On Fri, Mar 26, 2010 at 3:18 PM, Howard Chu hyc@symas.com wrote:
Chris Jacobs wrote:
There's one sure fire way to find out...
Start it up with a syncrepl, then move the private key, and see if it syncs fine both ways.
Wait a day or so, and make a change and see if that synced.
If I had to put a dollar on it, if guess that it doesn't need the key after
true, but i thought a quick email to the list would have given me a quick yeah or nay..
startup. I could be horribly wrong though - I'm not a dev, just a user of the software.
It probably depends on which crypto library you built with. I'm pretty sure OpenSSL and GnuTLS cache the PEM credentials in memory. Not sure what MozNSS does. And of course, if you're paranoid, you can build these libraries to use smart tokens and leave the credentials there instead.
built with gnutls (debian build)
Thanks
:)
- chris
[snip]
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/