[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave slapd doesn't accept bind from slurpd

> "Pierangelo Masarati" <ando@sys-net.it> wrote:
> There is no other way to pass credentials to a server.
> It is exactly what you would do with any other client;
> in this sense, slurpd is a lient to the slave.
> Unless you use different auth mechs, e.g. GSSAPI.
> p.
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it
Obviously you are right. If you could store the password encrypted
so that slurpd could decrypt it and get the typed characters it would be
nicerr. However, if I am not mistaken, you cannot get the typed characters
back from the various password encrypting techniques.
Anyway, I don't know enough to start a debate right now .... :-)


> Since anyone with read access to *that* file already owns your system, all you 
> have to do is guard against "shoulder-surfing".
> You never need to type these passwords in more than once, either (or at least I 
> never do, I use grep, gawk or sed to manipulate them).
> So, make sure your passwords all look something like $1$xxxxxxxx$yyyyyyyyyyyyyy 
> where x and y are (extremely) random characters.  Anyone looking over your 
> shoulder will think they are MD5-encrypted and won't bother to try pulling any 
> moves on you.
> --Charlie

I guess this would work for me for now.
The general idea, I think, is that you build defenses. So even if someone
reads the file, over your shoulder or otherwise, they would have to spend
some additional effort cracking the passwords.
Anyway, thanks for the suggestion.
George Betzos

Sign-up for Ads Free at Mail.com