years ago I set up a ldap fedora directory server that is the used for pki authentication by many servers. In that period I didn't care much about security but now I would like to close security holes.
I see that the directory manager password is stored in ldap.conf and rebuild sshd.conf (for pki)
I see also that if I restrict access (600) to these files the authentication process does not end correctly because the uid and gid are not taken by ldap. Probabily during the user logon these files must be readable.
By my point of view the solution could be to encrypt the directory manager password or to create a read only user. What do you suggest me? and how to implement?
Regards,
Marco Strullato
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users