Le 12/09/2012 16:59, teoman.onay(a)degroof.be a écrit :
Does this mean that the password is sent clear to the ldap server
then
hashed over there ? It looks like a huge security flaw ...
I'd wouldn't be
so affirmative.
First, by externalising confidentialy support on the transport layer,
you're building on a known and proved protocol, instead of reininventing
the wheel.
Second, sending password hashes in cleartext wouldn't qualify for a good
security practice either...
i've used tcpdump and unfortunately my password appears clearly
...
using does imply enabling TLS ?
If you're concerned about the network traffic
between your ldap server
and clients, absolutly. If they are both on a private admin-only
network, for instance, it would not be so much necessary.
You can easily make encryption usage mandatory for accessing the
password attribute (and other similar sensible ones) using ACLs. For
instance:
access to dn.subtree="dc=exemple,dc=comfr" attrs=userPassword
by self ssf=56 write
by anonymous ssf=56 auth
by * none
It does not prevent an unsuspicious user to send its password in
cleartext, but it makes it useless, so largely less likely to appear in
working configuration.
--
BOFH excuse #221:
The mainframe needs to rest. It's getting old, you know.