[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP breaks kcheckpass when not setuid root (#298148)

> On Fri, May 04, 2007 at 11:51:02PM +0200, Petter Reinholdtsen wrote:
> > Actually, you got it backwards, as explained above.  pam-ldap isn't
> > using the password hash to check the password.  It is passing the
> > password over to the LDAP server (using an LDAP bind), and letting the
> > LDAP server decide if the password is correct or not.

[Roberto C. Sánchez]
> You mean that the passwords go in the clear?

Yes, unless you are securing the entire LDAP session, using SSL.

Attachment: signature.asc
Description: Digital signature

Reply to: