[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Root Passwd and Credentials

Aaron Richton wrote:
I don't think you gain any special advantages by encrypting (or not) in a
slapd.conf context versus any other encryption application. Like most
password encryption, it largely boils down to speed bumps in the face of a
preexisting access vector.

I think the more direct answer is "this is why the docs tell you to use a different identity and password for the replication account."

On Tue, 13 Nov 2007, Peter Clark wrote:

Heh, thanks for the warning about the rootpw. I used an example of one from
the internet. :)

If you cannot supply an encrypted password in the credentials= field and you
have both the rootpw= and credentials= visible in the slapd.conf does it
serve any purpose for encrypting the rootpw in the slapd.conf? Or is there
another purpose to encrypting it other than to stop someone from parsing the
file and getting it?

I hope that makes sense.

-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/