From owner-freebsd-isp Thu Oct 10 6: 0: 3 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDC0B37B404 for ; Thu, 10 Oct 2002 06:00:01 -0700 (PDT) Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by mx1.FreeBSD.org (Postfix) with SMTP id B9BC443EA9 for ; Thu, 10 Oct 2002 05:59:59 -0700 (PDT) (envelope-from paulo@nlink.com.br) Received: (qmail 54755 invoked by uid 85); 10 Oct 2002 12:59:57 -0000 Received: from paulo@nlink.com.br by mirage.nlink.com.br by uid 82 with qmail-scanner-1.12 (avp. Clear:. Processed in 1.262557 secs); 10 Oct 2002 12:59:57 -0000 Received: from j1.nlink.com.br (200.249.195.30) by mirage.nlink.com.br with SMTP; 10 Oct 2002 12:59:55 -0000 Content-Type: text/plain; charset="us-ascii" From: Paulo Fragoso To: amutsch@abaid.com Subject: Re: Some questions about LDAP Date: Thu, 10 Oct 2002 09:59:54 -0300 X-Mailer: KMail [version 1.4] Cc: freebsd-isp@FreeBSD.ORG References: <200210100805.48949.paulo@nlink.com.br> <20021010124317.48272.qmail@fap.abaid.com> In-Reply-To: <20021010124317.48272.qmail@fap.abaid.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200210100959.54455.paulo@nlink.com.br> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thursday 10 October 2002 09:43, amutsch@abaid.com wrote: > I would use Radius for that. > Regards Andreas But pam_radius on client send packets without provide secure encrypted=20 communications between clients and servers. With LDAP we can add more specific information this way we can filter tha= t at=20 pam_ldap client, ex: # Filter to AND with uid=3D%s pam_filter ou=3Disdn-client > > Paulo Fragoso writes: > > Hi, > > > > We are thinking to change our /etc/(master.)passwd schema to LDAP, bu= t we > > have some doubts about security. We will have a LDAP server and some > > clients for only auth requests using pam_ldap. Is possible someone > > (hacker or root) logged into a client machine request all crypt passw= ords > > stored on LDAP server? > > > > What is the best way (security) to centralize our passwords for answe= r > > auth requests from a remote host using pam module? > > > > Thanks, > > Paulo. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message