[Date Prev][Date Next]
Re: slurpd -d9 --- Invalid credentials
Aaron Richton wrote:
Just curious, anyway I can use encrypted passwd for the proxyuser
also? This passwd is currently in /etc/ldap.secret with perm 0600 in
clear text. I've read that this has to be on every system (ldap
server or client).
Whenever you are using a simple bind mechanism, you will need to store
the credentials in plaintext or the moral equivalent of plaintext.
This applies for replication, proxyuser, Any Old User Off The Street,
etc., so long as they're using simple bind.
Not just simple bind. Also for SASL/DIGEST-MD5, i.e., any mech that
ordinarily prompts the user for a password.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/