Am Dienstag 26 Oktober 2010, 10:49:09 schrieb Frederic Hornain:
For already few weeks, I search for a mean to have an encypted bindpw
password in /etc/ldap.conf on my Fedora Linux Ldap client.
OK, I have perfectly understood a simple bind requires that the client
has the *cleartext* password.
Nonetheless, it seems it exists a SASL method which could permit
without using Kerberos to have this functionality.
AFAIK the only SASL mechanism
that nss_ldap supports is GSSAPI which in
the end means Kerberos.
It seems you are
reading something wrong into that thread. It only lines
out that a cleartext password, or something equivalent like a Kerberos
keytab or Client Certificate + Key (if nss_ldap would support that) is