onsdag 3. mars 2004, 19:38, skrev Rune Nordb�e Skillingstad: > On 2004-03-03 19:31:32+0100, Herman Robak wrote: > : Having unsynchronised admin passwords for Webmin and LDAP > : is fraught with problems. Once inside Webmin, the admin > : should be authenticated well enough for the tasks that > : can be performed through Webmin. > > I fully agree that unsyncronized password are a bad thing. I just want to > make sure that root _NEVER_ is authenticated directly against ldap. That > would be a big problem if ldap dies. > > Some kind of replication from /etc/passwd to ldap should be posible to > make. > > Rune(sk) > -- > �I came out of it dead broke, without a house, without anything except a > girlfriend and a knowledge of Unix.� �Well, that's something. Normally > those two are mutually exclusive� > - Neal Stephenson, Cryptonomicon
Just wondering: What is the rationale for allowing the root-password into the LDAP-database in the first place? I mean; this _is_ a "publicly" available catalog-server which is (more or less) likely to contain undisclosed exploits (though it's not been an issue for Skolelinux this far). Gjermund Skogstad
