[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [GOsa] last(?) missing bit to use gosa in debian-edu out of the box

Am Montag 10 Mai 2010, 12:15:05 schrieb Andreas B. Mundt:
> Hi all,
> as you probably noticed I currently try to implement gosa in
> debian-edu as admin tool to manage users and groups (so far). To use
> gosa out of the box after installation, I already prepared the
> necessary configurations and the templates added to ldap during
> ldap-bootstrap, and things look promising.
> I currently have only one problem left: How to put the ldap rootdn
> password in the gosa.conf file. After the (cleartext) password has
> been dropped there during install, we can use gosa-encrypt-passwords to
> encrypt it and make sure no cleartext passwords remain.
> Afaik, we drop the root password hash (for example into ldap) during
> install to allow password checks, but we have no cleartext password
> around.
> Is it possible to base the gosa password check on that hash (dropped
> somewhere during install) too? Or are there any other ways to avoid
> cleartext even during installation?

Hmm. I'm not sure if I understand what you're trying to do... GOsa needs the 
(effective) clear text password to authenticate itself to the LDAP service. The 
hashing used by "gosa-encrypt-password" is just to avoid that the 
authentication data is readable by any other 'whatsoever' running as www-data.

If you know the password before installing, you need to generate the key set 
in the gosa-apache.conf and the one in the gosa.conf to make the final 
authentication work.


Reply to: