[Fedora-directory-users] How to change password storage method?
George Holbert
gholbert at broadcom.com
Thu Mar 29 18:13:46 UTC 2007
>
> However - it has not solved this problem. The password is still being
> sent in the clear. I have /etc/ldap.conf including the line:
>
> pam_password md5
pam_password controls how new passwords are hashed locally before
updating an account's password attribute, i.e. when someone changes
their password.
If you want the hash setting on the server to always be honored, use
"pam_password clear".
Comments from PADL's ldap.conf:
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
Pete Rowley wrote:
> Andy Schofield wrote:
>>> My real problem is that clients are broadcasting passwords in the
>>> clear (despite pam being told to use md5 with ldap). I am assuming
>>> that is because the ldap server is using SSHA and pam is using md5 so
>>> they negotiate to send passwords in the clear. Does that sound right?
>>>
>>
>> However - it has not solved this problem. The password is still being
>> sent in the clear. I have /etc/ldap.conf including the line:
>>
> What you need is not a hashed password sent over the wire (which
> achieves very little) but an encrypted transport using SSL, or SASL
> and kerberos.
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list