Andy Schofield wrote: > However, a hashed password is better than nothing surely. Even NIS > didn't sent passwords in the clear. > Not from the DS point of view - if it accepts a hashed password in the bind then that is equivalent to the original password, so nothing is really achieved. It /may/ delay the ability of an attacker to log in to a machine using LDAP as the authentication mechanism, but md5 has known vulnerabilities in that regard and cannot be recommended. -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070329/0c389497/attachment.bin
