> On 14 May 2019, at 03:49, Thomas Munro <thomas.mu...@gmail.com> wrote:
> I propose a new option $SUBJECT so that users can at least add a level of > indirection and put the password in a file. +1, seems like a reasonable option to give. > Draft patch attached. I might be a bit thick, but this is somewhat hard to parse IMO: + File containing the password for user to bind to the directory with to + perform the search when doing search+bind authentication To add a little bit more security around this, does it make sense to check (on unix filesystems) that the file isn’t world readable/editable? + fd = OpenTransientFile(path, O_RDONLY); + if (fd < 0) + return -1; cheers ./daniel