Removing the world readable bit from /etc/ldap.conf results in the famous "I have no name" error message when logging in with an LDAP account. So it looks like world needs to be able to read this file. Anyone else got tips on how to protect the bind password located in that file? - Kenneth On Thu, Mar 4, 2010 at 4:05 PM, Marti, Robert <RJM002@xxxxxxxx> wrote: > Even if LDAP is the requirement - /etc/ldap.conf doesn't have to be world > readable, does it? > > Rob Marti > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto: > redhat-list-bounces@xxxxxxxxxx] On Behalf Of Stainforth, Matthew (SD/DS) > Sent: Thursday, March 04, 2010 7:58 AM > To: redhat-list@xxxxxxxxxx > Subject: RE: Protecting the bindpw in /etc/ldap.conf > > > We're about to set up our RHEL servers to authenticate againts Active > > Directory (AD) 2008. I'd like to protect the binding user password > > (i.e. > > bindpw) so that regulars users can't get hold of it. Are others doing > > this > > too, or does one not consider this as a security issue? If protecting > > it, > > how to you set up this? > > Kerberos is what I use instead of LDAP and it doesn't require a password, > at least in my environment. > > Matt > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list