Good point. I'll probably go for this option. Kenneth On Thu, Mar 4, 2010 at 4:05 PM, Marti, Robert <RJM002@xxxxxxxx> wrote: > Even if LDAP is the requirement - /etc/ldap.conf doesn't have to be world > readable, does it? > > Rob Marti > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto: > redhat-list-bounces@xxxxxxxxxx] On Behalf Of Stainforth, Matthew (SD/DS) > Sent: Thursday, March 04, 2010 7:58 AM > To: redhat-list@xxxxxxxxxx > Subject: RE: Protecting the bindpw in /etc/ldap.conf > > > We're about to set up our RHEL servers to authenticate againts Active > > Directory (AD) 2008. I'd like to protect the binding user password > > (i.e. > > bindpw) so that regulars users can't get hold of it. Are others doing > > this > > too, or does one not consider this as a security issue? If protecting > > it, > > how to you set up this? > > Kerberos is what I use instead of LDAP and it doesn't require a password, > at least in my environment. > > Matt > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
