On Tue, 10 Aug 1999, Derek Smith wrote:
> Joe,
>
> Can you not just have the script that you are passing the passphrases from respond
> to all request for a passphrase (I believe it asks for the passphrases in order
> (besides, it gives you the server name also))? That is how I understood it when
> reading the manual.
Ralf sent a reply showing that the script is passed server:port pairs and
gets to respond to those in turn. I can handle that. I just remember that
script is supposed to echo the password and had missed that it gets
parameters sent to it first.
> Alternatively, if you're happy with your systems security you can remove the
> passphrase from your keys (remember that if you backup to tape and someone gets a
> hold of your tape, they then have the ability to impersonate your server(s) as
> they have the key (no passphrase) and the cert (remember anyone who steals your
> backup can reinstate it on a machine of their choice and steal you data at
> leisure).
wonderful :-)
On the otherhand if I leave the passphrases in the script, they can take
those too. There seems to be no solution to this except unplugging the
network connection.
Joe
--
Joseph Mack [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
