[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM concepts (was: pam_{unix,pwdb}: crypt/md5 necessary?)



Em Fri, Aug 04, 2000 at 06:32:37PM -0700, W. Reilly Cooley, Esq. escreveu:
> Is it really more secure?  Forgive me if I'm missing something here,
> but the effect of setting ACL which prevents anyone from reading the
> hashed password is that the module has to bind to the LDAP server as
> the user, which requires passing their password in clear text over

This is an issue with openldap-1.2.x, but solved in 2.0. Anyway, you
can still use some SSL wrapper, like stunnel, with openldap-1.2.x.
I have a patched authconfig that configures stunnel to work with LDAP
regarding authentication. With this setup, both the client and the
server have to have stunnel running.


-- 
Andreas Hasenack
andreas@conectiva.com.br
BIG Linux user!





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []