[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Security and bind_anonymous_dn
List,
Openldap 2.2.6, BDB 4.2.52 on RedHat's RHEL3.
All the files lying around on my harddisk with my proxy admin password
made me unhappy. Examples are /etc/ldap.secret, Postfix 2.0.18 snaphot's
many /etc/postfix/maps/ldap/mumble.cf's,
/usr/lib/courier-imap/etc/authldaprc, /usr/lib/sasl2/smtpd.conf and I'm
sure there are more, only I can't remember where they are :(
Someone on "another list" pointed out slapd's 'allow anonymous_bind_dn'.
Sure enough, with 'allow anonymous_bind_dn' I can get rid of the proxy
admin password in every file but my Openldap/Postfix SASL
/usr/lib/sasl2/smtpd.conf. Only one file to remember.
Can anyone point out any obvious security-based (or other) reason for
not allowing bind_anonymous_dn in slapd.conf? If not, why isn't it
standard?
Best,
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl