[lug] pam_ldap and passwd
Nick Golder
purenrg at hiveportal.net
Wed Apr 30 07:52:58 MDT 2003
On 03-04-30 09:20 -0400, the infamous Hugh Brown uttered:
>
> I have the above line followed by md5 shadow, are the passwords in ldap
> crypt'ed or are they in md5 format?
>
Without knowing which LDAP database you are using, we can only
speculate. I know that OpenLDAP (unless the default config has changed)
stores their passwords in plaintext. In order to use some sort of
encryption, you have to specify:
userPassword: {ENCRYPTION_SCHEME_HERE}
Your options are {CRYPT, UNIX, SHA, SSHA, MD5, SMD5}. You can also use
third party authentication packages like Kerberos. That would look
like:
userPassword: {KERBEROS}username at KERBEROS_REALM
Someone may be able to answer this one for me, are transactions passed
from the client to the server in plaintext (kinda like telnet)? I can't
test this because I always have used SSL/TLS when it is an available
options. Otherwise, I just use SSH.
--
-Nick Golder
http://www.hiveportal.net
More information about the LUG
mailing list