Re: db encryption/checksum (was: commit: ldap/doc/man/man5 slapd-bdb.5)

I wrote:

• Protecting data on the machine itself, if it gets stolen or carelessly sold. I don't know much about how that works though, in particular if one wants slapd to come up at reboot. Store the key physically in a different place, on a remote filesystem?

Sorry, I should have read the thread you referred to first. But still, I don't understand why it needs to be such a problem. It would need proper care, yes. The remote filesystem would have access controls for the machine's IP address and network, I presume. Or if not a filesystem, the server could fetch the keys with ldaps: or https: from a server with similar access controls:-)