From owner-freebsd-isp Fri Oct 11 0:23:37 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9606F37B401 for ; Fri, 11 Oct 2002 00:23:36 -0700 (PDT) Received: from smtp01.retemail.es (smtp01.iddeo.es [62.81.186.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23EFB43EBE for ; Fri, 11 Oct 2002 00:23:30 -0700 (PDT) (envelope-from JBIANQUETTI@sadiel.es) Received: from mailscan ([62.81.202.67]) by smtp01.retemail.es (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP id <20021011072327.OGML4036.smtp01.retemail.es@mailscan> for ; Fri, 11 Oct 2002 09:23:27 +0200 Received: FROM CORREO.sadiel.es BY mailscan ; Fri Oct 11 09:20:49 2002 +0200 Received: from bsd.sadiel.es ([172.18.1.41]) by CORREO.sadiel.es with Microsoft SMTPSVC(5.0.2195.3779); Fri, 11 Oct 2002 09:23:16 +0200 Date: Fri, 11 Oct 2002 09:21:53 +0200 From: Jorge Bianquetti de las Heras To: Paulo Fragoso Cc: freebsd-isp@freebsd.org Subject: Re: Some questions about LDAP Message-Id: <20021011092153.7f8040f5.jbianquetti@sadiel.es> In-Reply-To: <200210100805.48949.paulo@nlink.com.br> References: <200210100805.48949.paulo@nlink.com.br> X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i386-portbld-freebsd4.7) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 11 Oct 2002 07:23:17.0114 (UTC) FILETIME=[116945A0:01C270F7] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Is possible someone (hacker or root) > logged into a client machine request all crypt passwords stored on LDAP > server? Yes, but you may configure slapd.conf to avoid this. access to attrs=userPassword by self write by anonymous auth by dn="cn=manager,o=XXX,c=ES" write by dn="o=XXX,c=ES" write by dn="Officer, o=XXX, c=ES" write > What is the best way (security) to centralize our passwords for answer auth > requests from a remote host using pam module? > Use SSL connections between clients and servers > Thanks, > Paulo. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Saludos, Jorge. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message