From owner-freebsd-isp Thu Oct 10 4: 5:57 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA72337B401 for ; Thu, 10 Oct 2002 04:05:56 -0700 (PDT) Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 467C643E77 for ; Thu, 10 Oct 2002 04:05:55 -0700 (PDT) (envelope-from paulo@nlink.com.br) Received: (qmail 57258 invoked by uid 85); 10 Oct 2002 11:05:51 -0000 Received: from paulo@nlink.com.br by mirage.nlink.com.br by uid 82 with qmail-scanner-1.12 (avp. Clear:. Processed in 1.995174 secs); 10 Oct 2002 11:05:51 -0000 Received: from j1.nlink.com.br (200.249.195.30) by mirage.nlink.com.br with SMTP; 10 Oct 2002 11:05:49 -0000 Content-Type: text/plain; charset="us-ascii" From: Paulo Fragoso Subject: Some questions about LDAP Date: Thu, 10 Oct 2002 08:05:48 -0300 X-Mailer: KMail [version 1.4] To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200210100805.48949.paulo@nlink.com.br> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, We are thinking to change our /etc/(master.)passwd schema to LDAP, but we= have=20 some doubts about security. We will have a LDAP server and some clients f= or=20 only auth requests using pam_ldap. Is possible someone (hacker or root)=20 logged into a client machine request all crypt passwords stored on LDAP=20 server? What is the best way (security) to centralize our passwords for answer au= th=20 requests from a remote host using pam module? Thanks, Paulo. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message