Pam LDAP - Is It Possible To Encrypt Bindpw?

Bobby Cox Bobby.Cox at presage-tech.com
Wed Jul 9 14:51:04 UTC 2008 

Thorsten,

I see, thank you for the clarification.  I'll research your suggestions, although AppArmor won't be one, we're not using SUSE. :)

Regards,
Bobby Cox

________________________________________
From: pam-list-bounces at redhat.com [pam-list-bounces at redhat.com] On Behalf Of Thorsten Kukuk [kukuk at suse.de]
Sent: Wednesday, July 09, 2008 9:44 AM
To: Pluggable Authentication Modules
Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?

On Wed, Jul 09, Bobby Cox wrote:

> Thorsten,
>
> Thank you for your reply. Would you happen to know the syntax necessary to accomplish this or a link to a doc?   In our case a small deterrent is better then none.

I don't know if it is possible, I only said that it does not make
much sense to do so. Better to ristrict the access to the file as
far as possible, with attributes, AppArmor and/or SELinux.

  Thorsten

>
> Regards,
> Bobby Cox
> ________________________________________
> From: pam-list-bounces at redhat.com [pam-list-bounces at redhat.com] On Behalf Of Thorsten Kukuk [kukuk at suse.de]
> Sent: Wednesday, July 09, 2008 9:28 AM
> To: pam-list at redhat.com
> Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?
>
> On Wed, Jul 09, Bobby Cox wrote:
>
> > Hello All,
> >
> > If this is not the correct list please excuse me, and would you please direct me to the appropriate place.  If this is the right place, here is my question:
> >
> > Is it possible to encrypt bindpw in ldap.conf?   We currently do not allow anonymous bind and would rather not leave the bindpw in clear text if at all possible.
>
> If you encrypt it in ldap.conf, you need to store the key somewhere.
> This only makes it more complicated for an attacker, but will not
> solve your problem.
>
>   Thorsten
> --
> Thorsten Kukuk, Project Manager/Release Manager SLES
> SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> GF: Markus Rex, HRB 16746 (AG Nuernberg)
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list