[email protected] wrote: > Full_Name: Yo Lau > Version: 2.3.32 > OS: SUSE Linux Enterprise Server 10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (12.130.146.228) >
OpenLDAP 2.3.32 is over 6 years old and long since unsupported. nss_ldap is not a piece of OpenLDAP software. Contact SuSE for support, this ITS will be closed. > When nss_ldap uses LDAP authentication with binding method, the bindpw stored > in > ldap.conf is clear text. > However on Solaris NS_LDAP_BINDPASSWD could be stored in encrypted string. > There > is no password obfuscation with nss_ldap. > So we considered it is a security issue and will affect the result of security > audit. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
