[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fedora and openldap

Judith Flo Gaya wrote:
> At least i could see that the password exop option in the
> pam_ldap.conf lets the server to apply the security to the password,
> so I think I can change it within the slapd.conf file.
Yes, and if you don't specify "password-hash" in slapd.conf, ssha is 
used. It is the default.

> do you suggest to use salt?
ssha use salt.

> Thanks a lot for your help,
> j

have you read rfc-3062 ?

If you configure your clients to use "password exop" you should be sure 
that the clients use any kind of network protection, TLS or SSL.

TinyCA is a perl based GTK-GUI which may help you to generate certs and 

Until you are ready to use TLS/SSL I sugggest that you let the client 
encrypt the passwords local.


Harry Jede