[Samba] smbldap-tools security: how to keep passwords in smbldap_bind.conf secure?
temmokan at gmail.com
Wed Jan 12 09:30:02 MST 2011
01/12/2011 09:56 PM, TAKAHASHI Motonobu пишет:
> 2011/1/12 Konstantin Boyandin <temmokan at gmail.com>:
>> smbldap-passwd may be called by non-root; thus,
>> must be world-readable, and it keeps the passwords as plain text.
> smbldap-passwd accesses to LDAP as a user who invoked itself.
> This behavior is different from Samba itself as always accesses as
> a user defined with "ldap admin dn".
> So simply set 600 to smbldap_bind.conf will solve the problem.
Yes, that did the trick, thank you!
I thought the bind configuration should also be world readable.
> Also you need to add "by self write" to both sambaLMPassword
> and sambaNTPassword.
Yes, that has been set up and tested before I posted the question.
More information about the samba