2010/1/27 Sergio A. Morales <sergiomorales@xxxxxxxxxxxx>
Would that really be so insecure if I always use ssl?
Opinions?
On Wed, 2010-01-27 at 19:43 -0300, Ldap Tester wrote:
> But I have set
> pam_password clear
> in /etc/ldap.conf on both fedora machines.
> I rely on ssl for security.
> I had to do this in order to get password syncing with windows to work at all.
>
> Shouldn't that take care of the problem you describe above?
> --No. That only transmit the password "plain" to the 389DS. Then 389DS
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
encript the password with SSHA, then MMR writes in the other server.
So, F12 can't capture a plain password.
Other option is set Password encript to CLEAR en your F11, but it's
obviously insecure (go to 389-consle, then
Configuration->DATA->Password->Password Encription in the bottom).
Would that really be so insecure if I always use ssl?
Opinions?
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
