Hi,

IPA has really been a great Project.
But, I was really concerned about the security of IPA
I have been testing it on RHEL 7 Beta for some time.
ldapsearch is able to fetch the details from the IPA Server without
Authentication.
I would appreciate if IPA team could work on securing the IPA Server as it
the most critical server if installed in an infrastructure.
It exposes the details of all the users/admins in the environment.
There should be a user that the IPA should use to fetch the details from
the IPA Servers. Without Authentication , no one should be able to fetch
any information from the IPA Server.

-- 
Regards,
Rajnesh Kumar Siwal
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to