07-31-2003
Iplanet(SUNONE): automate instance startup
On a Sun Solaris 5.8 machine, We are attempting to automate the startup of our Iplanet servers and are struggling with the fact that we would have to hard-code the passwords somewhere. Here is what the administrator's guide says:
Quote:
By default, the web server prompts the administrator for the key database password before starting up. If you want to be able to restart an unattended web server, you need to save the password in a password.conf file. Only do this if your system is adequately protected so that this file and the key databases are not compromised.
Normally, you cannot start an Unix SSL-enabled server with the /etc/rc.local or the etc/inittab files because the server requires a password before starting. Although you can start an SSL-enabled server automatically if you keep the password in plain text in a file, this is not recommended. The server's password.conf file should be owned by root or the user who installed the server, with only the owner having read and write access to them.
On Unix, leaving the SSL-enabled server's password in the password.conf file is a large security risk. Anyone who can access the file has access to the SSL-enabled server's password. Consider the security risks before keeping the SSL-enabled server's password in the password.conf file.
Is there any way to truly encrypt the password?
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have iplanet6.0 sp1 installed on a Sunfire 280r which is running Solaris 8. On boot up I get the following message 'Failed to create psetHandle for cn=' the error code is 2.
Iplanet appears to function as normal but can anyone enlighten me as to what this means.
many thanks (2 Replies)
Discussion started by: silvaman
2 Replies
2. Shell Programming and Scripting
Alright, I think I know what I am doing with sed(which probably means I don't). But I cant figure out how to replace just the first occurance of a string. I have tried sed, ed, and grep but can't seem to figure it out. If you have any suggestions I am open to anything! (3 Replies)
Discussion started by: IronHorse7
3 Replies
3. Solaris
Just wondering anyone has experience in SunOne Directory (replication, migrationg etc..) here? (4 Replies)
Discussion started by: xiaochensg
4 Replies
4. UNIX and Linux Applications
Hi there just wondering if anyone can help me on SunOne Directory? I have some problem with ldapcmp comparing 2 subtrees wrt replication issue (0 Replies)
Discussion started by: xiaochensg
0 Replies
5. Solaris
I am need of some help in installing sunone Directory server in windows.I have done the following but i am unable to proceed further..I downloaded the sunone identity management suite and ran the setup.bat file to install it.. The installation proceeded with all the default selections made and the... (0 Replies)
Discussion started by: achilles14
0 Replies
6. Web Development
hi,
I am using sunone 7.0 webserver. The webserver instance is configured for https and i want to do client authentication for specific resources. I dont want to do any client authentication for the other resources.
I was able to do a complete client auth for my webserver but unable to do... (0 Replies)
Discussion started by: pcs.abhishek
0 Replies
7. UNIX for Advanced & Expert Users
Hey Guys,
Does anyone have experience with iplanet directory server? I am trying to do a ds_db2ldif (ldap dump) so I can import it into DSEE however it is failing, and giving NMC_Status: 7.. problem is iplanet is deprecated and has very little online support. Suggestions? Is there a better way to... (2 Replies)
Discussion started by: s ladd
2 Replies
8. Solaris
Hello all,
I'm configuring the webserver and I need to add some parameters to be logged, so I don't know if I'm doing it right, please advice. Here's my obj.conf:
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# You can edit this... (0 Replies)
Discussion started by: TorvusBog
0 Replies
9. Shell Programming and Scripting
I copied the script from an AskUbuntu post -
#!/bin/bash
### BEGIN INIT INFO
# Provides: tomcat7
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/Stop Tomcat server
### END INIT INFO
... (14 Replies)
Discussion started by: Hijanoqu
14 Replies
LEARN ABOUT CENTOS
bos_startup
BOS_STARTUP(8) AFS Command Reference BOS_STARTUP(8)
NAME
bos_startup - Starts a process without changing its status flag
SYNOPSIS
bos startup -server <machine name> [-instance <instances>+]
[-cell <cell name>] [-noauth] [-localauth] [-help]
bos startu -s <machine name> [-i <instances>+]
[-c <cell name>] [-n] [-l] [-h]
DESCRIPTION
The bos startup command starts, on the server machine named by the -server argument, either:
o All AFS server processes not currently running but marked with the "Run" status flag in the /etc/openafs/BosConfig file.
o Each process specified by -instance argument, even if its status flag in the BosConfig file is "NotRun".
To start a process and set its BosConfig status flag to "Run", use the bos start command instead.
OPTIONS
-server <machine name>
Indicates the server machine on which to start processes. Identify the machine by IP address or its host name (either fully-qualified
or abbreviated unambiguously). For details, see bos(8).
-instance <instances>+
Names each process to start. Use the process name assigned with the -instance argument to the bos create command. The output from the
bos status command lists the names.
-cell <cell name>
Names the cell in which to run the command. Do not combine this argument with the -localauth flag. For more details, see bos(8).
-noauth
Assigns the unprivileged identity "anonymous" to the issuer. Do not combine this flag with the -localauth flag. For more details, see
bos(8).
-localauth
Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. The bos command interpreter presents the ticket
to the BOS Server during mutual authentication. Do not combine this flag with the -cell or -noauth options. For more details, see
bos(8).
-help
Prints the online help for this command. All other valid options are ignored.
EXAMPLES
The following command starts all processes marked with status flag "Run" in the BosConfig file on the machine "fs3.abc.com" that are not
currently running.
% bos startup fs3.abc.com
The following command starts the buserver, kaserver, ptserver, and vlserver processes running on the machine "db2.abc.com", even if their
status flags in the BosConfig file are "NotRun".
% bos startup -server db2.abc.com
-instance buserver kaserver ptserver vlserver
PRIVILEGE REQUIRED
The issuer must be listed in the /etc/openafs/server/UserList file on the machine named by the -server argument, or must be logged onto a
server machine as the local superuser "root" if the -localauth flag is included.
SEE ALSO
BosConfig(5), KeyFile(5), UserList(5), bos(8), bos_create(8), bos_start(8), bos_status(8)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2012-03-26 BOS_STARTUP(8)