[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave slapd doesn't accept bind from slurpd

> After I tried what you suggested and everything seemed to be ok, it
> dawned on me. In the credentials=... option in the replica section of
> the master's slapd.conf the password of the binddn must be entered in
> unencrypted form. I tried it and things worked fine.
> But ... isn't this a security hole? Storing unecrypted passwords in a
> file has long being considered a no-no in a unix system (in any system
> for that matter).
> What do the (open)ldap designers/developpers have in mind?

There is no other way to pass credentials to a server.
It is exactly what you would do with any other client;
in this sense, slurpd is a lient to the slave.
Unless you use different auth mechs, e.g. GSSAPI.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497