[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication for a script?

To: Erik Williamson <erik@cpsc.ucalgary.ca>
Subject: Re: Authentication for a script?
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 04 Feb 2003 19:29:14 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1044374983.20588.3.camel@gonzo>
Organization:
References: <1044374983.20588.3.camel@gonzo>

tir, 2003-02-04 kl. 17:09 skrev Erik Williamson:

> So, for the script to work, it needs to bind as the root DN.  And
> there's no way that people will be comfortable with us having the root
> password embedded in a script on every host (Well, mode 0700 might be
> okay, but...)!  I'm new with SASL, TLS & certificates - is there a way
> to use these to get around this?

There's no reason you shouldn't do it with, f. ex. SASL DIGEST-MD5. In
which case, the userPassword would be kept on a central DSA, right
enough in cleartext, if you don't have any problems with that. Then
there's Kerberos etc.

Look back at the archives for last Friday for the DIGEST-MD5
alternative.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

References:
- Authentication for a script?
  - From: Erik Williamson <erik@cpsc.ucalgary.ca>

Prev by Date: Re: slapd-meta Example Config ?
Next by Date: Re: can't connect to ldap server (0x5B)
Index(es):
- Chronological
- Thread