Date: Mon, 19 May 2003 15:10:13 -0500 From: Shawn Debnath <sdebnath@purdue.edu> To: freebsd-current@freebsd.org Cc: sdebnath@cs.purdue.edu Subject: Re: Acceptable LDAP solutions Message-ID: <1053375013.3ec93a25df857@webmail.purdue.edu> In-Reply-To: <20030519195949.GF1950@roark.gnf.org> References: <0E972CEE334BFE4291CD07E056C76ED8DB2DBE@bragi.housing.ufl.edu> <1053365929.3ec916a957190@webmail.purdue.edu> <20030519194508.GD1950@roark.gnf.org> <1053373287.3ec93367bbdff@webmail.purdue.edu> <20030519195949.GF1950@roark.gnf.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Looks like LDAP uses plain old crypt(), and I am forced into using that b/c of the setup here. Time to make sure the LDAP server is secure at least. Thanks for your help Gordon. Shawn Quoting Gordon Tetlow <gordont@gnf.org>: > On Mon, May 19, 2003 at 02:41:27PM -0500, Shawn Debnath wrote: > > Hi, > > > > Thanks for replying. Yes, we have a centralized linux LDAP server and all > > account information and passwords are stored in it. Why are you using > kerberos > > instead of LDAP for passwords? Any specific gains from doing this? > > I'm a stickler for having account details and authentication portions > separated. Basically passwords in LDAP are less secure than shadow > passwords unless special care is taken with ACLs. I try to keep my > administration nightmare to a minimum by just using Kerberos instead > of worrying about ACLs. With the passwords not in LDAP, I don't have > to worry about securing my directory too much. > > -gordon > --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1053375013.3ec93a25df857>