Dear all,
For already few weeks, I search for a mean to have an encypted bindpw password in /etc/ldap.conf on my Fedora Linux Ldap client. OK, I have perfectly understood a simple bind requires that the client has the *cleartext* password.
Nonetheless, it seems it exists a SASL method which could permit without using Kerberos to have this functionality.
- http://www.openldap.org/lists/openldap-technical/200809/msg00145.html - If someone could give me a hand on that, I would appreciate;
Thanks a lot in advance for your time and your help.
Best Regards Frederic ;) ----------------------------------------------------- Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com
Am Dienstag 26 Oktober 2010, 10:49:09 schrieb Frederic Hornain:
Dear all,
For already few weeks, I search for a mean to have an encypted bindpw password in /etc/ldap.conf on my Fedora Linux Ldap client. OK, I have perfectly understood a simple bind requires that the client has the *cleartext* password.
Nonetheless, it seems it exists a SASL method which could permit without using Kerberos to have this functionality.
AFAIK the only SASL mechanism that nss_ldap supports is GSSAPI which in the end means Kerberos.
http://www.openldap.org/lists/openldap-technical/200809/msg00145.html
- If someone could give me a hand on that, I would appreciate;
It seems you are reading something wrong into that thread. It only lines out that a cleartext password, or something equivalent like a Kerberos keytab or Client Certificate + Key (if nss_ldap would support that) is needed.
Ralf
openldap-technical@openldap.org
-
Frederic Hornain -
Ralf Haferkamp