2010/1/27 Sergio A. Morales <[email protected]> > On Wed, 2010-01-27 at 19:43 -0300, Ldap Tester wrote: > > > But I have set > > pam_password clear > > in /etc/ldap.conf on both fedora machines. > > I rely on ssl for security. > > I had to do this in order to get password syncing with windows to work at > all. > > > > Shouldn't that take care of the problem you describe above? > > -- > > 389 users mailing list > > [email protected] > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > No. That only transmit the password "plain" to the 389DS. Then 389DS > encript the password with SSHA, then MMR writes in the other server. > > So, F12 can't capture a plain password. > > Other option is set Password encript to CLEAR en your F11, but it's > obviously insecure (go to 389-consle, then > Configuration->DATA->Password->Password Encription in the bottom). > >
Would that really be so insecure if I always use ssl? Opinions?
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
