[Date Prev][Date Next] [Chronological] [Thread] [Top]


Le ven 14/03/2003 à 17:17, Quanah Gibson-Mount a écrit :
> > I have to add "by anonymous search" in the third ACL to get it working
> > And after that I can comment the first ACL without effect
> Yup.  If you want, and can figure out exactly what it information it is 
> wanting to look at, you can restrict this even more.  For us, any incoming 
> connection needs access to the krb5PrincipalName attribute (since we are 
> doing GSSAPI authentication for our applications), so I have the line:
> access to attr=krb5PrincipalName,member
>         by * search

ok, but I believe that the information accessed by DIGEST-MD5 mechanism
is the userPassword attribute, so I don't want it to be world readable

Am I wrong ?


> --Quanah
> --
> Quanah Gibson-Mount
> Senior Systems Administrator
> ITSS/TSS/Computing Systems
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html