Am Dienstag 26 Oktober 2010, 10:49:09 schrieb Frederic Hornain: > Dear all, > > For already few weeks, I search for a mean to have an encypted bindpw > password in /etc/ldap.conf on my Fedora Linux Ldap client. > OK, I have perfectly understood a simple bind requires that the client > has the *cleartext* password. > > Nonetheless, it seems it exists a SASL method which could permit > without using Kerberos to have this functionality. AFAIK the only SASL mechanism that nss_ldap supports is GSSAPI which in the end means Kerberos.
> - > http://www.openldap.org/lists/openldap-technical/200809/msg00145.html > - If someone could give me a hand on that, I would appreciate; It seems you are reading something wrong into that thread. It only lines out that a cleartext password, or something equivalent like a Kerberos keytab or Client Certificate + Key (if nss_ldap would support that) is needed. Ralf