From: Howard Chu Date: Sat, 15 Dec 2007 19:20:35 +0000 (+0000) Subject: Support DB encryption X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~297 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a88f709b8d32cb9966255918b3ee985b5c071463;p=openldap Support DB encryption --- diff --git a/doc/man/man5/slapd-bdb.5 b/doc/man/man5/slapd-bdb.5 index f0ff91fb7f..e19f3deafa 100644 --- a/doc/man/man5/slapd-bdb.5 +++ b/doc/man/man5/slapd-bdb.5 @@ -60,6 +60,25 @@ the \fI\fP argument is non-zero, an internal task will run every \fI\fP minutes to perform the checkpoint. See the Berkeley DB reference guide for more details. .TP +.BI cryptfile \ +Specify the pathname of a file containing an encryption key to use for +encrypting the database. Encryption is performed using Berkeley DB's +implementation of AES. Note that encryption can only be configured before +any database files are created, and changing the key can only be done +after destroying the current database and recreating it. Encryption is +not enabled by default, and some distributions of Berkeley DB do not +support encryption. +.TP +.BI cryptkey \ +Specify an encryption key to use for encrypting the database. This option +may be used when a separate +.I cryptfile +is not desired. Only one of +.B cryptkey +or +.B cryptfile +may be configured. +.TP .BI dbconfig \ Specify a configuration directive to be placed in the .B DB_CONFIG