[Fedora-directory-users] Encryption works, but odd entries in the error log on startup.
Rich Megginson
rmeggins at redhat.com
Thu Sep 11 16:09:29 UTC 2008
Ryan Braun [ADS] wrote:
> On Thursday 11 September 2008 15:44, Rich Megginson wrote:
>
>>> So I'm wondering if I need to somehow reinit some of the encryption keys?
>>> Or maybe I missed a step for replacing a Server-Cert? But from the docs
>>> it looks like a straight forward turn off fds, remove old cert,
>>> create/import new cert (with same name), restart fds.
>>>
>> Unfortunately, those keys were encrypted with the old key/cert. But as
>> long as you don't want to use reversible attribute encryption, you can
>> ignore those messages.
>>
>
> For the sake of argument and potential future issues ( I don't know enough
> about how the whole encryption system works unfortunately ), lets say I did
> want to use reversible attribute encryption :)
>
I think reversible attribute encryption creates some config entries
under the parent database entry in dse.ldif (cn=config) - I think you
just have to remove those entries. Of course, if you do this, and you
have used reversible attribute encryption, your encrypted attribute
values will be lost forever.
> Ryan
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080911/48c1333b/attachment.bin>
More information about the Fedora-directory-users
mailing list