[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: bindpw in SSHA/MD5/CRYPT/...
Am Dienstag 26 Oktober 2010, 10:49:09 schrieb Frederic Hornain:
> Dear all,
>
> For already few weeks, I search for a mean to have an encypted bindpw
> password in /etc/ldap.conf on my Fedora Linux Ldap client.
> OK, I have perfectly understood a simple bind requires that the client
> has the *cleartext* password.
>
> Nonetheless, it seems it exists a SASL method which could permit
> without using Kerberos to have this functionality.
AFAIK the only SASL mechanism that nss_ldap supports is GSSAPI which in
the end means Kerberos.
> -
> http://www.openldap.org/lists/openldap-technical/200809/msg00145.html
> - If someone could give me a hand on that, I would appreciate;
It seems you are reading something wrong into that thread. It only lines
out that a cleartext password, or something equivalent like a Kerberos
keytab or Client Certificate + Key (if nss_ldap would support that) is
needed.
Ralf