One of our middleware support staff has brought this possible exposure to our
attention:
By using the two-way encryption format, a
super user in ITDS (e.g cn=root) can run the
ldapsearch command or any other ldap client
tool to retrieve user passwords in
clear text format.
Questions: 1) - Is this scenario accurate?
2) - What changes can we make to prevent a 'root' user from
gaining this access?
TIA for your help.
Bruce Wheatley
The Canadian Depository for Securities Limited
Toronto, ON
M5H 2C9
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
