Re: fedora and openldap

[harry.jede@arcor.de]

Judith Flo Gaya wrote:
...
> At least i could see that the password exop option in the
> pam_ldap.conf lets the server to apply the security to the password,
> so I think I can change it within the slapd.conf file.
Yes, and if you don't specify "password-hash" in slapd.conf, ssha is 
used. It is the default.

> do you suggest to use salt?
ssha use salt.

> Thanks a lot for your help,
> j

BTW
have you read rfc-3062 ?
http://www.faqs.org/rfcs/rfc3062.html

If you configure your clients to use "password exop" you should be sure 
that the clients use any kind of network protection, TLS or SSL.

TinyCA is a perl based GTK-GUI which may help you to generate certs and 
keys.

Until you are ready to use TLS/SSL I sugggest that you let the client 
encrypt the passwords local.

-- 

Harry Jede