[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bindpw in SSHA/MD5/CRYPT/...

To: openldap-technical@openldap.org
Subject: Re: bindpw in SSHA/MD5/CRYPT/...
From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 27 Oct 2010 10:22:24 +0200
In-reply-to: <AANLkTinXijiYo1SsG5EGjMB6UREnwuntRS_GkNyYctbx@mail.gmail.com>
References: <AANLkTinXijiYo1SsG5EGjMB6UREnwuntRS_GkNyYctbx@mail.gmail.com>
User-agent: KMail/1.13.5 (Linux/2.6.34.7-0.4-desktop; KDE/4.5.2; x86_64; ; )

Am Dienstag 26 Oktober 2010, 10:49:09 schrieb Frederic Hornain:
> Dear all,
> 
> For already few weeks, I search for a mean to have an encypted bindpw
> password in /etc/ldap.conf on my Fedora Linux Ldap client.
> OK, I have perfectly understood a simple bind requires that the client
> has the *cleartext* password.
> 
> Nonetheless, it seems it exists a SASL method which could permit 
> without using Kerberos to have this functionality.
AFAIK the only SASL mechanism that nss_ldap supports is GSSAPI which in 
the end means Kerberos.

> -
> http://www.openldap.org/lists/openldap-technical/200809/msg00145.html
> - If someone could give me a hand on that, I would appreciate;
It seems you are reading something wrong into that thread. It only lines 
out that a cleartext password, or something equivalent like a Kerberos 
keytab or Client Certificate + Key (if nss_ldap would support that) is 
needed.

Ralf

References:
- bindpw in SSHA/MD5/CRYPT/...
  - From: Frederic Hornain <fhornain@gmail.com>

Prev by Date: Re: Attribute Aliasing
Next by Date: Re: AIX as openldap client
Index(es):
- Chronological
- Thread