[Freeipa-users] Storing LDAP credentials in clear text.
Dmitri Pal
dpal at redhat.com
Thu Jun 25 11:16:05 UTC 2015
On 06/24/2015 09:21 PM, quest monger wrote:
> I have a IPA server running on CentOS server. I have multiple Solaris
> boxes that use this IPA server for SSH authentication.
> When configuring the Solaris hosts to be IPA clients, one of the
> things i had to do was to configure LDAP. This involved editing the
> /etc/ldap.conf file. It looks like this now -
>
> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
> bindpw <password in plain text>
> ssl start_tls
> tls_cacertfile /var/ldap/cer8.db
> tls_checkpeer yes
> bind_timelimit 5
> timelimit 15
> uri ldap://example.com <http://example.com/>
> sudoers_base ou=SUDOers,dc=example,dc=com
> TLS_CERT /var/ldap/cer8.db
>
> As you can see, the bind password is being stored in clear text.
> Is there a workaround for this? Has someone done this on a Solaris-11
> platform?
>
> Thanks.
>
>
>
AFAIR Solaris should have some kind of the obfuscation scheme at least
used to but it might be buried in some manuals.
It might be a feature or switch of the ldapclient command.
HTH
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150625/b29dae2d/attachment.htm>
More information about the Freeipa-users
mailing list