13 Jan
2014
13 Jan
'14
7:38 p.m.
ylau@huawei.com wrote:
Full_Name: Yo Lau Version: 2.3.32 OS: SUSE Linux Enterprise Server 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (12.130.146.228)
OpenLDAP 2.3.32 is over 6 years old and long since unsupported.
nss_ldap is not a piece of OpenLDAP software. Contact SuSE for support, this ITS will be closed.
When nss_ldap uses LDAP authentication with binding method, the bindpw stored in ldap.conf is clear text. However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. There is no password obfuscation with nss_ldap. So we considered it is a security issue and will affect the result of security audit.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
4186
Age (days ago)
4186
Last active (days ago)
0 comments
1 participants
participants (1)
-
hyc@symas.com