11 Jan
2017
11 Jan
'17
22:26
On 11.01.2017 21:45, Urs Beyerle wrote:
However, we store our ldap passwd in /etc/ldap.conf for pam_ldap authentication. Setting /etc/ldap.conf world readable allows local users to see the bind password, which is not at all ideal.
Use sssd instead of pam_ldap. It had numerous advantages: - entries caching - easier multi-domain setup - hides bind password :-) google for sssd and ldap