Aaron Richton wrote:
I don't think you gain any special advantages by encrypting (or not) in a slapd.conf context versus any other encryption application. Like most password encryption, it largely boils down to speed bumps in the face of a preexisting access vector.
I think the more direct answer is "this is why the docs tell you to use a different identity and password for the replication account."
On Tue, 13 Nov 2007, Peter Clark wrote:
Heh, thanks for the warning about the rootpw. I used an example of one from the internet. :)
If you cannot supply an encrypted password in the credentials= field and you have both the rootpw= and credentials= visible in the slapd.conf does it serve any purpose for encrypting the rootpw in the slapd.conf? Or is there another purpose to encrypting it other than to stop someone from parsing the file and getting it?
I hope that makes sense.