On Wed, 2010-01-27 at 19:43 -0300, Ldap Tester wrote: > But I have set > pam_password clear > in /etc/ldap.conf on both fedora machines. > I rely on ssl for security. > I had to do this in order to get password syncing with windows to work at all. > > Shouldn't that take care of the problem you describe above? > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users No. That only transmit the password "plain" to the 389DS. Then 389DS encript the password with SSHA, then MMR writes in the other server. So, F12 can't capture a plain password. Other option is set Password encript to CLEAR en your F11, but it's obviously insecure (go to 389-consle, then Configuration->DATA->Password->Password Encription in the bottom). Saludos -- Sergio A. Morales <sergiomorales at archlinux.cl> uSCI & CSRG Sysadmin Archlinux Chile -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20100127/b0358392/attachment-0001.bin
