> However, be mindful that the if you use attribute encryption, this
> value is stored in the key3.db, and replacement of this file WILL
> destroy your access to your own database! IE if you plan to use this
> strategy, you MUST NOT use attribute encryption at the same time.
>
I'll take that into account.
> A better process could be to have a systemd drop in file that on
> "start" takes .PEM files and turns them into the nss db, OR loads
> them into the existing NSS db. This would be useful upstream too, so
> maybe that's a better strategy, and of course, tools for PEM
> management are much better from a sys admin view. Would this be a
> cleaner approach do you think?
>
do you have any docs about this process?
I'm not really sure if I understand you when you say "This would be useful upstream too", can you elaborate?
abosch
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment