[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Slave slapd doesn't accept bind from slurpd
>
> After I tried what you suggested and everything seemed to be ok, it
> dawned on me. In the credentials=... option in the replica section of
> the master's slapd.conf the password of the binddn must be entered in
> unencrypted form. I tried it and things worked fine.
>
> But ... isn't this a security hole? Storing unecrypted passwords in a
> file has long being considered a no-no in a unix system (in any system
> for that matter).
>
> What do the (open)ldap designers/developpers have in mind?
There is no other way to pass credentials to a server.
It is exactly what you would do with any other client;
in this sense, slurpd is a lient to the slave.
Unless you use different auth mechs, e.g. GSSAPI.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497