[Date Prev][Date Next]
Re: ldapi security level?
At 09:23 AM 6/27/2004, Hallvard B Furuseth wrote:
>Isn't ldapi:/// secure?
It is not completely without fear of risk; but generally
the fear is generally considered low in comparison to
> # Require TLS/SSL for Simple Bind with password and for updates.
> security simple_bind=128 update_ssf=128
> # Don't accept unprotected passwords, d'ont show passwords.
> access to attr=userPassword by * ssf=128 auth
ldapi:/// has an implicit SSF of 71 (LDAP_PVT_SASL_LOCAL_SSF
in ldap_pvt.h). You can reset this if you find it too low
(or too high).