[Date Prev][Date Next] [Chronological] [Thread] [Top]

isn't pam_ldap inherently insecure?



pam_ldap seems to require 'read' access to the whole entry; i found this
out thru openldap's debug trace. After successfully searching for an
'uid' (along with any filters set, e.g. objectClass=posixAccount),
pam_ldap seems to attempt a 'read' of the entire 'entry' without
rebinding to the DN of the user being authenticated. It thus requires
'read' privileges on all user accounts (in violation of the 'shadow'
principles). There are two insecure ways out -

a)grant read permissions on the entire user tree to 'anonymous' users!
or
b)ask pam_ldap to bind as a special user who's granted 'read' on the
entire user tree. This is insecure as well as the special user's DN and
password has to be stored in clear text in /etc/ldap.conf, a world
readable file (pam runs with the privileges of the user bring
autheticated). Thus, you can't even get security by obscurity.

What's a good way out or am I missing something?


Thanks in advance
prasad

p.s: I looked around for a pam_ldap specific mailing list and didn't
find any. Are there any?