[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security issue : userPassword is shown

On Thu, 2008-10-23 at 09:58 +0800, Paul Lee wrote:
> Hi all,
> I use a 3rd party LDAP browser to browse the users that I created.  I 
> can see the userPassword clearly (plain text).
> Is there any way to avoid this ?
> When I use slapcat command to export to LDIF file, the userPassword 
> field is encrypted, but why using 3rd party browser will show the 
> password in plain text ?
> Thanks

The Base64 encoded value you see in slapcat isn't encryption of any
sort, it just handled the value in such a way that it can't be
misinterpreted as having special meaning in an LDIF file.  

You need to use access control rules to determine what attributes are
visible remotely. 

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part