However - it has not solved this problem. The password is still being
sent in the clear. I have /etc/ldap.conf including the line:
pam_password md5
pam_password controls how new passwords are hashed locally before
updating an account's password attribute, i.e. when someone changes
their password.
If you want the hash setting on the server to always be honored, use
"pam_password clear".
Comments from PADL's ldap.conf:
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
Pete Rowley wrote:
Andy Schofield wrote:
My real problem is that clients are broadcasting passwords in the
clear (despite pam being told to use md5 with ldap). I am assuming
that is because the ldap server is using SSHA and pam is using md5 so
they negotiate to send passwords in the clear. Does that sound right?
However - it has not solved this problem. The password is still being
sent in the clear. I have /etc/ldap.conf including the line:
What you need is not a hashed password sent over the wire (which
achieves very little) but an encrypted transport using SSL, or SASL
and kerberos.
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
