Re: nslcd.conf: bindpw not in clear text?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Andrea Sighinolfi <andrea.sighinolfi [at] sitti.it>, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd.conf: bindpw not in clear text?
Date: Thu, 26 May 2022 14:37:47 +0200

On Thu, 2022-05-26 at 14:05 +0200, Andrea Sighinolfi wrote:
> I know the configuration file nslcd.conf should be accessed only by 
> root, but would be possible to write a hashed password (e.g. md5) for
> the "binddn" field instead of a clear text password?

The problem is that the password needs to be supplied to the LDAP
server as part of the BIND operation in plain text. That means a hashed
version of the password is not useful (the password is used to
authenticate nslcd to the LDAP server).

It might be better to consider other authentication methods but most of
them do end up relying on some kind of secret in one form or another.

Kind regards,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

Re: nslcd: passwords in clear text even if TLS is configured, (continued)

Prev by Date: [0.9.x] Invalid nslcd version id: 0x01000000 in Centos7.9
Next by Date: Re: [0.9.x] Invalid nslcd version id: 0x01000000 in Centos7.9
Previous by thread: nslcd.conf: bindpw not in clear text?
Next by thread: fatal error: opening dependency file