On Mon, 25 Jun 2018 10:52:31 +0000 "Veetil, Vyshnav" <[email protected]> wrote:
> We have been observing that after migration to CentOS 7.4 the > installation fails due to password being prompted for the execution > of below command as part of the install script. > > <custom_location>certutil -N -d <custom location> -f <custom > location>/nsspassword This is bad way to handle nsspassword - it is a config file and and it's not expected to move with nssdb. > The install script contains the above command to create the NSSDB at > the install time. Ideally, this command should never prompt for a > password when it is already provided as part of '-f' argument but > seeing this issue after migration to centOS 7.4. Also frequency of > the issue is intermittent. Libreswan searches for ipsecdir for nsspassword and nssdir for nss db. nsspassword file is config file for libreswan to instruct how to read nss database, it's not a database file so it's not searched from nssdir. You should note that nsspassword file is in separate bundle of config files and should not walk with nssdb. My suggestion is to change your creation procedure and not move ipsecdir to nssdir because libreswan searches for other config files too from ipsecdir. Older libreswan versions didn't have separate config variable for nssdb directory and it was added at 3.20. Man ipsec.conf and search for nssdir and ipsecdir. ps. And you should really migrate to centos-7.5 because there is only one supported centos release, the latest. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
