From owner-freebsd-current@FreeBSD.ORG Mon May 19 13:17:57 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 121B837B40A for ; Mon, 19 May 2003 13:17:57 -0700 (PDT) Received: from herald.cc.purdue.edu (herald.cc.purdue.edu [128.210.11.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B43944015 for ; Mon, 19 May 2003 13:17:54 -0700 (PDT) (envelope-from sdebnath@purdue.edu) Received: from localhost (wm-cpu6.itcs.purdue.edu [128.210.11.238]) h4JKHrnc028548; Mon, 19 May 2003 15:17:53 -0500 (EST) Received: from dhcp189-014.cc.purdue.edu (dhcp189-014.cc.purdue.edu [128.210.189.14]) by webmail.purdue.edu (IMP) with HTTP for ; Mon, 19 May 2003 15:10:13 -0500 Message-ID: <1053375013.3ec93a25df857@webmail.purdue.edu> Date: Mon, 19 May 2003 15:10:13 -0500 From: Shawn Debnath To: freebsd-current@freebsd.org References: <0E972CEE334BFE4291CD07E056C76ED8DB2DBE@bragi.housing.ufl.edu> <1053365929.3ec916a957190@webmail.purdue.edu> <20030519194508.GD1950@roark.gnf.org> <1053373287.3ec93367bbdff@webmail.purdue.edu> <20030519195949.GF1950@roark.gnf.org> In-Reply-To: <20030519195949.GF1950@roark.gnf.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2-cvs cc: sdebnath@cs.purdue.edu Subject: Re: Acceptable LDAP solutions X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sdebnath@cs.purdue.edu List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2003 20:17:57 -0000 Looks like LDAP uses plain old crypt(), and I am forced into using that b/c of the setup here. Time to make sure the LDAP server is secure at least. Thanks for your help Gordon. Shawn Quoting Gordon Tetlow : > On Mon, May 19, 2003 at 02:41:27PM -0500, Shawn Debnath wrote: > > Hi, > > > > Thanks for replying. Yes, we have a centralized linux LDAP server and all > > account information and passwords are stored in it. Why are you using > kerberos > > instead of LDAP for passwords? Any specific gains from doing this? > > I'm a stickler for having account details and authentication portions > separated. Basically passwords in LDAP are less secure than shadow > passwords unless special care is taken with ACLs. I try to keep my > administration nightmare to a minimum by just using Kerberos instead > of worrying about ACLs. With the passwords not in LDAP, I don't have > to worry about securing my directory too much. > > -gordon > --