[Date Prev][Date Next]
Re: OpenLDAP replication 'credentials'
Emmanuel Dreyfus wrote:
Michael Ströder <email@example.com> wrote:
Anyway either the private key has to be stored somewhere 1. in clear or
2. password-protected. 2. would require manual admin interaction during
startup. (I don't know whether that's supported at all.)
Sure, but it's not a shared secret.
Yes, but you won't gain much security compared to sending the password
in clear over the wire (protected by encrypted tunnel) and let the
server compare it to a hashed password. In both configurations you have
to store the credentials in the client's configuration as clear-text.