[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: R: Security issue : userPassword is shown

NUNIN Roberto wrote:
> To avoid this behavior, I've added the instruction:
> pam_crypt       local
> in /etc/openldap/ldap.conf

This enables client-side hashing but only for components using pam_ldap.

Please note: Even if the values of userPassword are hashed you should
have appropriate access control in place. Otherwise an attacker can
conduct off-line dictionary attacks.

Before just doing arbitrary configuration modifications you should learn
which options you have and which implications there are:


Ciao, Michael.