Andy Schofield wrote: >> My real problem is that clients are broadcasting passwords in the >> clear (despite pam being told to use md5 with ldap). I am assuming >> that is because the ldap server is using SSHA and pam is using md5 so >> they negotiate to send passwords in the clear. Does that sound right? >> > > However - it has not solved this problem. The password is still being > sent in the clear. I have /etc/ldap.conf including the line: > What you need is not a hashed password sent over the wire (which achieves very little) but an encrypted transport using SSL, or SASL and kerberos. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070329/f6fd6b62/attachment.bin
