Tim Cutts wrote:
> That's very similar to what we're doing.  We're using Sun Directory
> Server, because there's an additional piece of software for that (whose
> name escapes me) which can nicely handle data synchronisation between
> SDS and AD.
> 

Is that SDS the same one that used to be Netscape Directory Server is
now Red Hat Directory Server/Fedora Directory Server? If so, read on.

I looked at implementing Fedora Directory Server a few months ago to
provide LDAP services to our Linux systems and synchronize passwords
with our AD servers. To do this, it must store the user passwords in
cleartest in the replication logs, where they are in LDIF format, and
clearly labelled as clear-text passwords. Even if you shorten the
retention time of the replication logs, there is still another log file
which, as far as my experimentation detemined, keep the clear-text
passwords around forever.

I decided this was completely unsafe and abandoned the project. Not long
after (the next day, in fact) Slashdot reported that people had been
hack into Redhat/Fedora Directory server.

--
Prentice
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit 
http://www.beowulf.org/mailman/listinfo/beowulf

Reply via email to