[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: Re: [Kolab-devel] [issue23] Passwords (and other datas) appear as
From: Bernhard Reiter <bernhard () intevation ! de>
Date: 2004-03-23 17:41:54
Message-ID: 200403231841.54508.bernhard () intevation ! de
[Download RAW message or body]
On Friday 19 March 2004 16:32, Martin Konold wrote:
> Am Mittwoch, 17. M=C3=A4rz 2004 16:43 schrieb Nathan Toone:
> > Passwords appear in LDAP as clear text as well - shouldn't it use
> > slappasswd to encrypt it before it sticks it into LDAP?
>
> Yes, this is a flaw in Kolab 1.0.
http://intevation.de/roundup/kolab/issue6
> Actually passwords should still not get diclosed to unpriviledged users
> because LDAP does prevent read access to the password attribute.
>
> On the other hand storing them in a hash (sha1) is the prefered way of
> Kolab 2.0.
>
> BTW: Of course a priviledged user e.g. root can always sniff the password
> even if a hash is used!
Also kolab maintainers (and admins) can see the password.
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic