Hi, this is just an idea. We plan to set up some LDAP directory as addressbook. Maybe it's possible to make user authorisations via LDAP. I think I've heard abount a "pam_ldap" module. For linux this could work. Maybe there's some solution for Windows, too, maybe samba or Win2K. Can (Open-) LDAP be used as YP replacement? When useing MD5 hashes (shouldn't be a problem, I guess) it would be more secure than YP. Does anybody tried such things in practise? Is it stable or experimental stuff only? Is LDAP itself maybe a security problem? What are the disadvantages? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
this is just an idea. We plan to set up some LDAP directory as addressbook. Maybe it's possible to make user authorisations via LDAP. I think I've heard abount a "pam_ldap" module. For linux this could work. Maybe there's some solution for Windows, too, maybe samba or Win2K.
Can (Open-) LDAP be used as YP replacement? When useing MD5 hashes (shouldn't be a problem, I guess) it would be more secure than YP.
LDAP use SASL, and SASL supports the following mechanisms: ANONYMOUS CRAM-MD5 DIGEST-MD5 GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5) KERBEROS_V4 PLAIN you can also tell SASL to use pam.
Does anybody tried such things in practise? Is it stable or experimental stuff only? Is LDAP itself maybe a security problem?
All LDAP requests may be encrypted using SSL, so it shouldn't be a problem. Check out http://www.mi.infn.it/~lobiondo/ldapnis.pdf Further questions (bout' setup) should be posted to the OpenLDAP mailinglist or PADL's mailinglist (pam_ldap). -- Ørnulf Nielsen
A problem with most implementations of ssh has been found. http://www.securityfocus.com/bid/2345 []s Davi
A problem with most implementations of ssh has been found.
This only effects SSH1 not current releases of SSH2 or OpenSSH. M
participants (4)
-
Davi
-
Mr. M
-
Steffen Dettmer
-
Ørnulf Nielsen