Issue #363 has been updated by Oliver Geisen.
There should be no password, whether in cleartext or crypted, be placed in config files because, - Config get lost/stolen and brute forced, no good idea - need to update ALL servers using this script if bindpw changes - but, having the same binddn for ALL servers is also a bad idea (you can't distinguish when it comes up to deny one of those) Better solution would be to have one bind-user for each usage and to authorize this user by Kerberos. There you have a keytab (public key) not a password, which is much safer and could be transported even via unsecure routes. There must be a way to use kerberos as bind-user. ---------------------------------------- Feature #363: Self Service Password - hashed password in configuration file http://tools.lsc-project.org/issues/363 Author: Yann Bajard Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? Is it possible to display the hashed the password of LDAP in the configuration file (and not let it in clear) after the first run ? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
