SLUG Mailing List Archives
Re: [SLUG] Hiding LDAP binddn/passwd
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Hiding LDAP binddn/passwd
- From: Del <del@xxxxxxxxxxxx>
- Date: Sat, 22 Apr 2006 10:48:36 +1000
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20060210 Fedora/1.7.12-1.3.3.legacy
Beav Petrie wrote:
Any ways to hide LDAP binddn/passwd so
if I connect as user 'myname' and passwd 'mypass'
(not connecting as 'anonymous') I enter:
<something> will not include 'myname'/'mypass'.
I know this command: $ldapsearch -x -D
-w mypass (Don't want to show mypass or enter mypass with a -W option)l
There are a lot of different ldapsearch'es out there, so the
answer will vary with each one. For the time being I'll assume
you are using OpenLDAP.
The obvious, but complex, answer is to use SASL & Kerberos. Then
you just get the tgt once and from then on you're bound to the
server. That's a whole minefield of things that need setting up
so I suggest you google about for it a bit, there is plenty of
The next obvious answer is to use -y passwdfile, where passwdfile
contains the password you want to use. That file should be somewhere
where nobody else can find it, and where only you can read it, and
even then I wouldn't trust it.