Affects Version/s: 2.6.0
Environment:Red Hat Enterprise Linux Server release 6.3 (Santiago)
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.5) (rhel-22.214.171.124.5.el6_3-x86_64)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
2.5.0Xpress1 (build 20120918)
It doesn't seem possible to only define the PIN code for the administration
connector in the ds-cfg-key-store-pin attribute of the "cn=Administration,cn=Key Manager Providers,cn=config" entry. When doing so, starting OpenDJ returns a NPE and the server doesn't start:
[01/Feb/2013:11:26:27 +0100] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerShutdown, alert ID 458893): The Directory Server has started the shutdown process. The shutdown was initiated by an instance of class org.opends.server.core.DirectoryServer and the reason provided for the shutdown was An error occurred while trying to start the Directory Server: NullPointerException (File.java:239 AdministrationConnector.java:804 AdministrationConnector.java:636 AdministrationConnector.java:182 ConnectionHandlerConfigManager.java:350 DirectoryServer.java:2756 DirectoryServer.java:1258 DirectoryServer.java:9542)
Defining the ds-cfg-key-store-pin-file attribute in the same entry is enough to start OpenDJ, even if the corresponding file is empty. But in this case, it's not possible to connect to the administration port, with dsconfig for example.
So, it seems using a PIN file with the right password is mandatory for the administration connector, while it's not for the OpenDJ server: it's possible to only define a PIN in the ds-cfg-key-store-pin attribute of the "cn=JKS,cn=Key Manager Providers,cn=config" entry.