[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?
Konstantin Boyandin
temmokan at gmail.com
Wed Jan 12 09:30:02 MST 2011
01/12/2011 09:56 PM, TAKAHASHI Motonobu пишет:
> 2011/1/12 Konstantin Boyandin <temmokan at gmail.com>:
>> smbldap-passwd may be called by non-root; thus,
>> /etc/smbldap-tools/smbldap_bind>conf
>> must be world-readable, and it keeps the passwords as plain text.
>
> smbldap-passwd accesses to LDAP as a user who invoked itself.
>
> This behavior is different from Samba itself as always accesses as
> a user defined with "ldap admin dn".
>
> So simply set 600 to smbldap_bind.conf will solve the problem.
Yes, that did the trick, thank you!
I thought the bind configuration should also be world readable.
> Also you need to add "by self write" to both sambaLMPassword
> and sambaNTPassword.
Yes, that has been set up and tested before I posted the question.
Sincerely,
Konstantin
More information about the samba
mailing list