On Fri, 2009-01-02 at 16:40 -0700, Joe wrote: > Good point on TLS. The /etc/ldap.secret is where I had the problem. If > you put that file on an end users machine, wouldn't they be able to boot > into single user mode or sudo and read that file? Doesn't that file > provide the keys to the kingdom? Once you have full read access to the > directory. can't you read all the user id's and hashes and gain access > to every other system? Sorry if this was already a hackfest activity and > I missed it. ---- and I should mention that if you want to get around that issue, you implement kerberos in addition to LDAP.
Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
