[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd -d9 --- Invalid credentials

To: Aaron Richton <richton@nbcs.rutgers.edu>
Subject: Re: slurpd -d9 --- Invalid credentials
From: Howard Chu <hyc@symas.com>
Date: Tue, 18 Jul 2006 15:27:58 -0700
Cc: Steven Wong <slqwong@yahoo.com>, openLDAP software <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.SOC.4.64.0607181759340.19112@toolbox.rutgers.edu>
References: <20060718213800.41648.qmail@web82713.mail.mud.yahoo.com> <Pine.SOC.4.64.0607181759340.19112@toolbox.rutgers.edu>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060716 SeaMonkey/1.5a

Aaron Richton wrote:

Just curious, anyway I can use encrypted passwd for the proxyuser also? This passwd is currently in /etc/ldap.secret with perm 0600 in clear text. I've read that this has to be on every system (ldap server or client).
Whenever you are using a simple bind mechanism, you will need to store the credentials in plaintext or the moral equivalent of plaintext. This applies for replication, proxyuser, Any Old User Off The Street, etc., so long as they're using simple bind.

Not just simple bind. Also for SASL/DIGEST-MD5, i.e., any mech that ordinarily prompts the user for a password.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- Re: slurpd -d9 --- Invalid credentials
  - From: Steven Wong <slqwong@yahoo.com>
- Re: slurpd -d9 --- Invalid credentials
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: slurpd -d9 --- Invalid credentials
Next by Date: Re: Specify a URI with multiple servers?
Index(es):
- Chronological
- Thread