On Fri, Mar 26, 2010 at 3:18 PM, Howard Chu <hyc(a)symas.com> wrote:
Chris Jacobs wrote:
> There's one sure fire way to find out...
> Start it up with a syncrepl, then move the private key, and see if it
> syncs fine both ways.
> Wait a day or so, and make a change and see if that synced.
> If I had to put a dollar on it, if guess that it doesn't need the key
true, but i thought a quick email to the list would have given me a
quick yeah or nay..
startup. I could be horribly wrong though - I'm not a dev, just a user of
It probably depends on which crypto library you built with. I'm pretty sure
OpenSSL and GnuTLS cache the PEM credentials in memory. Not sure what MozNSS
does. And of course, if you're paranoid, you can build these libraries to
use smart tokens and leave the credentials there instead.
built with gnutls (debian build)
> - chris
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/