Hi William,
it's an old thread, but it's mine, so I will give an update to the situation
and a follow-up question.
We changed from StartTLS on 389 to SSL on 636 some time ago. Trying to
reconsider the topic we found that there is no plaintext password sent via
network between the replicants, which was the case in the StartTLS on 389
scenario. This would reduce the problem with plaintext password for the
replication manager to the storage, mainly the dse.ldif, I think.
We would be glad if you could confirm this thought. It would save us from
trying again the use of client auth for replication which hadn't been
successful yet.
Kind regards,
Eugen
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org