****Re: ****Re: Linux Administration - Users in (any) database howto/why...
Craig White
craigwhite at azapple.com
Fri Jan 2 17:40:17 MST 2009
On Fri, 2009-01-02 at 16:40 -0700, Joe wrote:
> Good point on TLS. The /etc/ldap.secret is where I had the problem. If
> you put that file on an end users machine, wouldn't they be able to boot
> into single user mode or sudo and read that file? Doesn't that file
> provide the keys to the kingdom? Once you have full read access to the
> directory. can't you read all the user id's and hashes and gain access
> to every other system? Sorry if this was already a hackfest activity and
> I missed it.
----
and I should mention that if you want to get around that issue, you
implement kerberos in addition to LDAP.
Craig
More information about the PLUG-discuss
mailing list