Adams Samuel D Contr AFRL/HEDR wrote: >I also have two medium vulnerabilities the keep popping up with ISS that >I need to resolve but can't seem to find the proper configuration in the >admin console. > >" LDAP NullBind: LDAP anonymous access to directory > > > > ... >" LDAP Schema: LDAP schema information gathering > > > In addition to the other posters comments I would point out that with zero access control configured in the DS nobody but the directory manager can do anything - zero access by default. The best method of securing the server is to start with that blank sheet and selectively enable targeted operations for targeted users/groups on targeted sets of entries. For example, your requirement is that pam operates: add the aci that makes that happen and no more. The default aci's added on install should be treated as examples only that just happen to be suitable for casual evaluation. Most deployments can get away with very few aci's in order to enforce their policy. Adding aci's when something is found not to work correctly due to insufficient access is a lot less painful than the ramifications of overly broad grants of access. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060808/c3809c44/attachment.bin
