Pam LDAP - Is It Possible To Encrypt Bindpw?
Bobby Cox
Bobby.Cox at presage-tech.com
Wed Jul 9 14:51:04 UTC 2008
Thorsten,
I see, thank you for the clarification. I'll research your suggestions, although AppArmor won't be one, we're not using SUSE. :)
Regards,
Bobby Cox
________________________________________
From: pam-list-bounces at redhat.com [pam-list-bounces at redhat.com] On Behalf Of Thorsten Kukuk [kukuk at suse.de]
Sent: Wednesday, July 09, 2008 9:44 AM
To: Pluggable Authentication Modules
Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?
On Wed, Jul 09, Bobby Cox wrote:
> Thorsten,
>
> Thank you for your reply. Would you happen to know the syntax necessary to accomplish this or a link to a doc? In our case a small deterrent is better then none.
I don't know if it is possible, I only said that it does not make
much sense to do so. Better to ristrict the access to the file as
far as possible, with attributes, AppArmor and/or SELinux.
Thorsten
>
> Regards,
> Bobby Cox
> ________________________________________
> From: pam-list-bounces at redhat.com [pam-list-bounces at redhat.com] On Behalf Of Thorsten Kukuk [kukuk at suse.de]
> Sent: Wednesday, July 09, 2008 9:28 AM
> To: pam-list at redhat.com
> Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?
>
> On Wed, Jul 09, Bobby Cox wrote:
>
> > Hello All,
> >
> > If this is not the correct list please excuse me, and would you please direct me to the appropriate place. If this is the right place, here is my question:
> >
> > Is it possible to encrypt bindpw in ldap.conf? We currently do not allow anonymous bind and would rather not leave the bindpw in clear text if at all possible.
>
> If you encrypt it in ldap.conf, you need to store the key somewhere.
> This only makes it more complicated for an attacker, but will not
> solve your problem.
>
> Thorsten
> --
> Thorsten Kukuk, Project Manager/Release Manager SLES
> SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> GF: Markus Rex, HRB 16746 (AG Nuernberg)
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list