[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?
TAKAHASHI Motonobu
monyo at monyo.com
Wed Jan 12 08:56:03 MST 2011
2011/1/12 Konstantin Boyandin <temmokan at gmail.com>:
> smbldap-passwd may be called by non-root; thus,
> /etc/smbldap-tools/smbldap_bind>conf
> must be world-readable, and it keeps the passwords as plain text.
smbldap-passwd accesses to LDAP as a user who invoked itself.
This behavior is different from Samba itself as always accesses as
a user defined with "ldap admin dn".
So simply set 600 to smbldap_bind.conf will solve the problem.
Also you need to add "by self write" to both sambaLMPassword
and sambaNTPassword.
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list