lists.arthurdejong.org
RSS feed

Re: nslcd.conf: bindpw not in clear text?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd.conf: bindpw not in clear text?



On Thu, 2022-05-26 at 14:05 +0200, Andrea Sighinolfi wrote:
> I know the configuration file nslcd.conf should be accessed only by 
> root, but would be possible to write a hashed password (e.g. md5) for
> the "binddn" field instead of a clear text password?

The problem is that the password needs to be supplied to the LDAP
server as part of the BIND operation in plain text. That means a hashed
version of the password is not useful (the password is used to
authenticate nslcd to the LDAP server).

It might be better to consider other authentication methods but most of
them do end up relying on some kind of secret in one form or another.

Kind regards,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --