[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple Master, one slave replica?

At 06:44 PM 6/2/00 +0200, Turbo Fredriksson wrote:
>At the moment the passwords are there in cleartext, mode 600. That's
>not a good thing, of course.

Well, it's a lessor evil than use of cleartext passwords of the
net.  To avoid that in OpenLDAP 1.x, you need to use Kerberos
bind or use a TLS (SSL) wrapper as noted in the FAQ.

>Previously (a couple of months ago) I
>tried to compile with kerberos, but then a lot of other stuff stoped
>working (mostly PAM stuff).

Some OSs disable PAM if built for Kerberos...  that's an issue
that's specific to your OS... I suggest directing your enquiry
to a forum specific to your OS.

>How do I compile with kerberos but making sure that pam_ldap etc can
>still use the libs/services?

If you install Kerberos, I suggest authenticate users to
it directly.  Either by building directly into OS or by using
pam_kerberos or whatever.  No need for a middle man.

Then, in OpenLDAP, you can use Kerberos authentication instead
of simple bind...