[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: bindmethod and credentials in slurpd replication.

Thanks Mike and Zdenek,

I fought with the server team all the way up in the hierarchy.
Unfortunately, we are subcontractors providing them a solution. I wish I can
make them understand the reality. I think redhat stopped at 2.2 for RHEL4
and they are providing 2.3 for RHEL5.

So the bottom line is that any ldap client should provide clear text
passwords. Be it in config file or command line.

Thanks for the clarification guys. I really appreciate it.

-To love is to risk not being loved in return. To hope is to risk pain. To
try is to risk failure, but risk must be taken because the greatest hazard
in life is to risk nothing.




-----Original Message-----
From: openldap-technical-bounces+bangaru.adabala=gmail.com@OpenLDAP.org
On Behalf Of Zdenek Styblik
Sent: Friday, July 10, 2009 3:01 PM
To: Michael Ströder
Cc: openldap-technical@openldap.org
Subject: Re: bindmethod and credentials in slurpd replication.

Michael Ströder wrote:
> Zdenek Styblik wrote:
>> Michael Ströder wrote:
>>> Sai wrote:
>>>> But when defining ?replica?, I got the following
>>>> questions.
>>>> 1)        For credentials, can I use hashed password like for rootpw
>>> No, credentials have to provided in clear since slurpd is a LDAP client
>>> to the slave.
>> a bit off topic, but is this also valid for 2.4.x series?
> slurpd is not available in 2.4.x anymore.

I'm sorry, I just took this as common.

>> perhaps SALS would allow hashed passwords?
> No. E.g. SASL bind DIGEST-MD5 needs the clear-text password in the
> config(!) to be able to generate the hash over the challenge value and
> the clear-text password. A hash is transmitted over wire though.

Yep. But I've meant hashed password in config (and so did Sai).
I was just curious, if I haven't overlooked something :)


Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net