Security issue with pam-krb5 ?
Matthijs Mohlmann
matthijs at active2.homelinux.org
Wed Aug 27 14:16:53 EDT 2003
I read an article about KerberosV and OpenLDAP. And i read the
following:
If you already have a database, but are using some other means of
storing the passwords, you will have to do some minor modifications to
the database. For example, my production server, which is a version
1.2.11 have the passwords in the LDAP database as '{crypt}CRYPTEDPW',
and is using libpam-ldap (and for migration purposes libpam-krb5 which
is NOT to recommend in a shared network environment since it binds in
clear text) to authenticate the users on all services (ssh/imap/pop/ftp
etc).
Am i right when i say libpam-krb5 send's the password cleartext over the
network ?
Source: http://www.bayour.com/LDAPv3-HOWTO.html
More information about the Kerberos
mailing list