[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?
monyo at monyo.com
Wed Jan 12 08:56:03 MST 2011
2011/1/12 Konstantin Boyandin <temmokan at gmail.com>:
> smbldap-passwd may be called by non-root; thus,
> must be world-readable, and it keeps the passwords as plain text.
smbldap-passwd accesses to LDAP as a user who invoked itself.
This behavior is different from Samba itself as always accesses as
a user defined with "ldap admin dn".
So simply set 600 to smbldap_bind.conf will solve the problem.
Also you need to add "by self write" to both sambaLMPassword
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba