Protecting the bindpw in /etc/ldap.conf

[Kenneth Holter]

Removing the world readable bit from /etc/ldap.conf results in the famous "I
have no name" error message when logging in with an LDAP account. So it
looks like world needs to be able to read this file. Anyone else got tips on
how to protect the bind password located in that file?

- Kenneth

On Thu, Mar 4, 2010 at 4:05 PM, Marti, Robert <RJM002 at shsu.edu> wrote:

> Even if LDAP is the requirement - /etc/ldap.conf doesn't have to be world
> readable, does it?
>
> Rob Marti
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:
> redhat-list-bounces at redhat.com] On Behalf Of Stainforth, Matthew (SD/DS)
> Sent: Thursday, March 04, 2010 7:58 AM
> To: redhat-list at redhat.com
> Subject: RE: Protecting the bindpw in /etc/ldap.conf
>
> > We're about to set up our RHEL servers to authenticate againts Active
> > Directory (AD) 2008. I'd like to protect the binding user password
> > (i.e.
> > bindpw) so that regulars users can't get hold of it. Are others doing
> > this
> > too, or does one not consider this as a security issue? If protecting
> > it,
> > how to you set up this?
>
> Kerberos is what I use instead of LDAP and it doesn't require a password,
> at least in my environment.
>
> Matt
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>