[Date Prev][Date Next]
Re: fedora and openldap
Judith Flo Gaya wrote:
> At least i could see that the password exop option in the
> pam_ldap.conf lets the server to apply the security to the password,
> so I think I can change it within the slapd.conf file.
Yes, and if you don't specify "password-hash" in slapd.conf, ssha is
used. It is the default.
> do you suggest to use salt?
ssha use salt.
> Thanks a lot for your help,
have you read rfc-3062 ?
If you configure your clients to use "password exop" you should be sure
that the clients use any kind of network protection, TLS or SSL.
TinyCA is a perl based GTK-GUI which may help you to generate certs and
Until you are ready to use TLS/SSL I sugggest that you let the client
encrypt the passwords local.