[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bindpw in SSHA/MD5/CRYPT/...



Am Dienstag 26 Oktober 2010, 10:49:09 schrieb Frederic Hornain:
> Dear all,
> 
> For already few weeks, I search for a mean to have an encypted bindpw
> password in /etc/ldap.conf on my Fedora Linux Ldap client.
> OK, I have perfectly understood a simple bind requires that the client
> has the *cleartext* password.
> 
> Nonetheless, it seems it exists a SASL method which could permit 
> without using Kerberos to have this functionality.
AFAIK the only SASL mechanism that nss_ldap supports is GSSAPI which in 
the end means Kerberos.

> -
> http://www.openldap.org/lists/openldap-technical/200809/msg00145.html
> - If someone could give me a hand on that, I would appreciate;
It seems you are reading something wrong into that thread. It only lines 
out that a cleartext password, or something equivalent like a Kerberos 
keytab or Client Certificate + Key (if nss_ldap would support that) is 
needed.

Ralf