From: Sergey Vlasov <vsu@altlinux.ru>
To: Sysadmins@lists.altlinux.org
Subject: Re: [Sysadmins] LDAP + пароли для пользователей в blowfish
Date: Thu, 9 Dec 2010 21:20:21 +0300
Message-ID: <20101209212021.298bff75@atlas.home> (raw)
In-Reply-To: <AANLkTi=0boRMTdB+51MCR1S3aEsWejarjAe-4Eig7Oc4@mail.gmail.com>
On Thu, 9 Dec 2010 12:55:22 +0300 Andrew V. Stepanov wrote:
> У меня на LDAP сервере поле userPassword выставлено в :
> {SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
> В /etc/pam_ldap.conf включена опция "pam_password crypt".
>
> При такой конфигурации пароль всеравно передается в открытом виде?
Если в /etc/pam_ldap.conf написано "uri ldap://..." - именно в
открытом виде. Нужно настраивать TLS, вписывать uri ldaps://...,
pam_password exop (должно работать с openldap), а тип хеша выбирать в
настройках openldap (password-hash, password-crypt-salt-format).
prev parent reply other threads:[~2010-12-09 18:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-09 8:24 Andrew V. Stepanov
2010-12-09 8:32 ` Vitaly Kuznetsov
2010-12-09 8:43 ` Andrew V. Stepanov
2010-12-09 9:36 ` Sergey Vlasov
2010-12-09 9:55 ` Andrew V. Stepanov
2010-12-09 18:20 ` Sergey Vlasov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101209212021.298bff75@atlas.home \
--to=vsu@altlinux.ru \
--cc=Sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git