Ben,
I would like to use GSSAPI for my replication. Would you be willing to share how you went about it?
Thanks, Brendan
On Fri, Mar 8, 2024, 1:05 PM Ben Poliakoff benp@reed.edu wrote:
You definitely won't be able to use a password hash as a credential for syncrepl. A hash is a one way function so you can't readily drive the password from it (except via exhaustive brute force).
To avoid storing a clear text password in your config, you'll need to use another mechanism such as GSSAPI. That's what I use in my installations. x509 certificates/keys might be another option.
All of the options are more complicated that using a plain text password, but they're also bit more secure.
Ben
On Fri, Mar 8, 2024, 9:43 AM mbalakri@opentext.com wrote:
How to configure olcSyncrepl without a plaintext password? I tried using credentials="{SSHA256}jRlrKRCcrhYo7SqbPDc5WkoSxaHc8y/e0DPWaAnveUkQpQ7wEOWhsw==" format. Does olcSyncrepl accepts password in {SSHA256} format?