Fedora Directory Server protects its internal, software-based, cryptographic repository with a PIN (passphrase).
When an instance of a Fedora Directory Server is configured for SSL/TLS support, by default, the start-up script interactively prompts for that PIN in order to unlock the private key. This can be a problem for automated system start-ups.
However, there is a way to configure Fedora Directory Server in such a way that the PIN is stored into a root-only readable configuration file. Thus, during start-up, the directory server instance can retrieve the PIN from that configuration file wihout asking it.
The PIN is stored into a file called:
and should contain a single line with the following format:
Internal (Software) Token:[pin or passphrase]
For example, if the Fedora Directory Server instance is named
"server1" and the PIN or passphrase needed to unlock the SSL/TLS private key is
# echo "Internal (Software) Token:secret" > /opt/fedora-ds/alias/slapd-server1-pin.txt