[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question about security



Question:

1. When configuring LDAP to use SASL authentication with the
   ldapdb SASL plugin, must the passwords be actually stored
   in cleartext human readable form?

2. If the answer to my first question is yes, I would appreciate
   thoughts about the security of such a configuration. I
   must admit that I don't feel comfortable know that just
   in case I indavertently allow access to an unauthorized
   person they could read the passwd. ( and I think we
   all know that the openldap acls can easily be misconfigured )

And just as general interest, I have used most of this week
in my third ( and finally successful ) attempt to consoldate
user management / authentication with openldap. It seems that
most of my implementation attempts on Linux take 3 tries.
Usually the finally try goes smootly, but this week has
been an endeavor as I have installed the latest releases available
for openldap, sasl, postfix, courier-imap and even samba 3.0rc2.


-- May the source be with you! Open Source of course!

http://www.wtfo-guru.com - Cooperative Web Hosting
http://www.cacert.org - Free Security Certificates
http://www.gmane.org - Mailing Lists Archives (Newsgroup Server)