I have a IPA server running on CentOS server. I have multiple Solaris boxes
that use this IPA server for SSH authentication.
When configuring the Solaris hosts to be IPA clients, one of the things i
had to do was to configure LDAP. This involved editing the /etc/ldap.conf
file. It looks like this now -

binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
bindpw <password in plain text>
 ssl start_tls
tls_cacertfile /var/ldap/cer8.db
tls_checkpeer yes
 bind_timelimit 5
timelimit 15
 uri ldap://example.com
sudoers_base ou=SUDOers,dc=example,dc=com
 TLS_CERT /var/ldap/cer8.db

As you can see, the bind password is being stored in clear text.
Is there a workaround for this? Has someone done this on a Solaris-11

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to