On 14 Mar 00, at 10:26, Felicetti, Stephen A. wrote:
> I'm authenticating against LDAP, and all is working fine.
> Here's the problem....in order for me to gain access to the password
> attribute, I must bind as the admin user. Is there anyway to use a NON
> plain text password in the config file?
>
> I can create a non admin user account that can have access to the
> password attribute, but I would still want that password encrypted.
I've hacked a 2.14 module so that it binds as the radius-supplied
username(*) using the radius-supplied password and get the
authentication or rejection from that - so no admin-user details in
the config file and no password attributes in the LDAP tree (it
authenticates against the one-way hashed password in the underlying
NDS tree, which is suitably secure).
(* - actually it does an anonymous bind and search to get the fully
qualified DN of the radius username first, and then uses that on an
authenticated bind)
I understand that 2.15 can do something like this more elegantly than
my appalling code (which I posted to the list some months ago during
development)..?
M.
--
Mark O'Leary, Manchester Computing, UK
PGP Key and Further Details:
http://lucy.mcc.ac.uk/mark/mark.html
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
