When we create a replica file we include in it very security sensitive information. Then we tell the admin to move it to another machine and use it. This info is not cleared from the main server, and it may be forgotten in a tmp directory on the target server. Given we need to ask for the Directory Manager password to be able to install the replica I was thinking it could be a good idea to encrypt the replica information with the same password and decipher the data only at installation time, making sure we clean up any temporary file. This also implicitly proves the Directory Manager password is correct even before trying to connect to the other server catching an error in that sense very early on.
Committed by Simo. master: 0368d4329ae54d97b6fb5da60580beefa29d07bc Uses gpg to encrypt and decrypt the file using the DM password.
Fix Verified: Prompted for DM password when creating replica file. It is created in /var/lib/ipa and is encrypted.