On 06/24/2015 09:21 PM, quest monger wrote:
I have a IPA server running on CentOS server. I have multiple Solaris boxes that use this IPA server for SSH authentication. When configuring the Solaris hosts to be IPA clients, one of the things i had to do was to configure LDAP. This involved editing the /etc/ldap.conf file. It looks like this now -

binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
bindpw <password in plain text>
ssl start_tls
tls_cacertfile /var/ldap/cer8.db
tls_checkpeer yes
bind_timelimit 5
timelimit 15
uri ldap://example.com <http://example.com/>
sudoers_base ou=SUDOers,dc=example,dc=com
TLS_CERT /var/ldap/cer8.db

As you can see, the bind password is being stored in clear text.
Is there a workaround for this? Has someone done this on a Solaris-11 platform?


AFAIR Solaris should have some kind of the obfuscation scheme at least used to but it might be buried in some manuals.
It might be a feature or switch of the ldapclient command.

Thank you,
Dmitri Pal

Director of Engineering for IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to