> > However - it has not solved this problem. The password is still being > sent in the clear. I have /etc/ldap.conf including the line: > > pam_password md5 pam_password controls how new passwords are hashed locally before updating an account's password attribute, i.e. when someone changes their password. If you want the hash setting on the server to always be honored, use "pam_password clear". Comments from PADL's ldap.conf: # Do not hash the password at all; presume # the directory server will do it, if # necessary. This is the default. #pam_password clear Pete Rowley wrote: > Andy Schofield wrote: >>> My real problem is that clients are broadcasting passwords in the >>> clear (despite pam being told to use md5 with ldap). I am assuming >>> that is because the ldap server is using SSHA and pam is using md5 so >>> they negotiate to send passwords in the clear. Does that sound right? >>> >> >> However - it has not solved this problem. The password is still being >> sent in the clear. I have /etc/ldap.conf including the line: >> > What you need is not a hashed password sent over the wire (which > achieves very little) but an encrypted transport using SSL, or SASL > and kerberos. > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
