On 5/25/20 1:32 PM, Mario G wrote: > we would like to not have encrypted or hashed passwords (which can be easily > reverse-engineered ) in the sssd.conf config file > we would like to bind to the ldap using client certificates > [..] > is this possible with sssd ?
Use ldap_tls_cert, ldap_tls_key and ldap_sasl_mech = EXTERNAL like in this example for Æ-DIR: https://gitlab.com/ae-dir/client-examples/-/blob/master/sssd/sssd.conf.SASL_EXTERNAL#L63 Bear in mind that the private key is stored in clear on the disk. So not sure whether you gain much security over a clear-text password in a separate file. Ciao, Michael. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
