13 Jan
2014
13 Jan
'14
8 p.m.
At Tue, 14 Jan 2014 01:12:55 GMT, ylau@huawei.com wrote:
When nss_ldap uses LDAP authentication with binding method, the bindpw stored in ldap.conf is clear text. However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. There is no password obfuscation with nss_ldap. So we considered it is a security issue and will affect the result of security audit.
{NS1} format is not safe. You can decrypt it without any other secret.
http://stuff.iain.cx/2008/05/03/ns103eb2365be169abbe3a45088a10a/
--
-- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- GitHub Home: https://GitHub.com/fumiyas/
-- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA
3964
Age (days ago)
3964
Last active (days ago)
0 comments
1 participants
participants (1)
-
fumiyas@osstech.co.jp