[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7784) Client stores bindpw in cleartext

To: openldap-its@OpenLDAP.org
Subject: (ITS#7784) Client stores bindpw in cleartext
From: ylau@huawei.com
Date: Tue, 14 Jan 2014 01:12:55 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Yo Lau
Version: 2.3.32
OS: SUSE Linux Enterprise Server 10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (12.130.146.228)


When nss_ldap uses LDAP authentication with binding method, the bindpw stored in
ldap.conf is clear text.
However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. There
is no password obfuscation with nss_ldap.
So we considered it is a security issue and will affect the result of security
audit.

Prev by Date: Re: (ITS#7778) Index and derived attribute bug
Next by Date: Re: (ITS#7784) Client stores bindpw in cleartext
Index(es):
- Chronological
- Thread