[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP replication 'credentials'

Emmanuel Dreyfus wrote:
Michael Ströder <michael@stroeder.com> wrote:

Anyway either the private key has to be stored somewhere 1. in clear or
2. password-protected. 2. would require manual admin interaction during
startup. (I don't know whether that's supported at all.)

Sure, but it's not a shared secret.

Yes, but you won't gain much security compared to sending the password in clear over the wire (protected by encrypted tunnel) and let the server compare it to a hashed password. In both configurations you have to store the credentials in the client's configuration as clear-text.

Ciao, Michael.