[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication for a script?

To: openldap-software@OpenLDAP.org
Subject: Authentication for a script?
From: Erik Williamson <erik@cpsc.ucalgary.ca>
Date: 04 Feb 2003 09:09:43 -0700
Organization:

Hi All,

I'm new at the LDAP game - please bear with me!

I've written a script for all our hosts that creates 'emergency'
/etc/passwd and /etc/shadow files.  This will be launched via cron every
so often.  

The problem is that since the userPassword attribute is of course
protected as such:

access to dn=".*,ou=People,dc=mydomain,dc=ca"	attr=userPassword
 by self write
 by dn="uid=root,ou=People,dc=mydomain,dc=ca" write
 by * auth

So, for the script to work, it needs to bind as the root DN.  And
there's no way that people will be comfortable with us having the root
password embedded in a script on every host (Well, mode 0700 might be
okay, but...)!  I'm new with SASL, TLS & certificates - is there a way
to use these to get around this?

Thanks for any ideas,
Erik.

-- 
e r i k   w i l l i a m s o n                     erik@cpsc.ucalgary.ca
 system admin . department of computer science . university of calgary

Follow-Ups:
- Re: Authentication for a script?
  - From: Jim C <jcllings@tsunamicomm.net>
- Re: Authentication for a script?
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: can't connect to ldap server (0x5B)
Next by Date: Re: Manageing Access To an LDAP server.
Index(es):
- Chronological
- Thread