[Date Prev][Date Next]
Re: Multiple Master, one slave replica?
At 06:44 PM 6/2/00 +0200, Turbo Fredriksson wrote:
>At the moment the passwords are there in cleartext, mode 600. That's
>not a good thing, of course.
Well, it's a lessor evil than use of cleartext passwords of the
net. To avoid that in OpenLDAP 1.x, you need to use Kerberos
bind or use a TLS (SSL) wrapper as noted in the FAQ.
>Previously (a couple of months ago) I
>tried to compile with kerberos, but then a lot of other stuff stoped
>working (mostly PAM stuff).
Some OSs disable PAM if built for Kerberos... that's an issue
that's specific to your OS... I suggest directing your enquiry
to a forum specific to your OS.
>How do I compile with kerberos but making sure that pam_ldap etc can
>still use the libs/services?
If you install Kerberos, I suggest authenticate users to
it directly. Either by building directly into OS or by using
pam_kerberos or whatever. No need for a middle man.
Then, in OpenLDAP, you can use Kerberos authentication instead
of simple bind...