[Swan] CentOS 7.4 insstallation getting failed because of nsspassword prompt during installation.
Tuomo Soini
tis at foobar.fi
Tue Jun 26 07:38:55 UTC 2018
On Mon, 25 Jun 2018 10:52:31 +0000
"Veetil, Vyshnav" <Vyshnav.Veetil at harman.com> wrote:
> We have been observing that after migration to CentOS 7.4 the
> installation fails due to password being prompted for the execution
> of below command as part of the install script.
>
> <custom_location>certutil -N -d <custom location> -f <custom
> location>/nsspassword
This is bad way to handle nsspassword - it is a config file and and
it's not expected to move with nssdb.
> The install script contains the above command to create the NSSDB at
> the install time. Ideally, this command should never prompt for a
> password when it is already provided as part of '-f' argument but
> seeing this issue after migration to centOS 7.4. Also frequency of
> the issue is intermittent.
Libreswan searches for ipsecdir for nsspassword and nssdir for nss db.
nsspassword file is config file for libreswan to instruct how to read
nss database, it's not a database file so it's not searched from
nssdir. You should note that nsspassword file is in separate
bundle of config files and should not walk with nssdb.
My suggestion is to change your creation procedure and not move
ipsecdir to nssdir because libreswan searches for other config
files too from ipsecdir.
Older libreswan versions didn't have separate config variable for nssdb
directory and it was added at 3.20.
Man ipsec.conf and search for nssdir and ipsecdir.
ps. And you should really migrate to centos-7.5 because there is only
one supported centos release, the latest.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan
mailing list