Dear LDAP experts:
From my interest in applied cryptography, I was surprised to see how
limited are the (open)LDAP directory entry encryption options.
From a security audit perspective, plain text passwords in the LDAP DSA
implementation appears worrysome.
Is there any solution for hardware-assisted solutions, which might
improve the key management vicious circle, i.e. if you encrypt
userPassword attributes, where do you store the master encryption key?
Is there a demand from large organizations for improvements in this area?
I do not put into question the security on the protocol side (SASL, TLS,
...).
Thanks in advance.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
