[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd -d9 --- Invalid credentials

Aaron Richton wrote:
Just curious, anyway I can use encrypted passwd for the proxyuser also? This passwd is currently in /etc/ldap.secret with perm 0600 in clear text. I've read that this has to be on every system (ldap server or client).

Whenever you are using a simple bind mechanism, you will need to store the credentials in plaintext or the moral equivalent of plaintext. This applies for replication, proxyuser, Any Old User Off The Street, etc., so long as they're using simple bind.

Not just simple bind. Also for SASL/DIGEST-MD5, i.e., any mech that ordinarily prompts the user for a password.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/