[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Increase default olcLocalSSF to 128

To: Dieter Klünter <dieter@dkluenter.de>
Subject: Re: Increase default olcLocalSSF to 128
From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 26 Jul 2018 13:38:30 +0200
Cc: openldap-devel@openldap.org
Content-language: en-MW
In-reply-to: <f6fb9f1a-d99e-0fde-bf47-9c57a2073fe5@usit.uio.no>
References: <20180726024740.3xayjjz7rkqt5tz4@kiwi.nardis.ca> <b1f679f0-eccb-98c2-ff85-e4b555495dd4@stroeder.com> <20180726090424.3d37124c@pink.fritz.box> <f6fb9f1a-d99e-0fde-bf47-9c57a2073fe5@usit.uio.no>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

I wrote:

(...) any particular value will be wrong for someone.
Depends on how safe your filesystem setup is and whether it's easier
to break in to get at the ldapi socket than it is to just attack slapd.


I forgot:

You could forge ldapi: credentials in early OpenLDAP versions,
depending on whether the OS provided a safe way to pass user
credentials or not.  There's some hack in place now for OSes which
don't, but I seem to remember I never felt all that trustful of it.

--
Hallvard

Follow-Ups:
- Re: Increase default olcLocalSSF to 128
  - From: Michael Ströder <michael@stroeder.com>

References:
- Increase default olcLocalSSF to 128
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: Increase default olcLocalSSF to 128
  - From: Michael Ströder <michael@stroeder.com>
- Re: Increase default olcLocalSSF to 128
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Increase default olcLocalSSF to 128
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Increase default olcLocalSSF to 128
Next by Date: Re: Increase default olcLocalSSF to 128
Index(es):
- Chronological
- Thread