On Wed, Jul 09, Bobby Cox wrote: > Thorsten, > > Thank you for your reply. Would you happen to know the syntax necessary to accomplish this or a link to a doc? In our case a small deterrent is better then none. I don't know if it is possible, I only said that it does not make much sense to do so. Better to ristrict the access to the file as far as possible, with attributes, AppArmor and/or SELinux. Thorsten > > Regards, > Bobby Cox > ________________________________________ > From: pam-list-bounces@xxxxxxxxxx [pam-list-bounces@xxxxxxxxxx] On Behalf Of Thorsten Kukuk [kukuk@xxxxxxx] > Sent: Wednesday, July 09, 2008 9:28 AM > To: pam-list@xxxxxxxxxx > Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw? > > On Wed, Jul 09, Bobby Cox wrote: > > > Hello All, > > > > If this is not the correct list please excuse me, and would you please direct me to the appropriate place. If this is the right place, here is my question: > > > > Is it possible to encrypt bindpw in ldap.conf? We currently do not allow anonymous bind and would rather not leave the bindpw in clear text if at all possible. > > If you encrypt it in ldap.conf, you need to store the key somewhere. > This only makes it more complicated for an attacker, but will not > solve your problem. > > Thorsten > -- > Thorsten Kukuk, Project Manager/Release Manager SLES > SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg > GF: Markus Rex, HRB 16746 (AG Nuernberg) > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
