
4. UNIX and Linux Applications
Hi there just wondering if anyone can help me on SunOne Directory? I have some problem with ldapcmp comparing 2 subtrees wrt replication issue (0 Replies)
Discussion started by: xiaochensg
0 Replies
5. Solaris
I am need of some help in installing sunone Directory server in windows.I have done the following but i am unable to proceed further..I downloaded the sunone identity management suite and ran the setup.bat file to install it.. The installation proceeded with all the default selections made and the... (0 Replies)
Discussion started by: achilles14
0 Replies
6. Web Development
hi,
I am using sunone 7.0 webserver. The webserver instance is configured for https and i want to do client authentication for specific resources. I dont want to do any client authentication for the other resources.
I was able to do a complete client auth for my webserver but unable to do... (0 Replies)
Discussion started by: pcs.abhishek
0 Replies
7. UNIX for Advanced & Expert Users
Hey Guys,
Does anyone have experience with iplanet directory server? I am trying to do a ds_db2ldif (ldap dump) so I can import it into DSEE however it is failing, and giving NMC_Status: 7.. problem is iplanet is deprecated and has very little online support. Suggestions? Is there a better way to... (2 Replies)
Discussion started by: s ladd
2 Replies
8. Solaris
Hello all,
I'm configuring the webserver and I need to add some parameters to be logged, so I don't know if I'm doing it right, please advice. Here's my obj.conf:
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# You can edit this... (0 Replies)
Discussion started by: TorvusBog
0 Replies
9. Shell Programming and Scripting
I copied the script from an AskUbuntu post -
#!/bin/bash
### BEGIN INIT INFO
# Provides: tomcat7
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/Stop Tomcat server
### END INIT INFO
... (14 Replies)
Discussion started by: Hijanoqu
14 Replies
LEARN ABOUT SUSE
nwfstime
NWFSTIME(1) nwfstime NWFSTIME(1)
NAME
nwfstime - Display / Set a NetWare server's date and time
SYNOPSIS
nwfstime [ -h ] [ -S server ] [ -U user name ] [ -P password | -n ] [ -C ] [ -s ]
DESCRIPTION
nwfstime displays a NetWare server's date and time. You can also set a NetWare server's date and time from the local time.
OPTIONS
-h
With -h nwfstime prints a little help text.
-S server
is the name of the server you want to use.
-U user
user is the user name to use for login. To set the server's time, you need supervisor privileges.
-P password
password is the password to use for login. If neither -n nor -P are given, and the user has no open connection to the server, nwfstime
prompts for a password.
-n
-n should be given if no password is required for the login. As you need supervisor privileges for setting the date and time, this
option is probably not used very often.
-C
By default, passwords are converted to uppercase before they are sent to the server, because most servers require this. You can turn off
this conversion by -C.
-s
With -s, nwfstime sets the file server's date and time according to the local date and time.
nwfstime 12/10/1996 NWFSTIME(1)