Acceptable LDAP solutions
Shawn Debnath
sdebnath at purdue.edu
Mon May 19 13:17:57 PDT 2003
Looks like LDAP uses plain old crypt(), and I am forced into using that b/c of
the setup here. Time to make sure the LDAP server is secure at least. Thanks
for your help Gordon.
Shawn
Quoting Gordon Tetlow <gordont at gnf.org>:
> On Mon, May 19, 2003 at 02:41:27PM -0500, Shawn Debnath wrote:
> > Hi,
> >
> > Thanks for replying. Yes, we have a centralized linux LDAP server and all
> > account information and passwords are stored in it. Why are you using
> kerberos
> > instead of LDAP for passwords? Any specific gains from doing this?
>
> I'm a stickler for having account details and authentication portions
> separated. Basically passwords in LDAP are less secure than shadow
> passwords unless special care is taken with ACLs. I try to keep my
> administration nightmare to a minimum by just using Kerberos instead
> of worrying about ACLs. With the passwords not in LDAP, I don't have
> to worry about securing my directory too much.
>
> -gordon
>
--
More information about the freebsd-current
mailing list