Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

Iplanet(SUNONE): automate instance startup

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Iplanet(SUNONE): automate instance startup
# 1  
Old 07-31-2003
Iplanet(SUNONE): automate instance startup
On a Sun Solaris 5.8 machine, We are attempting to automate the startup of our Iplanet servers and are struggling with the fact that we would have to hard-code the passwords somewhere. Here is what the administrator's guide says:
Quote:
By default, the web server prompts the administrator for the key database password before starting up. If you want to be able to restart an unattended web server, you need to save the password in a password.conf file. Only do this if your system is adequately protected so that this file and the key databases are not compromised.

Normally, you cannot start an Unix SSL-enabled server with the /etc/rc.local or the etc/inittab files because the server requires a password before starting. Although you can start an SSL-enabled server automatically if you keep the password in plain text in a file, this is not recommended. The server's password.conf file should be owned by root or the user who installed the server, with only the owner having read and write access to them.

On Unix, leaving the SSL-enabled server's password in the password.conf file is a large security risk. Anyone who can access the file has access to the SSL-enabled server's password. Consider the security risks before keeping the SSL-enabled server's password in the password.conf file.
Is there any way to truly encrypt the password?
# 2  
Old 08-01-2003
If you really need to make it startup without someone typing in the password put the password in a file and be sure to set the right premissions so no one can read it but the user thats used to run the server.

Yes this can be a security risk! But if its a dedicated machine with no users using shell accounts and the machine is secured net wise (firewalled etc) i would have no problems with putting it in a file.

It really up to you and what your companys security policys allow.

Just my thoughts.. Dont blame me when you get hacked Smilie

/peter
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Apache tomcat startup script not booting at startup.

I copied the script from an AskUbuntu post - #!/bin/bash ### BEGIN INIT INFO # Provides: tomcat7 # Required-Start: $network # Required-Stop: $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start/Stop Tomcat server ### END INIT INFO ... (14 Replies)
Discussion started by: Hijanoqu
14 Replies

2. Solaris

SunONE (webserver7) obj.conf

Hello all, I'm configuring the webserver and I need to add some parameters to be logged, so I don't know if I'm doing it right, please advice. Here's my obj.conf: # # Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # You can edit this... (0 Replies)
Discussion started by: TorvusBog
0 Replies

3. UNIX for Advanced & Expert Users

iplanet DS problem..

Hey Guys, Does anyone have experience with iplanet directory server? I am trying to do a ds_db2ldif (ldap dump) so I can import it into DSEE however it is failing, and giving NMC_Status: 7.. problem is iplanet is deprecated and has very little online support. Suggestions? Is there a better way to... (2 Replies)
Discussion started by: s ladd
2 Replies

4. Web Development

client authentication in sunone 7.0 webserver

hi, I am using sunone 7.0 webserver. The webserver instance is configured for https and i want to do client authentication for specific resources. I dont want to do any client authentication for the other resources. I was able to do a complete client auth for my webserver but unable to do... (0 Replies)
Discussion started by: pcs.abhishek
0 Replies

5. Solaris

Need help in installing sunone v6 in windows

I am need of some help in installing sunone Directory server in windows.I have done the following but i am unable to proceed further..I downloaded the sunone identity management suite and ran the setup.bat file to install it.. The installation proceeded with all the default selections made and the... (0 Replies)
Discussion started by: achilles14
0 Replies

6. UNIX and Linux Applications

SunOne Directory (LDAP)

Hi there just wondering if anyone can help me on SunOne Directory? I have some problem with ldapcmp comparing 2 subtrees wrt replication issue (0 Replies)
Discussion started by: xiaochensg
0 Replies

7. Solaris

SunOne Directory (LDAP)

Just wondering anyone has experience in SunOne Directory (replication, migrationg etc..) here? (4 Replies)
Discussion started by: xiaochensg
4 Replies

8. Shell Programming and Scripting

replace first instance(not first instance in line)

Alright, I think I know what I am doing with sed(which probably means I don't). But I cant figure out how to replace just the first occurance of a string. I have tried sed, ed, and grep but can't seem to figure it out. If you have any suggestions I am open to anything! (3 Replies)
Discussion started by: IronHorse7
3 Replies

9. UNIX for Advanced & Expert Users

Iplanet Error

I have iplanet6.0 sp1 installed on a Sunfire 280r which is running Solaris 8. On boot up I get the following message 'Failed to create psetHandle for cn=' the error code is 2. Iplanet appears to function as normal but can anyone enlighten me as to what this means. many thanks (2 Replies)
Discussion started by: silvaman
2 Replies
Login or Register to Ask a Question