Re: Three indepentantly stored admin passwords; a bug or a feature?
onsdag 3. mars 2004, 19:38, skrev Rune Nordbøe Skillingstad:
> On 2004-03-03 19:31:32+0100, Herman Robak wrote:
> : Having unsynchronised admin passwords for Webmin and LDAP
> : is fraught with problems. Once inside Webmin, the admin
> : should be authenticated well enough for the tasks that
> : can be performed through Webmin.
> I fully agree that unsyncronized password are a bad thing. I just want to
> make sure that root _NEVER_ is authenticated directly against ldap. That
> would be a big problem if ldap dies.
> Some kind of replication from /etc/passwd to ldap should be posible to
> «I came out of it dead broke, without a house, without anything except a
> girlfriend and a knowledge of Unix.» «Well, that's something. Normally
> those two are mutually exclusive»
> - Neal Stephenson, Cryptonomicon
What is the rationale for allowing the root-password into the LDAP-database in
the first place?
I mean; this _is_ a "publicly" available catalog-server which is (more or
less) likely to contain undisclosed exploits (though it's not been an issue
for Skolelinux this far).