Full_Name: Nannan Song Version: 2.4.44 OS: SUSE URL: Submission from: (NULL) (126.96.36.199)
When LDAP is used to manage user and user group information, openldap only supports the configuration of the plain text password of the read-only user in the '/etc/ldap.conf/'. The password of the read-only user only supports plain text storage. so there is a security issue that the authentication credential file is readable to all users. Now we hope ldap can support the feature that using the encrypted text to save password for read only user.
We saw this the first time, no need to resubmit it 10 times.
Supposing you could put an encrypted password into ldap.conf - where would you put the key for decrypting the password, so that the software can use it?
When LDAP is *correctly* used to manage user and group information, the credentials used to contact the LDAP server belong to a low-privilege account, so that theft of those credentials is of minimal harm. And they are used by a single authentication daemon (like nslcd in the nss-pam-ldapd package) and as such never appear in any world-readable files.
Closing this ITS and all the other copies of it.