[Date Prev][Date Next]
(ITS#7784) Client stores bindpw in cleartext
Full_Name: Yo Lau
OS: SUSE Linux Enterprise Server 10
Submission from: (NULL) (188.8.131.52)
When nss_ldap uses LDAP authentication with binding method, the bindpw stored in
ldap.conf is clear text.
However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. There
is no password obfuscation with nss_ldap.
So we considered it is a security issue and will affect the result of security