On 07/15/13 22:28, Daniel Eischen wrote:
> I think something is lost on me here. getpwent/getpwuid do
> not return the password hashes in the returned struct passwd
> unless the calling process is root. So you have to be root in
> order to see the hashes anyway. Not all users are going to
> have access to the hashes, unless your machine's compromised
> or otherwise allows root privileges to others.
My personal preference is to configure the LDAP server with this
fragment in slapd.conf ..
# lock down passwords
access to attrs=userPassword
by self write
by anonymous auth
by * none
.. which achieves everything needed without exposing anything
superfluously,
imb
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
