[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP breaks kcheckpass when not setuid root (#298148)

On Sat, May 05, 2007 at 01:13:36AM -0500, Peter Samuelson wrote:
> > On Fri, May 04, 2007 at 11:51:02PM +0200, Petter Reinholdtsen wrote:
> > > Actually, you got it backwards, as explained above.  pam-ldap isn't
> > > using the password hash to check the password.  It is passing the
> > > password over to the LDAP server (using an LDAP bind), and letting the
> > > LDAP server decide if the password is correct or not.
> [Roberto C. Sánchez]
> > You mean that the passwords go in the clear?
> Yes, unless you are securing the entire LDAP session, using SSL.

OK.  Thanks.



Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: