[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave slapd doesn't accept bind from slurpd

To: <betzos@europe.com>
Subject: Re: Slave slapd doesn't accept bind from slurpd
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Thu, 6 May 2004 10:34:39 +0200 (CEST)
Cc: <openldap-software@OpenLDAP.org>, <D.M.Lewney@sussex.ac.uk>
Importance: Normal
In-reply-to: <20040506080751.34F8222E5B@ws1-1.us4.outblaze.com>
References: <20040506080751.34F8222E5B@ws1-1.us4.outblaze.com>

>
> After I tried what you suggested and everything seemed to be ok, it
> dawned on me. In the credentials=... option in the replica section of
> the master's slapd.conf the password of the binddn must be entered in
> unencrypted form. I tried it and things worked fine.
>
> But ... isn't this a security hole? Storing unecrypted passwords in a
> file has long being considered a no-no in a unix system (in any system
> for that matter).
>
> What do the (open)ldap designers/developpers have in mind?

There is no other way to pass credentials to a server.
It is exactly what you would do with any other client;
in this sense, slurpd is a lient to the slave.
Unless you use different auth mechs, e.g. GSSAPI.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Re: Slave slapd doesn't accept bind from slurpd
  - From: "George Betzos" <betzos@europe.com>

Prev by Date: Re: Slave slapd doesn't accept bind from slurpd
Next by Date: login using SASL
Index(es):
- Chronological
- Thread