[LUNI] Certificate rather than ldap.secret?
Keith T. Garner
kgarner at kgarner.com
Mon Dec 20 21:30:34 CST 2004
On Fri, Dec 17, 2004 at 05:05:31, David Ehle said:
>
> Howdy All,
>
> Looking at setting up LDAP for on of my groups. Reading through
> howto's I keep running into /etc/ldap.secret. The idea of having a
> clear text password on all my clients that would allow anyone who
> steals a hard drive to get all my passwords for the whole cluster of
> machines sounds horrible to me. I have found one blurb about using
> a certificate instead with RH Enterprise 3. Is there an LDAP expert
> out there who can point me in the right direction in regards to
> setting up this method for Debian Sarge?
>From my understanding, the only reason one needs /etc/ldap.secret is
if you're going to allow users to change their passwords via passwd.
You can get around this by having ldap direct pam to spit out a
"please visit this URL to change your password." Although, I
personally really hate that solution, but it can be useful in some
situations.
I've never tried the certificate thing in this instance myself.
Keith
--
Keith T. Garner kgarner at kgarner.com
"Make no little plans; they have no magic to
stir men's blood." - Daniel H. Burnham
More information about the luni
mailing list