I wrote:
- Protecting data on the machine itself, if it gets stolen or
carelessly
sold. I don't know much about how that works though, in particular
if one wants slapd to come up at reboot. Store the key physically
in a different place, on a remote filesystem?
Sorry, I should have read the thread you referred to first. But still,
I don't understand why it needs to be such a problem. It would need
proper care, yes. The remote filesystem would have access controls for
the machine's IP address and network, I presume. Or if not a
filesystem, the server could fetch the keys with ldaps: or https: from a
server with similar access controls:-)
--
Regards,
Hallvard