[Freeipa-users] Hardening freeipa on the internet
Simo Sorce
simo at redhat.com
Mon Apr 28 15:16:45 UTC 2014
On Mon, 2014-04-28 at 16:11 +0100, Andrew Holway wrote:
> > I realized that you probably want to disable anonymous access to LDAP. It
> > will prevent random strangers to enumerate all users in your database...
>
> This sounds like a bug no? anonymous access to LDAP?
Historically many Linux and Unix OSs did not authenticate to LDAP to
download POSIX info, so we allow by default to access a lot of the tree
anonymously.
We are in the process of changing how the permissions work in 4.0, and
will contextually close down a lot more of the tree letting the admin
more easily configure access.
So, no it is not technically a bug, but it is something you want to look
out for as an admin.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list