I would like to have a way to secure a server.id on a Linux server with a password and not have to manually enter that password on start/restart. On Windows there is NSL, but on Linux we have nothing similar.
Working with Information Security I see an increasing need for being able to secure data at rest. We can encrypt databases with the server.id but if the 'bad guys' get access to the file system at a breach, they only have to copy the server.id together with the databases to be able to decrypt all databases and access the information. To mitigate this we need to secure the server.id with one or several passwords but then need to add that password at every start/restart which isn't an optimal solution.
Yes, you could say that if the OS guys just do their job this isn't a problem, but if you are a company interesting enough for the 'bad guys' they will always find a way to hack you :(
Domino on Linux is a great combination. Domino in itself is secure enough with all built-in security features. Please help us secure the server.id in an admin friendly way on Linux to take that last(?) step to make that combination bullet proof! Sort of.
This would not be "NSL" and there is no similar functionality on Linux.
But there could be a call-out to a credentials helper. A program that is called, socket or pipe.
This would open the door for easy to implement 3rd party integrations without any change on the Domino side.
[ Daniel Nashed / https://blog.nashcom.de ]