On Wed, Mar 28, 2007 at 12:45:04PM -0400, Mike Erdely wrote:
> What I've decided to do since I can't make this work ('cause I'm an
> idiot) and pserver is insecure and sucks, I'm going to set local
> passwords for users that require pserver that are different from their
> LDAP password. That way, their LDAP password won't go in the clear.
Just another thought I had 1/2 a second after hitting 'send'...
Maybe SSH tunneling and/or authpf is useful here? You could get fancy
with a full VPN - IPsec is well-supported by OpenBSD, and can be made to
work on other systems, and OpenVPN is easy to install - but forwarding
2401/tcp most likely suffices.
Joachim
