[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_password exop

On Wed, Sep 12, 2012 at 04:59:36PM +0200, teoman.onay@degroof.be wrote:
> Does this mean that the password is sent clear to the ldap server then 
> hashed over there ? It looks like a huge security flaw ...

The benefit is that slapd decides on the hash, password policies can 
be enforced, you can generate both Unix and NT hashes at the same time...
But it seems it assumes you use TLS or local socket.

Emmanuel Dreyfus