Issue #792 has been updated by Clément OUDOT. Status changed from New to Assigned Assigned to set to Clément OUDOT Priority changed from Urgent to Normal Target version set to 2.2
Hello Christian, as LSC is a client, it should have the password in clear text to be able to send it to the server. But you can configure LSC as Kerberos client, in this case, you don't have to store the password in lsc.xml, see http://lsc-project.org/wiki/documentation/howto/kerberos ---------------------------------------- Feature #792: password in lsc.xml can only be clear text http://tools.lsc-project.org/issues/792 Author: Christian Iuga Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Core Target version: 2.2 Hi, To improve the security, it's will be good to have the possiblity to set encrypted password on the lsc.xml As i have read this mail archive : " https://www.mail-archive.com/[email protected]/msg01553.html " The password should be in clear in lsc.xml, but you have to restrict the access to this file to the lsc program. Sorry to say that, but i don't want to trust on my linux server policy : Actually as it's not possible to set a encrypted password so all people with root permission where it's running the LSC (can) known critical password of ldap "administrator" of ALL providers For me it's a important security issue -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-dev mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-dev
