[Date Prev][Date Next]
Re: R: Security issue : userPassword is shown
NUNIN Roberto wrote:
> To avoid this behavior, I've added the instruction:
> pam_crypt local
> in /etc/openldap/ldap.conf
This enables client-side hashing but only for components using pam_ldap.
Please note: Even if the values of userPassword are hashed you should
have appropriate access control in place. Otherwise an attacker can
conduct off-line dictionary attacks.
Before just doing arbitrary configuration modifications you should learn
which options you have and which implications there are: