Re: LDAP breaks kcheckpass when not setuid root (#298148)

To: debian-devel@lists.debian.org
Cc: Peter Samuelson <peter@p12n.org>
Subject: Re: LDAP breaks kcheckpass when not setuid root (#298148)
From: Russell Coker <russell@coker.com.au>
Date: Mon, 7 May 2007 09:57:53 +1000
Message-id: <[🔎] 200705070957.54744.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20070505061336.GG3066@p12n.org>
References: <[🔎] 20070504112317.GA6069@laptux.workaround.org> <[🔎] 20070504222317.GD32489@miami.connexer.com> <[🔎] 20070505061336.GG3066@p12n.org>

On Saturday 05 May 2007 16:13, Peter Samuelson <peter@p12n.org> wrote:
> [Roberto C. Sánchez]
>
> > You mean that the passwords go in the clear?
>
> Yes, unless you are securing the entire LDAP session, using SSL.

Does the pam_ldap module allow you to store the SSL key for the server or 
authenticate the server with a certificate?

If not then SSL only stops passive sniffing not a MITM attack.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to:

Follow-Ups:
- Re: LDAP breaks kcheckpass when not setuid root (#298148)
  - From: Josselin Mouette <joss@debian.org>

References:
- LDAP breaks kcheckpass when not setuid root (#298148)
  - From: Christoph Haas <haas@debian.org>
- Re: LDAP breaks kcheckpass when not setuid root (#298148)
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: LDAP breaks kcheckpass when not setuid root (#298148)
  - From: Peter Samuelson <peter@p12n.org>

Prev by Date: wordpress packages
Next by Date: Re: Mandatory -dbg packages for libraries?
Previous by thread: Re: LDAP breaks kcheckpass when not setuid root (#298148)
Next by thread: Re: LDAP breaks kcheckpass when not setuid root (#298148)
Index(es):
- Date
- Thread